Your home network and a cloud datacenter aren’t comparable. Many clouds have host level firewall policies as a core feature, and anyone competent is managing them profile-style using Terraform or an equivalent. It’s really quite easy from that perspective.
You really are refusing to listen to what people are telling you.
I have an Internet router, which uses NAT for IPv4, same as everyone else. If I want to punch a hole through for something like RDP or SSH, I have to use unique port numbers because I only have one Internet-facing IP address. Because there are only 3 billion IPv4 addresses for the whole World, all of them are regularly scanned by Bad People for open ports, making this RISKY.
I also have IPv6 enabled on it. No NAT. If I want to punch a hole through for RDP or SSH, I can use the standard ports because each device has a unique Internet-facing IP address. My router alone has 2^64 (millions of trillions) of unique addresses, of which a random 5 or 6 have been allocated. There is no way anyone ever is going to be able to scan these. I can SAFELY open standard port numbers and not have to worry about drive-by attacks.
THERE IS NO OTHER DIFFERENCE.
The router works the same, the firewall works the same, the Internet works the same, the GUI is the same. IT IS ALL THE SAME!
NAT is not magic. It is not a firewall. It is not necessary. It is not beneficial.
Nobody is stopping you from running a NAT gateway until 2120 at home. IPv6 solves specific problems in a datacenter context, namely address exhaustion. You'll never run into that problem at home.
