Oh my goodness man, have you managed Amazon instances? Setting up VPCs, IGW, IAM, DNS, EBS Snapshots (and deletions until recent lifecycle), custom metric in coudwatch, and Security Groups is a seriously challenging task just to learn the basics, much less do it right, much less automate it.
It's not a bed of roses in the physical world either, but you're simply wrong to say it's easy in the "Cloud" and hard in a DC/Bare Metal.
(it was a joke.) There are a zillion things to think about if you're going to have even one machine public on the internet, regardless of the hosting solution. At a small organization there's always that one programmer that's like half sysadmin.
I find it amusing that people pretend without bare metal, you'll get all of that person's time back.
It's not a bed of roses in the physical world either, but you're simply wrong to say it's easy in the "Cloud" and hard in a DC/Bare Metal.