> In the first case, we would need to keep hundreds of DNS records in sync and double our SSL certificates;
The first thing is admittedly a PITA, but SSL certificates should not be a problem. Either you use LetsEncrypt which automates the pain away anyway or you do the sane thing and buy a wildcard cert - this has the added advantage that no one can run a service discovery by simply grepping a CT log. Yes, I know, security by obscurity, but scriptkiddies will go for the low hanging fruit first, and having your domains show up in CT logs is ultra low hanging fruit.
> secondly we would need to only change our infrastructure to not use any Route53 specific feature
You should not be locked in to Amazon (or for that matter any Cloud provider) anyway, given how easy it is to get banned from them (hint: it's enough if your Google account manages also the Youtube channel and videos on it get striked too often).
> Using a widely used TLD like .com/.net/.org is the best and easiest way to ensure reliability.
Another caveat right here: .com and .net are operated by Verisign, while .org is operated by PIR. You should always take care to choose a different operator for the backup TLD!
author here: About your second point. We spend quite some money on AWS every month. As long as we keep paying our bills, I don't see why they would want to cut us loose.
> As long as we keep paying our bills, I don't see why they would want to cut us loose.
I can imagine a competitor trying to boot you off by bombarding their abuse team with bogus complaints and triggering automated actions. It's been done in the past, the problem is that all major companies (not just hosting, but ANY large company!) try to save on actual customer support and even more on stuff they can't bill to the customer, like a properly staffed abuse team.
The first thing is admittedly a PITA, but SSL certificates should not be a problem. Either you use LetsEncrypt which automates the pain away anyway or you do the sane thing and buy a wildcard cert - this has the added advantage that no one can run a service discovery by simply grepping a CT log. Yes, I know, security by obscurity, but scriptkiddies will go for the low hanging fruit first, and having your domains show up in CT logs is ultra low hanging fruit.
> secondly we would need to only change our infrastructure to not use any Route53 specific feature
You should not be locked in to Amazon (or for that matter any Cloud provider) anyway, given how easy it is to get banned from them (hint: it's enough if your Google account manages also the Youtube channel and videos on it get striked too often).
> Using a widely used TLD like .com/.net/.org is the best and easiest way to ensure reliability.
Another caveat right here: .com and .net are operated by Verisign, while .org is operated by PIR. You should always take care to choose a different operator for the backup TLD!