CloudFlare is going to have someone talking directly to a CloudFlare IP address, so it’s going to be visible.

AWS or GCP provide servers which might be behind something like CloudFlare. If they were deployed like that, I don’t believe that there’d be a straightforward way to determine that that’s where the server is hosted.

If it’s directly-accessible, and not using a CDN like CloudFlare, then it’d work the same way as if you were checking whether they’re using CloudFlare, just do a whois query on its IP address. I don’t know a real instance offhand directly-accessible on AWS, but to grab a random AWS hostname and Google Cloud Platform hostname:

$ host ec2-23-20-1-1.compute-1.amazonaws.com.
ec2-23-20-1-1.compute-1.amazonaws.com has address 23.20.1.1
$ whois 23.20.0.0|grep ^NetName
NetName:        AMAZON-EC2-USEAST-10
NetName:        AMAZON-IAD
$ host 3.192.170.108.bc.googleusercontent.com
3.192.170.108.bc.googleusercontent.com has address 108.170.192.3
$ whois 108.170.192.3|grep ^NetName
NetName:        GOOGLE
$

For a real host, we can just ad-hoc scrape lemmy.world’s instance list:

$ curl -s https://lemmy.world/instances |tr '}' '\n'|grep -o 'domain":".[^"]*'|sed 's/domain":"//' >threadiverse-hosts.txt
$ xargs <threadiverse-hosts.txt -n1 host -- >threadiverse-hosts-resolved.txt
$ grep "has address" threadiverse-hosts-resolved.txt |cut -d" " -f4|xargs -n1 host -- >threadiverse-hosts-reverse-resolved.txt
$ grep amazonaws.com threadiverse-hosts-reverse-resolved.txt|head -n1
75.184.193.54.in-addr.arpa domain name pointer ec2-54-193-184-75.us-west-1.compute.amazonaws.com.
$ grep 54.193.184.75 threadiverse-hosts-resolved.txt|head -n1
c63b-77-100-144-83.ngrok-free.app has address 54.193.184.75
$

So there’s the hostname of a real instance using AWS directly, c63b-77-100-144-83.ngrok-free.app.

$ host c63b-77-100-144-83.ngrok-free.app|head -n1
c63b-77-100-144-83.ngrok-free.app has address 184.72.44.51
$ whois 184.72.44.51|grep ^NetName
NetName:        AMAZON-EC2-7
NetName:        AMAZON-SFO
$