My sibling comment points out that Tor Cloud is discontinued anyway, but I have some concerns about running a relay on a cloud provider. If a lot of people do this, it seems like it could pose a risk to Tor users' anonymity.
Tor works by bouncing traffic across a few nodes. In an ideal case, these nodes are run by different people in different countries, so even if a vulnerability in a server or legal action exposes the traffic across a single relay, the other nodes are not accessible to the attacker and the users' anonymity is maintained.
If a large number of people start running nodes on cloud services, then this centralizes the nodes under the control of Amazon or whatever cloud provider. Even if you trust Amazon (there are many use cases where you shouldn't) a vulnerability in their cloud services could expose data from ALL of the nodes running on their cloud. I haven't done any specific analysis on this, but my guess is that if 5% of the nodes in the Tor relay system had their data completely exposed, the nodes would include all the nodes along routes for a significant number of users. Combine this with traffic analysis and other attacks, and even more users could be de-anonymized.
I'm by no means an expert on Tor, so I can't say with confidence whether or not this is a concern. Perhaps someone with more knowledge will weigh in.
One interesting thing I read recently is that, when building a circuit, Tor actively avoids picking more than one relay sharing a common attack vector.
Basically, it will not pick more than one relay with the same family id, router or /16 subnet.
Your point is still valid, since AWS and other big web hosts like OVH obviously have a lot of /16 subnets and distinct router addresses, but it's good to see this was anticipated by the design.
To be fair, I suspect there is already a similar problem simply due to economics: running a relay costs money, so the vast majority of relays are running in the first world, which correlates well with countries that have extradition treaties with the US, for example.
The node constructs the path it uses. As concentration in one area becomes a concern, those nodes can be identified as Amazon based on IP so clients know not to use more than 1 or 2 nodes there.
Tor works by bouncing traffic across a few nodes. In an ideal case, these nodes are run by different people in different countries, so even if a vulnerability in a server or legal action exposes the traffic across a single relay, the other nodes are not accessible to the attacker and the users' anonymity is maintained.
If a large number of people start running nodes on cloud services, then this centralizes the nodes under the control of Amazon or whatever cloud provider. Even if you trust Amazon (there are many use cases where you shouldn't) a vulnerability in their cloud services could expose data from ALL of the nodes running on their cloud. I haven't done any specific analysis on this, but my guess is that if 5% of the nodes in the Tor relay system had their data completely exposed, the nodes would include all the nodes along routes for a significant number of users. Combine this with traffic analysis and other attacks, and even more users could be de-anonymized.
I'm by no means an expert on Tor, so I can't say with confidence whether or not this is a concern. Perhaps someone with more knowledge will weigh in.