The same amount is needed as on any other non-cloud platform.
The first things which come to mind are roles/permissions, AV, database injection, ddos, resource monitoring (limiting server costs), private ssh keys, https vs http, VPN / NAT / routing, etc.
The cloud platforms often have tools to help mitigate these things but they aren't necessarily on by default and you still have to monitor and build a secure app.
It's pretty easy for a burglar to enter your house if you leave the door open.
Brandon
Frontend Developer