A practical, side-by-side map for architects and engineers.
Compute & Containers
AWS
Azure
When to choose
EC2
Virtual Machines
General-purpose VMs; widest image flexibility.
EC2 Auto Scaling
VM Scale Sets
Scale a VM fleet automatically.
EKS
AKS
Managed Kubernetes control plane.
ECS / Fargate
Container Apps
Serverless containers & microservices without cluster ops.
Elastic Beanstalk / App Runner
App Service
PaaS web/API apps with built-in CI/CD.
Lambda
Azure Functions
Event-driven/serverless compute.
Tip: Azure Functions can run on Container Apps if you want serverless containers + Functions on one platform.
Networking & Traffic
AWS
Azure
Notes
VPC
Virtual Network (VNet)
Core private network boundary.
PrivateLink
Private Link / Private Endpoints
Private access to PaaS/custom services.
Direct Connect
ExpressRoute
Private, predictable connectivity from on-prem.
Global Accelerator
Front Door
Global anycast HTTP(S) entry & acceleration.
ALB / NLB
Application Gateway / Load Balancer
L7 (+WAF) vs L4 load balancing.
CloudFront
Azure CDN / Front Door
Global CDN + caching.
Databases & Data
AWS
Azure
Notes
RDS (MySQL/Postgres/SQL Server) / Aurora
Azure SQL Database / SQL Managed Instance; Azure DB for MySQL/Postgres
MI ≈ near-full SQL Server compatibility; hyperscale options exist.
DynamoDB
Cosmos DB (NoSQL APIs)
Global distribution; multi-master options.
S3 (+ Lake Formation)
ADLS Gen2 (on Blob)
Data lake with HDFS-style features.
Kinesis
Event Hubs
Streaming ingestion.
Kinesis Data Analytics
Stream Analytics
SQL-like stream processing.
Athena
Synapse serverless SQL
Interactive SQL on files without clusters.
Glue
Data Factory
Code/low-code pipelines (ETL/ELT).
Integration & Eventing
AWS
Azure
Notes
EventBridge / SNS
Event Grid / Service Bus topics
Reactive events vs durable messaging.
SQS
Storage Queues / Service Bus queues
Service Bus adds sessions, TX, DLQs.
API Gateway
API Management
Full API lifecycle, policies, dev portal.
Security, Identity & Governance
AWS
Azure
Notes
IAM (+ Cognito/SSO)
Microsoft Entra ID + Azure RBAC
Directory & access control model differs.
Organizations + SCPs / Control Tower
Management Groups + Azure Policy
Org-wide guardrails & governance.
KMS / Secrets Manager
Key Vault (keys, secrets, certs)
HSM-backed options on both.
GuardDuty / Security Hub
Defender for Cloud
Posture mgmt + threat protection.
Identity model translation: AWS accounts (billing/security boundary) ≈ Azure subscriptions under an Entra tenant. Use Organizations + SCPs ⇄ Management Groups + Azure Policy for enterprise guardrails.
Observability & Ops
AWS
Azure
Notes
CloudWatch
Azure Monitor
Metrics, logs, alerts, dashboards.
X-Ray
Application Insights
Distributed tracing, live metrics.
CloudTrail
Activity Log
Control-plane audit.
Dev & Delivery
AWS
Azure
Notes
CodeCommit/Build/Deploy/Pipeline
Azure DevOps or GitHub Actions
First-party CI/CD choices.
ECR
Azure Container Registry (ACR)
OCI images, geo-replication.
AI / ML (Managed)
AWS
Azure
Notes
SageMaker
Azure Machine Learning
Full ML lifecycle & MLOps.
AI APIs (Comprehend etc.)
Azure AI services
Vision, speech, language, search.
Bedrock
Azure OpenAI Service
Managed access to foundation models.
Quick Chooser (real-world picks)
Serverless API: Lambda + API Gateway ⇄ Functions + API Management
Simple microservices (no cluster ops): ECS/Fargate ⇄ Container Apps
Kubernetes with controls: EKS ⇄ AKS
Lakehouse SQL on files: Athena ⇄ Synapse serverless SQL
