Quick Take:
|
The tech industry has long described ‘the cloud’ as something abstract, distributed, and untouchable. The events of March 1-2, 2026 shattered that assumption in real time. Iranian drone strikes hit three Amazon Web Services (AWS) data centres — two in the United Arab Emirates and one in Bahrain — taking critical infrastructure offline, triggering banking app outages across the Gulf, shutting the UAE stock market, and forcing cloud architects worldwide to confront a question the industry had never had to answer seriously: what happens when a war zone swallows a cloud region?
AWS confirmed structural damage, disrupted power delivery, fire suppression activities, and resulting water damage. In the UAE’s ME-CENTRAL-1 region, two of three Availability Zones went offline simultaneously — a failure mode the multi-AZ architecture was explicitly not designed to handle. The cloud provider advised all customers with Middle East workloads to immediately migrate to alternate regions, naming the US, Europe, and Asia Pacific as safe destinations. In that conversation, India emerged with new urgency — not just as a contingency option, but as the closest viable alternative with sufficient latency profile and submarine cable connectivity to handle rerouted Gulf enterprise workloads.
StartupFeed Insight
| This is not just a cloud outage story. It is a ‘critical infrastructure as military target’ story.
The drone strikes on AWS UAE and Bahrain represent a geopolitical watershed for the data centre industry. For decades, the implicit assumption was that commercial cloud infrastructure — serving banks, hospitals, governments, and ordinary consumers — existed in a protected category, separate from military targets. That assumption has now been formally invalidated. Iran’s IRGC explicitly cited the Bahrain facility’s alleged role in supporting US military and intelligence operations as the justification for the strike. Whether that specific claim is accurate or not, the precedent is established: data centres are now legitimate military targets. For India, the implications are two-sided. The positive: India has become the natural alternative hosting location for Gulf enterprise workloads seeking safety. The submarine cable infrastructure, the 6 AWS AZs already operational, and the $270 Bn committed investment pipeline make India structurally ready to absorb rerouted demand. The cautionary: India is not geopolitically risk-free. India-Pakistan tensions are a permanent feature of the regional security environment. India-China border tensions flared in 2020 and have not fully dissipated. Mumbai, Chennai, and Bengaluru — India’s three anchor data centre markets — are all coastal cities with submarine cable infrastructure that is itself a potential target. Capacity Global’s analysis put it plainly: geopolitical risk doesn’t disappear, it just shifts shape. Our verdict: The Middle East strikes will accelerate India’s data centre investment cycle by 18-24 months. The rerouting of Gulf workloads will be temporary — but the enterprise conversations about long-term backup infrastructure in India that result from those temporary migrations will not be. The CTO of every Gulf bank that experienced outages on March 2 is now building a multi-region DR plan. India is on that plan. |
The Incident: What Happened on March 1-2, 2026
The strikes were part of Iran’s broader retaliatory campaign against US and Israeli military positions across the Gulf region. In response to US-Israeli strikes on Iran, Tehran launched a series of missile and drone attacks against targets in the UAE, Bahrain, Saudi Arabia, Kuwait, and Qatar. The AWS data centres — large, fixed, clearly mapped facilities — were among the targets hit.
| Timeline / Event | Details |
|---|---|
| March 1, late hours | Iranian drone strikes hit AWS facilities in UAE. Sparks and fire reported at UAE data centres. AWS reports mec1-az2 and mec1-az3 ‘significantly impaired’. Fire department cuts power and extinguishes fire |
| March 2, ~0656 UTC | AWS Bahrain (ME-SOUTH-1) mes1-az2 AZ reports ‘localised power issue’ following Iranian strike near US Navy Fifth Fleet HQ in Manama, Bahrain |
| March 2, ~1846 UTC | Power disruptions in UAE spread to mec1-az3, the third AZ, significantly impacting S3 storage (designed to survive loss of only one zone). All three AZs in UAE now impaired in some capacity |
| March 2, ongoing | Abu Dhabi Commercial Bank, Emirates NBD, First Abu Dhabi Bank report banking app outages. Careem (ride-hailing), Alaan, Hubpay (payments), Snowflake (data cloud) all report service disruptions. UAE stock market forced to halt due to technology outages. Dubai airport operations disrupted |
| March 3, AWS statement | AWS formally confirms: ‘Two data centers in the UAE were directly struck. One in Bahrain was damaged by a nearby strike. Structural damage, disrupted power delivery, fire suppression activities, and additional water damage’. 34 services degraded in UAE region; 25 disrupted |
| March 3+, customer advisory | AWS: ‘We strongly recommend customers with workloads running in the Middle East take action now to migrate workloads to alternate AWS Regions. AWS infrastructure is designed to be resilient, but given the uncertainty of the current situation, we encourage customers to replicate S3 data from ME-SOUTH-1 to another AWS Region’ |
| March 5+, IRGC claim | Iran’s Fars News Agency states on Telegram that the Bahrain facility was deliberately targeted to ‘identify the role of these centers in supporting the enemy’s military and intelligence activities’. AWS declines to comment. Bahrain hosts the US Navy’s Fifth Fleet at NSA Bahrain, adjacent to commercial infrastructure |
Why Multi-AZ Architecture Failed: The Design Assumption That Broke
AWS’s multi-AZ (Availability Zone) architecture is the foundational resilience model of cloud computing. A region consists of a minimum of three physically separate AZs, each located far enough apart that a natural disaster — a flood, earthquake, or power outage — affecting one will not affect another. The AZs are close enough (within 100 km) to maintain low latency between them. The model is specifically designed to make a single AZ failure transparent to the customer.
What the model was not designed for was a coordinated military strike on multiple AZs within the same region simultaneously. As Harshwardhan Choudhary of ABN AMRO Clearing Bank noted in his post-incident analysis: ‘Multi-AZ is NOT disaster recovery. It protects you from hardware failures, not a missile hitting an entire availability zone cluster in the same city.’ The practitioner community had long joked that it would take a meteor strike to take out an entire AWS region. A few drones accomplished what a meteor could not be reliably counted on to do.
| Failure Mode | Designed For | Not Designed For |
|---|---|---|
| Single AZ hardware failure | YES — standard redundancy. Automatic failover to other AZs | N/A |
| Power outage (local grid) | YES — UPS, backup generators cover single-AZ events | Large-scale grid disruption across a metro area |
| Natural disaster (flood, earthquake) | PARTIAL — AZ separation reduces risk if disaster is geographically bounded | Disaster affecting entire metro area or 100 km radius |
| Fire / cooling failure | YES — individual facility failure is survivable | Fire at multiple AZs from fire-suppression water damage cascade |
| Military strike on one AZ | NOT EXPLICITLY — but single-AZ failure is handled | Coordinated multi-AZ strikes within one region (precisely what happened) |
| Full region-level event | Customers are advised to architect across REGIONS (not just AZs) for this level of resilience | Entire region offline while conflict continues to make recovery timeline unpredictable |
Key architectural lesson from March 2:
|
India in Focus: The Closest Safe Alternative
For Gulf enterprises and governments migrating workloads away from the damaged AWS regions, India offers the closest viable alternative with comparable latency to the Middle East. Routing traffic to European regions or the US adds 80-120ms of latency — significant for banking, payments, and real-time applications. India’s Mumbai landing stations are connected directly to the Gulf via established submarine cable routes, and the network path already exists.
Industry executives confirmed to Economic Times that immediate capacity is being sought in Mumbai, Chennai, Hyderabad, and Kochi to reroute critical workloads, especially for banking clients. India currently hosts 6 of AWS’s 41 Availability Zones in the Asia Pacific region and 7 of 23 edge network locations. While the rerouting is expected to be temporary, enterprise conversations about building long-term backup infrastructure in India — triggered by the March 2 stress test — are expected to translate into permanent investment decisions.
India’s Data Centre Build: $270 Bn in Committed Capital
| Metric / Investor | Details |
|---|---|
| Current Capacity (Q2 2025) | 1.4 GW IT load across operational data centres |
| Target Capacity (2030) | 5-10 GW (various forecasts); $270 Bn in committed investments by global hyperscalers and Indian conglomerates |
| AWS — Hyderabad | Rs 60,000 Cr ($7.2 Bn) investment agreed Jan 2025. Hyderabad region expanding significantly. AWS India hosts AP-SOUTH-1 (Mumbai) and AP-SOUTH-2 (Hyderabad) |
| Microsoft Azure — India | $17.5 Bn over CY2026-2029 (largest Asia investment). India South Central region (Hyderabad, 3 AZs) going live mid-2026. Existing regions: Chennai, Hyderabad, Pune. Sovereign cloud capability now live in India |
| Reliance Industries — Jamnagar | 1 GW data centre announced Jan 2025. Partnership with NVIDIA. Powered by renewable energy. Would triple India’s total data centre capacity once operational |
| AdaniConneX + Google AI Campus | India’s largest AI data centre campus. 50:50 JV between Adani Enterprises and EdgeConneX. Google partnership. Multiple locations |
| OpenAI — India | Announced plans to build 1 GW capacity data centre in India. Discussions reported with Indian government on AI infrastructure |
| Yotta Infrastructure | Rs 39,000 Cr committed investment in data centre parks across India |
| Airtel Nxtra, NTT, STT GDC, CapitaLand | Multiple players expanding across Chennai, Pune, Bengaluru, Hyderabad, Navi Mumbai |
| Mumbai dominance | 52% of India’s total data centre capacity. Navi Mumbai: 3rd largest data centre market in Asia-Pacific. Multiple submarine cable landing stations |
| Chennai — rising | 21% of India’s capacity. Second-highest number of undersea cables after Mumbai. Projected to become second-largest market by 2030 |
| Hyderabad — AI hub | AWS + Microsoft both expanding. CtrlS Chandan Valley: 40 acres, 612 MW IT capacity under development. AWS Rs 60,000 Cr commitment |
| Latency advantage vs alternatives | Mumbai to Gulf: ~35-45ms | Mumbai to Singapore: ~30ms | Mumbai to Frankfurt: ~110ms | Mumbai to US East: ~180ms. India is the only Asia Pacific option with sub-50ms Gulf connectivity |
The Choke Points: Red Sea Cables and the Strait of Hormuz
The AWS data centre strikes are part of a larger infrastructure vulnerability that the Middle East conflict has exposed. Seventeen submarine cables pass through the Red Sea, carrying the majority of data traffic between Europe, Asia, and Africa. With Iran’s closure of the Strait of Hormuz and renewed Houthi threats in the Red Sea, both critical data choke points are simultaneously in active conflict zones.
Doug Madory, Director of Internet Analysis at Kentik, stated: ‘Closing both choke points simultaneously would be a globally disruptive event. I’m not aware of that ever happening.’ India’s geographic position — sitting east of both choke points, with Mumbai and Kochi connected to both Gulf and Southeast Asia-facing cable systems — means that India’s connectivity remains viable even in a scenario where Red Sea and Strait of Hormuz routes are significantly disrupted.
| Infrastructure Choke Point | Current Risk and India Context |
|---|---|
| Red Sea Submarine Cables (17 cables) | Carry majority of Europe-Asia-Africa data traffic. Houthi activity in Red Sea creates physical interdiction risk for cable maintenance vessels. Disruption would force traffic via Cape of Good Hope (adds 100-200ms latency) or via India’s east coast cables |
| Strait of Hormuz | Iran closed Strait in response to US-Israeli strikes. 20% of global LNG transit + semiconductor chemical shipments (HF acid, specialty gases) route through Strait. Closure disrupts both energy supply and fab chemical supply chains for Middle East data centres |
| UAE/Bahrain Data Centre Cluster | ME-CENTRAL-1 and ME-SOUTH-1 now both degraded. The Gulf’s aspiration to become the AI infrastructure crossroads between Europe and Asia faces existential credibility challenge |
| India’s Cable Positioning | Mumbai + Kochi + Chennai connected to SEA-ME-WE 5, SEA-ME-WE 6, FALCON, I2I, SMW3, IMEWE cables. Multiple paths to Europe, Middle East, and Southeast Asia reduce single-choke-point dependency |
| India-Pakistan / India-China Risk | India is not geopolitically neutral. India-Pakistan nuclear-armed confrontation remains a low-probability, high-impact risk that cloud architects must weight. India-China border tensions (2020 Galwan, ongoing) add to risk calculus |
What Enterprises Must Do: The DR Playbook, Rewritten
For every CTO, cloud architect, and infrastructure lead watching the March 2 outage unfold in real time, the stress test produced four irreversible lessons.
| Lesson 1: Multi-AZ is not DR. Plan for multi-region.
Architect critical workloads across at least two geographically separated AWS regions (or equivalent on Azure/GCP). For Gulf enterprises, this means Mumbai or Singapore as the warm standby. Active-active is better than active-passive for zero-RPO (Recovery Point Objective) applications. Lesson 2: Test your DR plan quarterly, not annually. Ninety percent of enterprises that had DR documentation failed to execute migration quickly during the March 2 incident because the process had never been tested under time pressure. A DR plan that exists only as a document is not a DR plan; it is a compliance artefact. Lesson 3: Know your data residency rules before the missiles fly. UAE and Bahrain have data localisation requirements for financial services and government data. Migrating to Mumbai during a crisis may bring services online, but it may violate local law. Every enterprise operating in regulated sectors must pre-negotiate regulatory carve-outs for crisis migration — ideally obtaining pre-approval from regulators for specific named backup regions. Lesson 4: Review your insurance. War exclusions are standard. Standard property and business interruption insurance excludes acts of war. Companies operating in conflict-adjacent regions need specialised war-risk policies. The March 2 strikes will trigger a wave of claims — and a wave of coverage denials — that will reshape how the data centre industry structures its insurance. |
India’s Opportunity — and Its Caveats
| India Data Centre Strength | India Data Centre Risk |
|---|---|
| Closest viable alternative to Gulf with sub-50ms latency | India-Pakistan and India-China geopolitical risk; not geopolitically neutral |
| $270 Bn committed investment; 6 AWS AZs operational in AP | Current 1.4 GW capacity may face absorption constraints for large sudden demand surge |
| Submarine cable connectivity to Gulf, SE Asia, Europe | Red Sea cable vulnerability affects Gulf-to-India routes too, though India has cable path diversity |
| Stable democratic governance; US-aligned under iCET framework | Draft National Data Centre Policy still not finalised; regulatory unpredictability vs Singapore |
| Deep engineering talent pool; cost-competitive | Water stress in Mumbai, Chennai, Bengaluru is a real constraint for AI workload cooling |
| India’s data sovereignty laws incentivise local storage of Indian data | DPDP Act (Digital Personal Data Protection) creates compliance complexity for foreign data rerouted into India |
| Microsoft’s India South Central (Hyderabad, 3 AZs) going live mid-2026 — adds significant capacity | Long build timelines mean committed investment does not translate to immediate available capacity |
What’s Next: The Industry Reckoning
The March 2 AWS strikes have triggered a series of irreversible industry shifts that will play out over the next 12-36 months.
|
The cloud was supposed to be everywhere and nowhere — infinitely resilient, geographically diffuse, impossible to disrupt. It turns out the cloud is somewhere specific. It has an address. That address can be hit. The March 2 strikes did not break cloud computing — but they permanently changed the conversation about where it should live, how it should be protected, and which countries are best positioned to host the next generation of digital infrastructure. For India, the answer has never been clearer.
