Cloud Services Cheat Sheet
AWS, GCP, and Azure equivalents — explained in plain English. Understand what each service does and when you'd use it.
AWS GCP Azure
| Category | AWS | GCP | Azure | Plain English | When you'd use it |
|---|---|---|---|---|---|
| Virtual Machines | EC2 | Compute Engine | Azure VMs | A computer you rent in the cloud. You choose the OS, CPU, RAM and pay per hour. | Running a custom application, database, or legacy workload that needs full OS control. Also the building block for almost everything else in the cloud. |
| Managed Kubernetes | EKS (Elastic Kubernetes Service) | GKE (Google Kubernetes Engine) | AKS (Azure Kubernetes Service) | Kubernetes without managing the control plane. The cloud provider handles the master nodes — you just deploy workloads. | Running containerised microservices at scale. When you need autoscaling, rolling deployments, and service discovery without managing Kubernetes masters yourself. |
| Serverless Functions | Lambda | Cloud Functions | Azure Functions | Run code without managing servers. You upload a function, define a trigger, and pay only when it runs. | Event-driven workloads: processing a file upload, responding to a webhook, running scheduled jobs. Bad fit for long-running processes (>15 min) or high-frequency, latency-sensitive APIs. |
| Container Hosting (PaaS) | ECS / App Runner | Cloud Run | Azure Container Apps | Run a Docker container without managing infrastructure. Simpler than Kubernetes — you give it a container image and it handles scaling. | Deploying a web API or microservice via Docker without the operational overhead of Kubernetes. Great middle ground between serverless and full Kubernetes. |
| Object Storage | S3 (Simple Storage Service) | Cloud Storage | Azure Blob Storage | A bucket to store any file — images, videos, backups, logs — at unlimited scale. Files are accessed via HTTP URL. | Storing static assets (CSS, JS, images), user-uploaded files, ML datasets, backups, and build artifacts. Very cheap storage, designed for massive scale. |
| Managed Database (SQL/Relational) | RDS (Relational Database Service) | Cloud SQL | Azure SQL Database | A fully managed relational database (PostgreSQL, MySQL, SQL Server). The cloud patches, backs up, and monitors it. | Any app needing a relational database without a DBA managing it. RDS/Cloud SQL support PostgreSQL, MySQL, MariaDB. Azure SQL also offers SQL Server as a managed service. |
| Globally Distributed SQL | Aurora (Global Database) | Cloud Spanner / AlloyDB | Azure Cosmos DB (PostgreSQL API) | SQL databases that scale globally with low-latency reads across multiple regions — without sacrificing ACID transactions. | Globally distributed applications that need strong consistency. Google Spanner was built for Google Ads and is the gold standard for global relational databases. |
| Document / NoSQL Database | DynamoDB | Firestore | Cosmos DB | Flexible document or key-value stores — schema-less JSON documents. No JOINs, but horizontal scale and fast lookups by key. | Applications with variable schemas, high write throughput, or needing single-digit millisecond reads at any scale. DynamoDB is the go-to for AWS serverless apps. |
| Managed Cache | ElastiCache (Redis / Memcached) | Memorystore | Azure Cache for Redis | A managed in-memory key-value store for caching. Dramatically speeds up database queries and session storage. | Caching expensive database queries, storing user sessions, implementing rate limiting, or as a pub/sub message broker. |
| Message Queue / Event Streaming | SQS (queue) + SNS (pub/sub) + Kinesis (streaming) | Pub/Sub + Dataflow | Service Bus + Event Hub | Reliably pass messages between services. Queues deliver each message once (SQS). Event streams replay messages and fan out to many consumers (Kafka-like). | Decoupling microservices, processing background jobs, event sourcing, and real-time data pipelines. Kafka (self-hosted or via Confluent) is the de-facto standard for high-volume streaming. |
| DNS | Route 53 | Cloud DNS | Azure DNS | Translates domain names (api.example.com) into IP addresses, and routes traffic based on rules (geolocation, latency, failover). | Always — Route 53 doubles as a domain registrar and supports health-check-based failover routing. |
| CDN (Content Delivery Network) | CloudFront | Cloud CDN | Azure CDN / Front Door | Serves your static files (images, CSS, JS) from an edge server near the user — dramatically reducing load times globally. | Any public-facing web app. Put your S3 bucket or container behind CloudFront to get HTTPS, caching, and global distribution. |
| Load Balancer | ALB (Application Load Balancer) / NLB | Cloud Load Balancing | Azure Load Balancer / Application Gateway | Distributes incoming HTTP requests across multiple backend instances. Also terminates TLS, routes by path, and checks instance health. | Anytime you run more than one instance of a service. Also required for auto-scaling groups to work. |
| Identity & Access Management | IAM (Identity and Access Management) | IAM (Cloud IAM) | Azure AD / Entra ID + RBAC | Controls who (users, services, machines) can do what (read, write, delete) on which resources. The security foundation of every cloud account. | Always. Principle of least privilege: every service and user gets only the permissions it needs — nothing more. |
| Container Registry | ECR (Elastic Container Registry) | Artifact Registry | Azure Container Registry | Stores your Docker images privately. Your CI pipeline pushes images here after building; Kubernetes pulls from here when deploying. | Every project using Docker. Using the same cloud's registry reduces latency and avoids egress charges when running in that cloud. |
| Secret Management | Secrets Manager + Parameter Store | Secret Manager | Azure Key Vault | Stores credentials, API keys, and certificates securely — with access control, automatic rotation, and audit logging. | Never store secrets in environment variables or code. Use a secret manager so you can rotate, audit, and revoke them without redeploying. |
| Monitoring & Observability | CloudWatch | Cloud Monitoring + Cloud Logging | Azure Monitor | Collects metrics, logs, and traces from your services. Lets you set alerts and create dashboards for system health. | Every production system needs monitoring. For multi-cloud or advanced needs, teams often supplement with Datadog, Grafana, or OpenTelemetry. |
| Infrastructure as Code | CloudFormation | Deployment Manager | Bicep / ARM Templates | Define your cloud infrastructure in code files — then deploy, update, and destroy it reproducibly. Terraform (multi-cloud) is the most popular choice across all three clouds. | Always use IaC for production. Click-ops (manually clicking in the console) is not repeatable, not auditable, and not safe. |
Cloud Vocabulary
Essential terms every cloud engineer should know — regardless of which cloud provider they use.
- Region
- A geographic area with multiple data centres. Example: us-east-1 (AWS, N. Virginia), europe-west1 (GCP, Belgium), westeurope (Azure). Deploy near your users to reduce latency.
- Availability Zone (AZ)
- An isolated data centre within a region. Multiple AZs in a region are physically separated — deploying across 2+ AZs protects from a single data centre failure.
- Multi-Region
- Running resources in more than one geographic region for disaster recovery or low-latency global access. Significantly more complex and expensive than single-region.
- Managed Service
- A cloud service where the provider handles patching, backups, scaling, and high availability. You use the service, the provider operates it. Opposite of self-managed (running on a VM you manage).
- Serverless
- A deployment model where you don't provision or manage servers — the cloud allocates resources on demand and scales to zero when idle. You pay only for actual execution time.
- Pay-as-You-Go
- The default cloud billing model: you pay for what you use, per second or per request. No upfront cost. Opposite of reserved/committed pricing, which is cheaper but requires upfront commitment.
- Reserved Instances / Committed Use
- Pay upfront (or commit) to a resource for 1–3 years in exchange for a 30–70% discount. Good for stable, predictable workloads.
- Spot / Preemptible Instances
- Unused cloud capacity sold at a steep discount (60–90% off). Can be terminated with 2 minutes' notice. Good for batch jobs, ML training, and fault-tolerant workloads.
- Egress Cost
- The cost of data leaving a cloud region to the internet or another region. Often the surprise in cloud bills. Ingress (data coming in) is usually free.
- SLA (Service Level Agreement)
- The cloud provider's uptime guarantee, expressed as a percentage. AWS S3 guarantees 99.9%; EC2 in two AZs guarantees 99.99%. Financial credits if they miss the target.