Okay, so many tennants are on the same BigQuery/Dynamo machine sharing cores.

If the API is "SQLish queries", I have a hard time believing you are going to be able to trigger these kind of attacks. You need a tight loop of carefully constructed code to flip them, no?