SQL injection is a coding problem. Any time you use string concatenation to construct a SQL statement using user supplied values, e.g.:
'select * from ... where c1 = ' || user_supplied_value
You're at risk.
Static ("plain") SQL which is a fixed (never changing) statement is safe.
For queries which take user input (show all orders for customer X, find all the products costing less than Y, etc.) you need to use bind variables. Depending on your programming language, the query above becomes something like:
'select * from ... where c1 = :user_supplied_value'
or
'select * from ... where c1 = ?'
or in PL/SQL you can use variables in static SQL and the database will bind them for you:
create or replace procedure p ( user_val int ) as
begin
select ...
where c1 = user_val;
end p;
Using a cloud platform won't make SQL injection "go away". You need to write safe code!