Azure to AWS map

Over the years you might have worked with either AWS or Azure as cloud providers, both offer fairly similar services, so the experience in one of them mildly translates into the other one, as long as you know the basics. So here is a map of the services and their brother from another mother.

This is a shallow comparison for the main services, with the service purpose and key differences I could think of, so once you know the service name you can do a full investigation.


Azure Virtual Machines / EC2 (Elastic compute cloud)

When you want to manage your own virtual machines, IaaS, this is the services you are looking at.

Azure function / Lambda

Sometimes you just need to execute a bit of code, but you don’t need a dedicated virtual machine for that. You can go server-less and use Azure functions or Lambda.

Azure App Services / Elastic Beanstalk

For running applications in the cloud, without having to worry too much about the servers they are running. They will have dedicated virtual machines under the hood.

A key difference is Elastic Beanstalk can be easily added into a VPC (Virtual network), so it’s easier to control traffic at a network level. Azure App service supports that with the isolated tier, but it starts getting expensive quickly.

Containers execution

  • AWS Fargate — Serverless container orchestration.
  • AWS ECS Elastic container service – PaaS fully managed container orchestration service. You will still have the virtual machine cluster.
  • AKS (Azure Kubernetes Service) / EKS (Elastic Kubernetes Service) — Kubernetes as a service, with the dedicated virtual machine cluster.


Storage Account / S3 (Simple storage service)

When you need to store files, you would use a storage account. This service is key for both cloud providers, as other services depend on them.

This service is region-less in AWS and region-specific in Azure.


Image for post

Service Principal / IAM Roles

For access-control, in Azure, you would have Service Principals registered in Azure Active Directory, in AWS you will have roles configured in IAM. Both support a similar permissions model.

Azure AD B2C / AWS Cognito

For when you want to implement Single sign-on from external providers like Twitter, Facebook or Active Directory.

Bonus: A 3rd party solution is Auth0.

Key vault / KMS (Key Management System)

Your applications are going to have sensitive configuration as keys and certificates. Rather than leaving them in source code (risky), you can add them to Azure Key Vault and have policies on who can retrieve that secret.

For example, you can add the secret and only permit the Azure Service principal to read.

AWS KMS supports key rotation by default.

Azure Activity log / Cloud trail

The equivalent of a “git blame”, those stores the logs of what actions have been done against resources, for example when a new virtual machine is started.


Azure Database / RDS (Relational databases server)

For just getting PaaS relational database servers, example engines:

  • SQL Server
  • MySQL
  • Amazon Aurora

Document DB / Dynamo DB

NoSql fully managed instances by both cloud providers, both work as key-value or document stores.

Both offer features like:

  • Automated backups
  • Multi-region replication
  • Concept of eventual or strong consistency

Azure Cache for Redis / Elastic Cache

For when your application could use a distributed caching layer with low latency. This is PaaS, so you don’t need to worry about maintaining the cache cluster.

Elastic cache offers Redis and Memcached.


Virtual Networks / VPC (Virtual private cloud)

In Azure you have the concept of VNets, the major difference is that in AWS most services can be easily added into a VNet. While some services in Azure you might need to pay a premium.

Azure Traffic manage — Route 53

Service for setting routes at DNS level.

API Management — API Gateway

For the concept of API gateways, rather than having one client having to know about many backend services, you can add an API Gateway layer as:

Image for post
API Gateway example

It simplifies the life of the mobile app, but also as it’s an indirection layer, it also offers:

  • Ability to centralize logs.
  • Rate limits.
  • SSL Termination.
  • Web Application Firewall.
  • Authentication/Authorization.

Azure CDN / Cloud Front

Content delivery networks are important when performance is key for your web applications. Rather than leaving your static files in your application virtual machines, we can use a dedicated resource for handling content distribution and caching.

Both services follow a similar approach, they both sit in front of the files in a storage account or S3.

Image for post
CDN example with S3


Azure queue / SQS

For when you have a simple queue, one publisher and one consumer.

Azure Notification Hub / SNS (Simple notification service)

For when you need to publish notifications like:

  • SMS
  • SQS
  • Email
  • Mobile push notifications
  • HTTP
  • Invoke a lambda/Azure function

AWS SNS works in the publisher/subscriber pattern, so you could argue that is also equivalent to Azure Service Bus, because you could have multiple subscribers with their own SQS queue.

Image for post
Implementing a service bus with AWS SNS and SQS

Azure Event hub / AWS Kinesis

For when you are dealing with a high throughput queue.

Developer tools

Azure DevOps

This service is the evolution of what was used to be called VisualStudio online. with this service you can:

  • Host your code with GIT or TFS. AWS has CodeCommit for this.
  • Build your code > AWS CodeBuild.
  • Deploy the applications > AWS CodePipelines.
  • Manage the team backlog.
  • Report on test executions > AWS Codepipelines.

ARM Templates / Cloud formation

Manually creating your resources in the cloud for test purposes is fine, but for Production resources is not a good practice. Because:

  • It is not repeatable
  • Not scalable.
  • Painful manual disaster recovery for dozens or even hundreds of services if something goes wrong.

So instead of manually provisioning, you can automate it through scripts, for Azure you can use ARM templates and Cloud Formation for AWS.

Bonus: Terraform supports both.

Azure console / AWS Cloud 9

While in Azure you have the option to have a bash/Powershell for writing commands, I found that AWS Cloud 9 provides you with a full own mini IDE environment for us to work.

Image for post
AWS Cloud9 example

Microsoft is improving their game with GitHub Codespaces, so that’s a space to watch out.


Azure monitor / Cloud Watch

Your services need to report metrics, for example, the CPU percentage of the running virtual machines. In Azure, you can expect those metrics and basic logs to be going to Azure Monitor and to Cloud Watch in AWS.

App Insights / X-Ray

Image for post
App insights dashboard example

For having basic visibility of what is going on your application, being able to see called requests, response times, success rates and dependency calls.

APM (Application performance monitoring), you can also drill down into each individual requests and see the time taken in each dependency call.

Bonus: A cross-cloud solution could be Datadog.


Both cloud providers are similar in many aspects, they are cloud providers, so they both had to solve the same problems, both had to think of Regions (Datacentre locations) and how to partition those regions into multiple Availability Zones. So you can expect a high degree of similarity.

Once you get the Acronyms from AWS under control, you will be able to understand what the devs working with AWS are talking about.

Further thoughts

This list is something that I created but is something that likely will grow and is huge for just one person to compile and update. I hope I gave the most important services, with a few counterintuitive points.

Leave a Reply