... or am I arguing an authentication technology that was never prepared for Cloud driven services?
SPF is not really an authentication technology. It does not authenticate who is sending the mail but only limits from which IP addresses the mail can be sent from and thus tries to limit misuse of your domain as the claimed sender of spam and phishing.
If they gave me companyx.amazonses.com I would be a tad more interested in including this.
There is no reason to believe that this would be more safe just because the company name is included in the domain name. The real question is which IP addresses are covered by the SPF (i.e. allowed to send mail for this domain) and one might simply set this "company record" to be the same as the global amazonaws record.
If you use the cloud to send mail you are usually doing this to profit from its advantages, i.e. flexibility, scalability, fault tolerance, low latency due to geographic routing etc. But, to implement these advantages it might be necessary to have lots of IP addresses and be flexible in which tasks are assigned to which IP address.
This means that the IP address might be an overly broad trust anchor when using cloud infrastructure. Instead or additionally you should rely on system specific instead IP specific restrictions. This can be done using DKIM where the outgoing mail system signs the mail and the recipient can check that it was actually signed by the mail system belonging to the sender. Both of DKIM and SPF can be combined with DMARC for even better protection against misusing your domain name for spamming and phishing.
In short: don't complain that SPF is insufficient and not designed for the cloud. Instead use DKIM and DMARC in addition to SPF.