Cloud Selection Guide Cheatsheet Cheatsheet

☁️

Cloud Computing Fundamentals

FOUNDATION

Service Models

Model	Full Name	You Manage	Provider Manages	Examples
IaaS	Infrastructure as a Service	OS, runtime, apps, data	Hardware, networking, virtualization	EC2, VMs, Compute Engine
PaaS	Platform as a Service	Apps, data	OS, runtime, middleware, hardware	App Engine, Heroku, Azure App Service
SaaS	Software as a Service	Nothing (just configure)	Everything	Gmail, Salesforce, Office 365
FaaS	Function as a Service	Code only	Everything else (serverless)	Lambda, Functions, Cloud Functions
CaaS	Container as a Service	Containers & images	Orchestration, infra	EKS, AKS, GKE

Deployment Models

Model	Description	Best For
Public Cloud	Shared infrastructure, multi-tenant	Startups, variable workloads, cost optimization
Private Cloud	Dedicated infrastructure, single-tenant	Regulated industries, sensitive data, legacy apps
Hybrid Cloud	Public + private with connectivity	Enterprises needing both flexibility and control
Multi-Cloud	Using 2+ cloud providers simultaneously	Vendor lock-in avoidance, best-of-breed services

Shared Responsibility Model

Layer	IaaS	PaaS	SaaS
Physical Infrastructure	Provider	Provider	Provider
Networking (hardware)	Provider	Provider	Provider
Virtualization	Provider	Provider	Provider
Operating System	Customer	Provider	Provider
Runtime / Middleware	Customer	Provider	Provider
Application	Customer	Customer	Provider
Data	Customer	Customer	Customer

CapEx vs OpEx

Aspect	CapEx (Capital)	OpEx (Operational)
Definition	Upfront investment in assets	Pay-as-you-go recurring costs
Cloud model	Reserved instances (1-3 yr)	On-demand, pay per use
Cash flow	Large upfront, depreciated over time	Predictable monthly costs
Flexibility	Hard to change	Easily scale up/down
Tax	Depreciation benefits	Full deduction in same year
Risk	Over-provisioning waste	Unpredictable spikes

6 Rs of Cloud Migration

Strategy	Description	Effort	Risk	Example
Rehost (Lift & Shift)	Move as-is to cloud VMs	Low	Low	Migrating legacy app to EC2
Replatform (Lift & Reshape)	Minor optimizations, same architecture	Medium	Low	Moving from self-hosted DB to RDS
Refactor / Re-architect	Redesign for cloud-native	High	Medium	Monolith to microservices on Lambda
Repurchase (Replace)	Switch to SaaS solution	Low	Medium	Replace custom CRM with Salesforce
Retire	Decommission unused systems	None	None	Shut down old test environments
Retain (Keep On-Prem)	Keep in data center	None	Low	Apps with strict data residency laws

💡

Rule of thumb: Start with Rehost for quick wins (70% of apps), then Replatform high-value workloads. Only Refactor when cloud-native benefits justify the investment. Always Retire anything unused first — it's free savings.

🔺

AWS — Amazon Web Services

MARKET LEADER

Core Services

Service	Category	Description
EC2	Compute	Virtual servers — widest instance type selection (300+ types)
S3	Storage	Object storage — 11 nines durability, lifecycle policies, 7 storage classes
RDS	Database	Managed relational DB (MySQL, PostgreSQL, MariaDB, Oracle, SQL Server)
Lambda	Serverless	Event-driven compute — up to 15 min, 1M free requests/mo
VPC	Networking	Virtual private cloud — subnets, security groups, NACLs, NAT gateways
IAM	Security	Identity & access management — policies, roles, MFA, federation
CloudFront	CDN	Global content delivery — 600+ edge locations, Lambda@Edge
Route 53	DNS	Managed DNS — latency-based routing, health checks

Managed & AI/ML Services

Service	Category	Description
ECS / EKS	Containers	ECS (proprietary), EKS (managed Kubernetes)
ElastiCache	Cache	Managed Redis or Memcached
Aurora	Database	MySQL/PostgreSQL-compatible, 5x faster, auto-scaling
DynamoDB	NoSQL	Single-digit ms latency, auto-scaling, global tables
SageMaker	ML	Full ML lifecycle — build, train, deploy models
Bedrock	GenAI	Access Claude, Llama, Titan models via API
Rekognition	AI	Image & video analysis — face detection, labels, text
Redshift	Analytics	Petabyte-scale data warehouse — columnar storage

AWS Pricing Model

Model	Discount	Commitment	Best For
On-Demand	None	None (pay per second)	Short-term, unpredictable workloads
Reserved Instances	Up to 72% off	1 or 3 year term	Steady-state production workloads
Spot Instances	Up to 90% off	None (can be interrupted)	Batch jobs, CI/CD, fault-tolerant workloads
Savings Plans	Up to 72% off	1 or 3 yr $/hr commitment	Flexible compute usage across EC2/Lambda/Fargate

⚠️

AWS Free Tier: 750 hours EC2 (t2.micro), 5 GB S3, 750 hours RDS (db.t2.micro), 1M Lambda requests/mo — all free for 12 months. Always use AWS Cost Explorer and set up budgets + alerts to avoid surprise bills.

🔷

Microsoft Azure

ENTERPRISE FAVORITE

Core Services

Service	Category	Description
Virtual Machines	Compute	Full VMs — wide OS selection, hybrid benefit
Blob Storage	Storage	Object storage — hot, cool, cold, archive tiers
Azure SQL	Database	Managed SQL Server — auto-tuning, geo-replication
Azure Functions	Serverless	Event-driven — 1M free executions/mo
AKS	Containers	Managed Kubernetes — integrates with Azure AD, Monitor
App Service	PaaS	Fully managed web apps — .NET, Java, Node, Python
CosmosDB	NoSQL	Multi-model, globally distributed, 5 consistency levels
Azure Cache for Redis	Cache	Managed Redis — Enterprise tier with persistence

Enterprise & AI Services

Service	Category	Description
Entra ID (Azure AD)	Identity	SSO, MFA, conditional access — integrates with Office 365
Intune	MDM	Device management — BYOD policies, compliance
Defender	Security	Cloud security posture, threat protection suite
Azure OpenAI	AI	GPT-4, GPT-4o, DALL-E via Azure (enterprise-grade)
Azure ML	ML	AutoML, designer (drag-drop), managed endpoints
Cognitive Services	AI	Vision, Speech, Language, Translator APIs
Azure DevOps	DevOps	Boards, Repos, Pipelines, Test Plans, Artifacts
Power Platform	Low-Code	Power BI, Power Apps, Power Automate

Azure Pricing & Unique Strengths

Pay-as-you-goNo commitment, per-second billing

Reserved InstancesUp to 72% off with 1-3 year commitment

Azure Hybrid BenefitUse existing Windows Server/SQL licenses → up to 40% savings

.NET IntegrationBest-in-class for .NET workloads (native, optimized)

Microsoft 365Deep integration with Teams, SharePoint, OneDrive, Outlook

GitHub IntegrationAzure DevOps + GitHub Actions + Azure seamless CI/CD

ComplianceMost compliance certifications of any cloud (90+)

💡

Choose Azure when: Your org uses Microsoft stack (.NET, Active Directory, Office 365), needs enterprise compliance, or has existing Windows Server/SQL licenses. The Azure Hybrid Benefit alone can save 40% on VMs and SQL.

🌐

Google Cloud Platform (GCP)

DATA & AI LEADER

Core Services

Service	Category	Description
Compute Engine	Compute	VMs — custom machine types, per-second billing
Cloud Storage	Storage	Object storage — Standard, Nearline, Coldline, Archive
Cloud SQL	Database	Managed MySQL, PostgreSQL, SQL Server
Cloud Functions	Serverless	Event-driven — Node.js, Python, Go, Java
Cloud Run	Containers	Best serverless containers — scale to zero, any language
GKE	Containers	Best-in-class managed Kubernetes — 4x leader in Forrester Wave
Firestore	NoSQL	Serverless document DB — real-time sync, offline mode
BigQuery	Analytics	Best data warehouse — separate storage & compute, $5/TB queried

AI/ML & Data Services

Service	Category	Description
Vertex AI	ML Platform	Full ML lifecycle — AutoML, custom training, model registry
Gemini (API)	GenAI	Gemini Pro/Ultra — multimodal, best pricing for inference
TPUs	Hardware	Custom AI accelerators — 2-8x faster than GPUs for training
AutoML	ML	No-code ML — vision, NLP, tabular, translation models
Dataflow	Streaming	Managed Apache Beam — batch & streaming ETL
Pub/Sub	Messaging	Global event streaming — millions of messages/sec
Spanner	Database	Globally consistent relational DB — 99.999% availability
Cloud CDN	CDN	Global CDN — 150+ edge locations, Google backbone network

GCP Always Free Tier

Resource	Free Allowance	Notes
e2-micro VM	1 instance (US regions)	30 GB standard persistent disk
Cloud Storage	5 GB Standard	1 GB/day Class A, 5 GB/day Class B operations
BigQuery	10 GB storage	1 TB query/month free
Cloud Functions	2M invocations/month	400K GB-sec, 200K GB-sec network egress
Cloud Run	2M requests/month	360K vCPU-sec, 180K GB-hr memory
Firestore	1 GB storage	50K reads, 20K writes, 20K deletes/day

💡

Choose GCP when: You need BigQuery (best data warehouse), Kubernetes (GKE is the gold standard), AI/ML (TPUs, Vertex AI, Gemini), or cost-effective analytics. GCP has the most generous Always Free tier — e2-micro VM runs forever free.

⚔️

Cloud Comparison Matrix — Head to Head

DECISION TIME

Compute & Storage Comparison

Category	AWS	Azure	GCP
VMs	EC2 (300+ types)	Virtual Machines (200+ types)	Compute Engine (custom types)
VM pricing	t3.micro ~$8/mo	B1s ~$7/mo	e2-micro ~$6/mo
Serverless	Lambda	Functions	Cloud Functions + Cloud Run
Serverless timeout	15 min	230 sec (consumption)	60 min (Cloud Run)
Object storage	S3 ($0.023/GB)	Blob ($0.018/GB)	Cloud Storage ($0.020/GB)
Storage classes	7 (S3, Glacier)	4 (Hot, Cool, Cold, Archive)	4 (Standard, Nearline, Coldline, Archive)
Block storage	EBS ($0.08/GB)	Managed Disk ($0.096/GB)	Persistent Disk ($0.08/GB)

Database & Containers Comparison

Category	AWS	Azure	GCP
Managed SQL	RDS	Azure SQL	Cloud SQL
Best SQL	Aurora (5x faster)	Azure SQL (auto-tuning)	Cloud SQL (PostgreSQL)
NoSQL	DynamoDB	CosmosDB	Firestore / Spanner
Cache	ElastiCache	Azure Cache for Redis	Memorystore
Kubernetes	EKS ($0.10/hr/cluster)	AKS (free control plane)	GKE (free Autopilot tier)
Container serverless	Fargate	Container Apps	Cloud Run (best)

AI/ML & Analytics Comparison

Category	AWS	Azure	GCP
ML Platform	SageMaker	Azure ML	Vertex AI (best)
GenAI Models	Bedrock (Claude, Titan)	Azure OpenAI (GPT-4)	Gemini (multimodal)
Data Warehouse	Redshift ($0.25/TB)	Synapse ($0.077/TB)	BigQuery ($5/TB queried)
Data Lake	S3 + Glue + Athena	ADLS + Synapse	GCS + Dataflow
Streaming	Kinesis	Event Hubs	Pub/Sub (best)
ETL/Orchestration	Step Functions / Glue	Data Factory	Cloud Workflows / Composer

CDN, DNS & Networking Comparison

Category	AWS	Azure	GCP
CDN	CloudFront (600+ PoPs)	Azure CDN (100+ PoPs)	Cloud CDN (150+ PoPs)
DNS	Route 53	Azure DNS	Cloud DNS
Load Balancer	ALB / NLB / GWLB	App GW / LB / Front Door	Cloud LB (global, anycast)
Private Connect	PrivateLink / VPC Endpoints	Private Link	Private Service Connect
Dedicated Connect	Direct Connect	ExpressRoute	Cloud Interconnect
Global Network	70+ PoPs	60+ regions	35+ regions, Google backbone

🚫

No single cloud wins everywhere. AWS leads in breadth (200+ services), Azure dominates enterprise/Microsoft shops, GCP excels in data & AI. BigQuery has the best pricing model (pay per TB queried, not stored). GKE is the Kubernetes gold standard. Choose based on your primary use case.

💰

Pricing & Cost Optimization

FINOPS

Cost Optimization Strategies

Strategy	Savings	How
Rightsizing	20-40%	Match instance types to actual CPU/RAM usage
Reserved Instances	40-72%	Commit to 1-3 years for predictable workloads
Spot/Preemptible	60-90%	Use for batch, CI/CD, fault-tolerant workloads
Savings Plans	40-72%	Flexible $/hr commitment across services
Auto-scaling	30-50%	Scale down during nights/weekends automatically
Storage tiering	40-80%	Move cold data to cheaper storage classes
Data transfer	Significant	Minimize cross-AZ, cross-region, and egress traffic

Hidden Costs to Watch

Cost Category	AWS	Azure	GCP
Data egress	$0.09/GB (internet)	$0.087/GB	$0.105/GB
Cross-AZ transfer	$0.01-0.02/GB	$0.01/GB	$0.01/GB
Cross-region transfer	$0.02/GB+	$0.02/GB	$0.08/GB (higher!)
API calls (storage)	$0.005 per 1K	$0.004 per 10K	$0.005 per 1K
NAT Gateway	$0.045/hr + $0.045/GB	Not needed (outbound free)	Cloud NAT $0.045/hr
Public IP idle	$0.005/hr	Free	$0.004/hr
Load Balancer	$0.0225/hr (ALB)	$0.018/hr (Basic)	$0.025/hr

Free Tier Comparison

Resource	AWS Free Tier	Azure Free Tier	GCP Always Free
Compute	750 hrs t2.micro (12 mo)	750 hrs B1s (12 mo)	e2-micro (forever)
Storage	5 GB S3 (12 mo)	5 GB Blob (12 mo)	5 GB Cloud Storage (forever)
Database	750 hrs db.t2.micro (12 mo)	250 hrs SQL DB (12 mo)	Cloud SQL (30 day trial)
Serverless	1M Lambda req/mo (12 mo)	1M Functions req/mo (forever)	2M req/mo (forever)
Network	100 GB out (12 mo)	100 GB out (12 mo)	1 GB out (forever)
Analytics	Limited	Limited	10 GB BigQuery storage (forever)

⚠️

FinOps Golden Rule: The #1 cloud cost surprise is data transfer (egress). Always keep compute and storage in the same region, use VPC endpoints for internal traffic, and compress data before sending across regions. Set up billing alerts on day one.

🚀

Choosing Cloud for Startups

STARTUP

Startup Programs & Credits

Program	Credits	Requirements
AWS Activate	$1K-$100K credits	Portfolio company of approved VC/accelerator
Azure for Startups	$25K (Founders Hub)	Join Founders Hub — no VC required
Google for Startups	$2K-$200K credits	Apply via Google for Startups program

Recommended Stack by Stage

Stage	Monthly Budget	Recommended Stack
Pre-seed / MVP	$0-$100	Vercel/Netlify (frontend) + Supabase/Firebase (backend) + GCP e2-micro
Seed ($1M-$5M)	$100-$5K	AWS/GCP — Fargate/Cloud Run + RDS/Cloud SQL + S3/GCS
Series A ($5M-$20M)	$5K-$20K	Multi-service: EKS/GKE + Aurora/CosmosDB + Redis + CDN
Series B+ ($20M+)	$20K-$100K+	Multi-region, dedicated support, reserved instances

💡

MVP Recommendation: Use GCP for MVPs — Cloud Run (serverless containers, scale to zero, cheapest when idle) + Firestore (serverless DB) + BigQuery (analytics). Cost: often $0-20/mo until you have real users. Alternatively, Vercel + Supabase for full-stack Next.js apps.

🏢

Choosing Cloud for Enterprise

ENTERPRISE

Compliance & Certifications

Standard	AWS	Azure	GCP
HIPAA	Yes	Yes	Yes
SOC 1/2/3	Yes	Yes	Yes
PCI-DSS	Yes	Yes	Yes
GDPR	Yes	Yes	Yes
FedRAMP (High)	Yes	Yes	Moderate only
ISO 27001	Yes	Yes	Yes
IRAP (Australia)	Yes	Yes	Yes
# of certifications	143	100+	125

Enterprise Support & SLAs

Feature	AWS	Azure	GCP
Basic Support	Free (forums)	Free (billing + subscriptions)	Free (community)
Developer Support	$29/mo	Not available	$29/mo
Business Support	$100/mo (10% spend)	$100/mo (min)	$250/mo
Enterprise Support	$15K/mo (min)	$1K/mo (min)	Custom pricing
SLA (compute)	99.99%	99.99%	99.99%
SLA (storage)	99.999999999% (S3)	99.999999999% (Blob)	99.999999999%
Dedicated engineer	TAM (Enterprise)	CSAM (Unified)	Customer Engineer

⚠️

Enterprise recommendation: Azure if you use Microsoft stack (AD, Office 365, .NET). AWS for broadest service coverage and most mature ecosystem. GCP for data-heavy orgs with BigQuery. Consider multi-cloud if you need to avoid vendor lock-in or have regulatory requirements spanning jurisdictions.

🤖

Choosing Cloud for AI / ML

AI/ML

GPU / TPU Comparison

Accelerator	Provider	Best For	Price (on-demand)
A10G (24 GB)	AWS / Azure / GCP	Inference, light training	~$1.00-1.50/hr
A100 (40/80 GB)	AWS / Azure / GCP	Large model training	~$3.00-5.00/hr
H100 (80 GB)	AWS / Azure / GCP	LLM training (latest)	~$8.00-12.00/hr
TPU v5p	GCP only	Large-scale training (best)	~$4.00-8.00/hr
Inferentia2	AWS only	Cheap inference	~$0.15/hr (Inf2 instance)
T4 (16 GB)	All 3	Budget inference	~$0.50-0.75/hr

AI/ML Platform Comparison

Feature	SageMaker (AWS)	Azure ML	Vertex AI (GCP)
Notebooks	SageMaker Studio	Azure ML Studio	Vertex AI Workbench
AutoML	Yes (all types)	Yes (designer + SDK)	Yes (best-in-class)
Model Registry	Yes	Yes	Yes
Model Serving	Real-time + Batch	Real-time + Batch	Real-time + Batch + Predictions
Pre-trained Models	JumpStart, Bedrock	Azure AI Gallery	Model Garden (400+)
GenAI Models	Claude, Titan, Cohere	GPT-4o, DALL-E, Whisper	Gemini, Imagen, Chirp
MLOps	Pipelines, Experiments	Pipelines, MLflow	Pipelines, Feature Store
Special Hardware	Trainium, Inferentia	ND H100 v5	TPU v5p (unique)

💡

For AI/ML, GCP leads overall: TPUs for training (2-8x faster than GPUs), Vertex AI for model management, Gemini for multimodal, and BigQuery ML for SQL-based ML. For LLM inference, AWS Inferentia2 is cheapest. For enterprise GPT access, Azure OpenAI is the only option.

📊

Choosing Cloud for Data Engineering

DATA

Data Warehouse & Lake Comparison

Category	AWS	Azure	GCP
Data Warehouse	Redshift	Synapse Analytics	BigQuery (best)
Pricing Model	$0.25/TB stored + $0.25/TB scanned	DWU units (reserved)	$5/TB queried (storage free)
Data Lake	S3 + Glue + Athena	ADLS Gen2 + Synapse	GCS + Dataflow
Streaming	Kinesis ($0.015/shard/hr)	Event Hubs ($0.01/event hub)	Pub/Sub ($0.40-40/M msgs)
Orchestration	Step Functions / MWAA	Data Factory / Synapse	Cloud Composer / Workflows
ETL/ELT	Glue ($0.44/DPU/hr)	ADF ($0.25/Orchestration)	Dataflow (auto-scaling)

Cost per TB Processed

Service	Cost/TB	Query Speed	Best For
BigQuery	$5/TB queried	Seconds (columnar + distributed)	Ad-hoc analytics, best value
Redshift	$0.25/TB stored + scan	Fast (provisioned clusters)	Large structured data, ETL
Synapse	DWU-based (variable)	Moderate	Azure-native orgs, Office data
Athena	$5/TB scanned (S3)	Moderate (serverless)	Occasional queries on S3 data
Snowflake (3rd)	$2-3/TB credited	Fast (auto-scaling)	Multi-cloud data warehouse

⚠️

BigQuery is the clear winner for analytics — pay per TB queried (not stored), separates storage and compute, and scales to petabytes. For streaming + batch hybrid, Pub/Sub + Dataflow (GCP) or Kinesis + Glue (AWS) are top choices.

🔀

Multi-Cloud & Hybrid Strategies

ARCHITECTURE

When to Go Multi-Cloud

Reason	Description	Example
Vendor lock-in avoidance	Avoid dependency on single provider	Use K8s on multiple clouds
Best-of-breed services	Pick best service from each cloud	BigQuery (GCP) + Bedrock (AWS)
Compliance / Data residency	Different regions per regulation	EU data on EU servers
Negotiation leverage	Better pricing through competition	Negotiate with AWS using Azure quote
Acquisition / Merger	Combined orgs on different clouds	Migrate or integrate over time

Multi-Cloud Tools

Tool	Type	Description
Terraform	IaC	Multi-cloud infrastructure provisioning (most popular)
Pulumi	IaC	Infrastructure as code using Python/TypeScript
Crossplane	Control Plane	Kubernetes-native multi-cloud resource management
HashiCorp Vault	Secrets	Multi-cloud secrets management
Datadog	Monitoring	Unified observability across clouds
ArgoCD	GitOps	Multi-cluster Kubernetes deployment

🚫

Multi-cloud warning: Multi-cloud adds significant complexity — you must manage 3 billing systems, 3 IAM systems, 3 networking models, and deal with cross-cloud data transfer costs. Start with one cloud and only go multi-cloud when you have a clear, quantifiable reason.

⚙️

Cloud-Native Services Comparison

SERVICES

Serverless DB, Messaging, Caching

Service Type	AWS	Azure	GCP
Serverless NoSQL	DynamoDB	CosmosDB (Serverless)	Firestore
Serverless SQL	Aurora Serverless v2	SQL Database Serverless	Spanner (no serverless yet)
Message Queue	SQS (queue) / SNS (pub-sub)	Service Bus / Event Grid	Pub/Sub
Event Streaming	Kinesis Data Streams	Event Hubs	Pub/Sub (streaming)
In-Memory Cache	ElastiCache (Redis/Memcached)	Azure Cache for Redis	Memorystore (Redis/Memcached)
Full-Text Search	OpenSearch Service	Azure AI Search	Cloud Search (limited)

Secrets, Monitoring & DevOps

Service Type	AWS	Azure	GCP
Secrets Management	Secrets Manager + KMS	Key Vault	Secret Manager + Cloud KMS
Monitoring / Logging	CloudWatch	Azure Monitor + Log Analytics	Cloud Monitoring + Logging
Alerting	CloudWatch Alarms + SNS	Azure Alerts + Action Groups	Cloud Monitoring Alerting
Config / IaC	CloudFormation + CDK	ARM/Bicep + Terraform	Deployment Manager + Terraform
CI/CD Native	CodePipeline + CodeBuild	Azure Pipelines	Cloud Build
Container Registry	ECR	ACR	Artifact Registry

💡

Portability tip: Use Kubernetes + PostgreSQL + Redis as your core stack to maximize portability. Avoid cloud-specific services (like DynamoDB, CloudWatch) for critical workloads unless the benefits clearly outweigh the lock-in risk.

📦

Migration Guide

MIGRATION

Migration Phases

Phase	Activities	Tools
1. Assess	TCO analysis, dependency mapping, readiness	AWS MAP, Azure Migrate, GCP Assessment
2. Plan	Choose 6 Rs strategy, set timeline, budget	AWS Migration Hub, Azure Migrate
3. Migrate	Data transfer, app migration, parallel run	AWS DMS/MGN, Azure Migrate, Google Transfer
4. Optimize	Rightsizing, reserved instances, monitoring	Trusted Advisor, Azure Advisor, Recommender
5. Operate	Ongoing management, cost control, updates	AWS SSM, Azure Arc, GCP Ops Agent

Migration Tools by Provider

Task	AWS	Azure	GCP
Server migration	MGN (Application Migration)	Azure Migrate: Server Migration	Migrate to VMs (Velostrata)
Database migration	DMS (Database Migration)	Azure Database Migration	Database Migration Service
Data transfer (online)	DataSync	AzCopy / Storage Explorer	Storage Transfer Service
Data transfer (offline)	Snowball (50 TB)	Data Box (100 TB)	Transfer Appliance (480 TB)
VM discovery	Agentless Discovery	Azure Migrate appliance	Migration Center

⚠️

Migration best practice: Always run a parallel run for 2-4 weeks before full cutover. Validate data integrity, measure performance, and verify costs. Use incremental migration— don't try to move everything at once. Start with non-critical workloads to build confidence.

🔒

Cloud Security Comparison

SECURITY

IAM Comparison

Feature	AWS IAM	Azure RBAC + Entra ID	GCP IAM
Policies	JSON documents	Role definitions (JSON)	YAML/JSON bindings
Roles	Predefined + custom	Built-in + custom	Predefined + custom
MFA	Yes (virtual + hardware)	Yes (Entra ID)	Yes (Security Keys)
Federation	SAML 2.0, OIDC	SAML, OIDC, OAuth 2.0	SAML, OIDC, Workforce/Workload
Service Accounts	IAM Roles for EC2/Lambda	Managed Identities	Service Accounts (K8s-style)
Conditional Access	IAM Conditions	Entra ID Conditional Access	IAM Conditions
Secrets	Secrets Manager + KMS	Key Vault	Secret Manager + Cloud KMS

Network & Data Security

Feature	AWS	Azure	GCP
Virtual Network	VPC (subnets, NACLs, SGs)	VNet (subnets, NSGs, ASGs)	VPC (subnets, firewall rules)
DDoS Protection	Shield (Standard free, Advanced $3K/mo)	DDoS Protection Standard	Cloud Armor (free tier)
WAF	WAF ($5/rule/mo + $0.60/M req)	WAF ($40/policy/mo)	Cloud Armor ($5/policy/mo)
Encryption at Rest	KMS (SSE-S3, SSE-KMS, SSE-C)	Azure Storage encryption	CMEK (customer-managed keys)
Encryption in Transit	TLS 1.2+ (enforced)	TLS 1.2+ (enforced)	TLS 1.2+ (enforced)
Threat Detection	GuardDuty ($0.35/GB scanned)	Defender for Cloud	Security Command Center

🚫

Security essentials for any cloud: 1) Enable MFA for all users, 2) Use least-privilege IAM policies, 3) Enable encryption at rest and in transit, 4) Configure VPC/network isolation, 5) Set up cloud-native threat detection (GuardDuty/Defender/SCC), 6) Audit with CloudTrail/Audit Logs/Cloud Audit Logs.

🌍

Regional & Global Considerations

GLOBAL

Region & Edge Comparison

Metric	AWS	Azure	GCP
Total Regions	34 regions	60+ regions	40 regions
US Regions	us-east-1, us-west-2, etc.	East US, West US, etc.	us-central1, us-east4, etc.
EU Regions	eu-west-1, eu-central-1, etc.	West Europe, North Europe	europe-west1, europe-west4
Asia Regions	ap-southeast-1, ap-northeast-1	East Asia, Southeast Asia	asia-east1, asia-southeast1
CDN Edge Locations	600+	200+	150+
Sovereign Cloud	GovCloud, Secret Region	Azure Government, China 21Vianet	Air-gapped regions

Data Residency & Latency

Consideration	Guideline
Data residency laws	GDPR (EU), CCPA (CA), LGPD (Brazil), PIPA (Korea) — keep data local
Latency target	<100ms for interactive apps, <10ms for real-time/gaming
Same-region	Always co-locate compute, DB, and storage in the same region
Multi-region	Use for DR: async replication with <15 min RPO for most apps
Edge/CDN	Use CloudFront/Front Door/Cloud CDN for static assets — 10-50ms globally
Sovereign clouds	AWS GovCloud, Azure China (21Vianet), Google Air-gapped for gov

💡

Region selection strategy: Choose the region closest to your users for latency. If GDPR applies, use EU regions only. For disaster recovery, replicate to a different region in the same geography (e.g., us-east-1 → us-west-2).

🎯

Decision Flowchart & Quick Guide

DECISION

Use Case → Best Cloud Mapping

I Need To...	Recommended Cloud	Why
Run .NET apps with AD integration	Azure	Native .NET, Entra ID, Office 365 integration
Build an MVP cheaply	GCP	e2-micro free forever, Cloud Run scale-to-zero, BigQuery free tier
Train large ML models	GCP (TPUs) or AWS (P5)	TPUs for speed, AWS P5 (H100) for ecosystem
Use GPT-4 in production	Azure	Azure OpenAI is the only enterprise GPT-4 offering
Maximum service breadth	AWS	200+ services, most mature, largest ecosystem
Run Kubernetes at scale	GCP (GKE)	Best-managed K8s — Autopilot, 99.95% SLA, free tier
Build a data warehouse	GCP (BigQuery)	Best pricing ($5/TB queried), separate storage/compute
Process streaming data	GCP (Pub/Sub) or AWS (Kinesis)	Pub/Sub for scale, Kinesis for AWS-native integration
Host static websites	Any (AWS S3, Azure Blob, GCP Cloud Storage)	All support static hosting + CDN
Enterprise compliance	Azure or AWS	Most certifications, FedRAMP High (AWS), broadest合规

5 Key Factors Quick Comparison

Factor	AWS	Azure	GCP
Service Breadth	★★★★★	★★★★☆	★★★★☆
Enterprise Readiness	★★★★★	★★★★★	★★★★☆
AI/ML Capabilities	★★★★☆	★★★★☆	★★★★★
Data & Analytics	★★★★☆	★★★★☆	★★★★★
Cost Effectiveness	★★★☆☆	★★★☆☆	★★★★☆
Kubernetes	★★★★☆	★★★★☆	★★★★★
Developer Experience	★★★★☆	★★★★☆	★★★★★
Startup Friendly	★★★★☆	★★★★☆	★★★★★

When to Avoid Each Cloud

Cloud	Avoid When...	Consider Instead
AWS	You use Microsoft stack exclusively	Azure
AWS	You need cheapest always-free tier	GCP
Azure	You need best data analytics pricing	GCP BigQuery
Azure	You need TPU access for ML training	GCP
GCP	You need broadest service ecosystem	AWS
GCP	You need FedRAMP High certification	AWS or Azure

🚫

The #1 mistake: Choosing a cloud based on hype instead of your actual requirements. Start with your use case, evaluate 2-3 providers, run a proof of concept, and then decide. The best cloud is the one that solves your specific problem most effectively.

🎓

Resources & Certifications

CERTIFICATIONS

AWS Certifications

Certification	Level	Cost	Focus
Solutions Architect Associate	Associate	$300	Designing distributed systems on AWS
Developer Associate	Associate	$300	Developing and deploying AWS applications
SysOps Administrator	Associate	$300	Deploying, managing, operating AWS workloads
DevOps Engineer Professional	Professional	$300	CI/CD, automation, monitoring on AWS
Solutions Architect Professional	Professional	$300	Complex solution design (multi-account)
Security Specialty	Specialty	$300	AWS security architecture and operations
Data Analytics Specialty	Specialty	$300	AWS data services (Athena, Glue, Redshift)

Azure & GCP Certifications

Certification	Provider	Cost	Focus
AZ-104: Administrator	Azure	$165	Managing Azure identities, storage, compute
AZ-204: Developer	Azure	$165	Developing Azure compute and storage solutions
AZ-305: Architect	Azure	$330	Designing Azure infrastructure solutions
AI-102: AI Engineer	Azure	$165	Building AI solutions with Azure AI services
DP-203: Data Engineer	Azure	$165	Implementing data solutions on Azure
GCP Cloud Engineer	GCP	$200	Deploying apps, monitoring, operations
GCP Cloud Architect	GCP	$200	Designing GCP architecture (professional)
GCP Data Engineer	GCP	$200	Designing data processing systems on GCP

Free Training & Hands-On Resources

Provider	Resource	URL / Access	Cost
AWS	Skill Builder	aws.amazon.com/training/	Free (100+ courses)
AWS	Workshops	workshops.aws	Free hands-on labs
Azure	Microsoft Learn	learn.microsoft.com	Free (800+ modules)
Azure	Azure Sandbox	learn.microsoft.com/sandbox	Free limited-time access
GCP	Google Cloud Skills Boost	cloud.google.com/training	Free (select courses)
GCP	Qwiklabs	qwiklabs.com	Free credits + paid labs
Multi	A Cloud Guru / Pluralsight	acloudguru.com	Subscription ($39/mo)
Multi	KodeKloud	kodekloud.com	Free tier + subscription

💡

Certification strategy: Start with Cloud Practitioner (AWS) or Cloud Engineer (GCP) for fundamentals. Then specialize based on your role: Architect for solution design, Developer for hands-on, Security for compliance. Most certs are valid for 3 years. Hands-on practice is more valuable than theory — always build projects alongside study.

⏳

Loading cheatsheet...