AWS, GCP, and Azure: Service-by-Service Mapping for Architects
Once you understand why each hyperscaler exists, you still need a Rosetta stone for what to provision. This reference maps core categories—compute through AI—to their AWS, Google Cloud, and Azure equivalents, with notes on when the match is close versus approximate.
In short
Most building blocks have a parallel on all three clouds; names and defaults differ. Prefer portable patterns (Kubernetes, Postgres, S3-compatible APIs) where exit matters; embrace managed proprietary services where they buy clear operational wins.
Read Part 1: depth comparison for philosophy, enterprise fit, and selection criteria. Tables use current product names—verify in official docs before exams or procurement.
Compute
| Capability | AWS | GCP | Azure |
|---|---|---|---|
| Virtual machines | EC2 | Compute Engine | Virtual Machines |
| Auto scaling groups | Auto Scaling + EC2 | MIG (Managed Instance Groups) | VM Scale Sets |
| Spot / preemptible | EC2 Spot | Spot VMs / Preemptible | Spot VMs |
| Serverless functions | Lambda | Cloud Functions | Azure Functions |
| Container platform (managed) | ECS, Fargate | Cloud Run | Container Apps |
| Kubernetes | EKS | GKE | AKS |
| PaaS (code deploy) | Elastic Beanstalk, App Runner | App Engine | App Service |
| Batch / HPC | AWS Batch | Batch | Azure Batch |
Notes: GKE is often cited as the most integrated Kubernetes experience; AKS simplifies Windows node pools; EKS has the largest third-party add-on ecosystem. Fargate and Cloud Run both abstract nodes but differ in pricing and networking models.
Networking
| Capability | AWS | GCP | Azure |
|---|---|---|---|
| Virtual network | VPC | VPC | Virtual Network (VNet) |
| Subnets | Subnet (per AZ) | Subnet (regional) | Subnet |
| Load balancer (L4/L7) | ELB (ALB/NLB/CLB) | Cloud Load Balancing | Load Balancer, App Gateway |
| CDN | CloudFront | Cloud CDN | Azure CDN / Front Door |
| DNS | Route 53 | Cloud DNS | Azure DNS |
| Private connectivity | PrivateLink, VPC endpoints | Private Service Connect | Private Link |
| VPN / dedicated line | Site-to-Site VPN, Direct Connect | Cloud VPN, Cloud Interconnect | VPN Gateway, ExpressRoute |
| Firewall / WAF | WAF, Network Firewall, Shield | Cloud Armor, Cloud NGFW | WAF, Firewall, DDoS Protection |
| API gateway | API Gateway | API Gateway | API Management |
GCP subnets are regional (one CIDR spans zones); AWS subnets are AZ-scoped. Azure Front Door is a global entry point comparable to CloudFront plus routing intelligence. For landing-zone design on AWS, see network architecture.
Storage
| Capability | AWS | GCP | Azure |
|---|---|---|---|
| Object storage | S3 | Cloud Storage | Blob Storage |
| Block volumes | EBS | Persistent Disk | Managed Disks |
| File / NAS | EFS, FSx | Filestore | Azure Files |
| Archive / cold | S3 Glacier | Archive / Coldline | Archive / Cool tier |
| Hybrid transfer | Storage Gateway, Snowball | Transfer Appliance | Data Box |
| Backup service | AWS Backup | Backup and DR | Azure Backup |
S3 remains the de facto API reference; many tools speak S3-compatible protocols to GCS and Blob via adapters. For Kubernetes volumes, compare PV, PVC, and StorageClass with each cloud’s CSI drivers.
Databases and caching
| Capability | AWS | GCP | Azure |
|---|---|---|---|
| Managed PostgreSQL | RDS, Aurora PostgreSQL | Cloud SQL, AlloyDB | Azure Database for PostgreSQL |
| Managed MySQL | RDS, Aurora MySQL | Cloud SQL | Azure Database for MySQL |
| Managed SQL Server | RDS SQL Server | Cloud SQL SQL Server | Azure SQL |
| Global SQL / NewSQL | Aurora Global | Cloud Spanner | Azure SQL (geo-replication) |
| NoSQL document | DynamoDB | Firestore | Cosmos DB |
| Wide-column | Keyspaces (Cassandra) | Bigtable | Cassandra on Cosmos / VMs |
| In-memory cache | ElastiCache (Redis/Memcached) | Memorystore | Azure Cache for Redis |
| Data warehouse | Redshift | BigQuery | Synapse Analytics |
| Search | OpenSearch Service | Elastic (partner) / self-managed | Azure AI Search |
Approximate matches: DynamoDB and Cosmos DB both offer low-latency scale but different consistency models and APIs. BigQuery and Redshift both serve analytics; BigQuery separates storage and compute more aggressively. AlloyDB targets PostgreSQL-compatible OLTP with Google-scale replication.
Identity, access, and secrets
| Capability | AWS | GCP | Azure |
|---|---|---|---|
| Core IAM | IAM (users, roles, policies) | Cloud IAM | Azure RBAC + Entra ID |
| Organization hierarchy | Organizations, SCPs | Organization policies | Management groups, Azure Policy |
| Federation / SSO | IAM Identity Center | Workforce Identity Federation | Entra ID SSO |
| Workload identity | IAM roles for service accounts | Workload Identity | Managed identities |
| Secrets | Secrets Manager, SSM Parameter Store | Secret Manager | Key Vault |
| KMS / encryption keys | KMS | Cloud KMS | Key Vault keys |
| Directory / B2C | Cognito | Identity Platform | Entra External ID |
AWS policy JSON is its own language—see IAM policy anatomy. Azure RBAC is role-based at resource scope; GCP IAM binds roles to principals on resources.
Messaging, events, and integration
| Capability | AWS | GCP | Azure |
|---|---|---|---|
| Pub/sub | SNS + SQS (patterns) | Pub/Sub | Service Bus, Event Grid |
| Queue | SQS | Pub/Sub subscriptions | Service Bus queues |
| Event bus | EventBridge | Eventarc | Event Grid |
| Streaming | Kinesis Data Streams | Pub/Sub, Dataflow | Event Hubs |
| Workflow orchestration | Step Functions | Workflows | Logic Apps, Durable Functions |
| ETL / integration | Glue, AppFlow | Dataflow, Data Fusion | Data Factory |
Observability and operations
| Capability | AWS | GCP | Azure |
|---|---|---|---|
| Metrics & dashboards | CloudWatch | Cloud Monitoring | Azure Monitor |
| Logging | CloudWatch Logs | Cloud Logging | Log Analytics |
| Tracing | X-Ray | Cloud Trace | Application Insights |
| Alerting | CloudWatch Alarms | Alerting policies | Monitor alerts |
| Infrastructure as code | CloudFormation, CDK | Deployment Manager, Terraform | Bicep, ARM, Terraform |
| CI/CD | CodePipeline, CodeBuild | Cloud Build | Azure DevOps, GitHub Actions |
OpenTelemetry is portable across all three; managed backends differ.
Security and governance
| Capability | AWS | GCP | Azure |
|---|---|---|---|
| Posture / CSPM | Security Hub, Config | Security Command Center | Defender for Cloud |
| Threat detection | GuardDuty | Event Threat Detection | Defender for Cloud |
| Vulnerability scanning | Inspector | Container Analysis | Defender vulnerability mgmt |
| Policy as code | SCPs, Access Analyzer | Org Policy | Azure Policy |
| HSM | CloudHSM | Cloud HSM | Dedicated HSM |
Shared responsibility applies everywhere—see cloud security foundations.
AI, ML, and data science
| Capability | AWS | GCP | Azure |
|---|---|---|---|
| Managed notebooks | SageMaker Studio | Vertex AI Workbench | Azure ML compute instances |
| Training / MLOps | SageMaker | Vertex AI | Azure Machine Learning |
| Foundation model APIs | Bedrock | Vertex AI (Gemini) | Azure OpenAI Service |
| Speech / vision APIs | Rekognition, Transcribe | Vision, Speech APIs | Azure AI services |
See ML foundations and generative AI for AWS depth; Vertex and Azure OpenAI are the usual GCP/Azure starting points for GenAI.
DevOps, registry, and artifacts
| Capability | AWS | GCP | Azure |
|---|---|---|---|
| Container registry | ECR | Artifact Registry | ACR |
| Package / artifact repo | CodeArtifact | Artifact Registry | Artifacts (Azure DevOps) |
| Configuration management | Systems Manager | OS Config | Automation, Guest Config |
How to use this mapping in practice
- Start with capability, not logo. Define the job (regional SQL, global NoSQL, batch ETL) then pick the row.
- Check region availability for your short list before design sign-off.
- Prototype pricing with each provider’s calculator using your traffic shape.
- Prefer open interfaces where teams may switch clouds: Postgres, Kafka protocol, S3 API, Kubernetes, OpenTelemetry.
- Document exceptions where you accept lock-in (DynamoDB access patterns, BigQuery SQL, Entra conditional access).
Further reading
- AWS, Google Cloud, and Microsoft Learn — official documentation and learning paths
- Each provider’s architecture center and reference architectures
- AWS data engineering — pipelines and lakes on AWS (patterns often translate)
Blog index · Part 1: Depth comparison · Cloud platform evolution