The operation of Puppet in the cloud is mostly similar to that in a physical data center. You can cope with the lack of semantic node names by forgoing the classic manifest structure that relies on
node blocks. The role of each instance can be configured using a Trusted Fact instead. Hiera should ignore hostnames so that roles become the most specific data hierarchy layer.
Certificate signing can be automated and secured through a preshared key. This is convenient for any cloud and an outright requirement if autoscaling is to be supported. Certificates' common names can and should be arbitrary in the cloud. Creating UUIDs for this purpose is a safe choice.
Puppet can keep adapting its catalogs to the cloudscape if you use PuppetDB and enrich ...