It really isn't that dire, AWS has Shield (or really just Cloudfront), GPC has Cloud Armor, Azure has "Azure DDoS Protection", everything on Digital Ocean is protected by default. And if you're on-prem or colo then even a modestly sized edge router can handle quite a bit of traffic. And if all you want is the CDN part and not origin protection then every commercial CDN does DDoS protection.
If you mean "providing expensive protection services for free on a $5/mo VPC" then sure Cloudflare might be your only bet.
Not a question of money. If i recall, all of these are as easy to reach for governments as cloudfare itself. Especially with the threat of KYC. Would be happy to be wrong here though.
"If a government decides they want you offline" is quite a big difference from the original "Once you get kicked off Cloudfare, thats mostly it for you".
Somebody else asked this but deleted before i could respond, so i am glad you asked.
Centralized DDOS protection and DDOS seem to be two sides of the same coin, so i dont understand what the distinction would entail.
edit: You could argue that DDOS is an equal opportunity tool, while the threat of getting kicked off cloudflare is reserved for a selected few. So the difference would be which is more at threat of getting exploited. Hope that helps.
If you mean "providing expensive protection services for free on a $5/mo VPC" then sure Cloudflare might be your only bet.