Azure for AWS professionals
This article introduces a series of articles that help Amazon Web Services (AWS) experts understand the basics of the Microsoft Azure platform, accounts, and services. This article describes key similarities and differences between AWS and Azure. Whether you're designing a multicloud solution that uses both Azure and AWS or migrating from AWS to Azure, you can compare the capabilities of Azure and AWS services in all categories.
The articles in this series describe:
- How to think about Azure capabilities from an AWS perspective.
- How Azure organizes accounts and resources.
- How core Azure services differ from AWS services and how they're similar.
Use the table of contents to select the technology areas that are relevant to your workload. These articles compare services that are roughly comparable. Not every AWS service or Azure service is listed, and not every matched service has exact feature-for-feature parity.
Similarities and differences
AWS and Azure build on a core set of AI, compute, storage, database, and networking services. In many cases, the platforms provide similar products and services. For example, both AWS and Azure can use Linux distributions and open-source software technologies. Both platforms support building highly available solutions on Windows or Linux hosts.
The capabilities of both platforms are similar, but the resources that provide those capabilities are often organized differently. Azure and AWS built their capabilities independently over time, so the platforms have important implementation and design differences. For example, AWS relies heavily on its accounts to serve as a logical boundary for tasks like applying permissions or tracking spend. Azure uses subscriptions, which are similar to AWS accounts. Azure also uses resource groups to logically group and manage resources at a more granular level.
The services that each platform provide don't always clearly correspond. Sometimes, only one of the platforms provides a particular service.
Primary topics
Read the following articles to learn about Azure services and how they map to the services that you're already familiar with in AWS. The following articles go into more detail about how Azure works in these specific areas:
- Accounts and subscriptions on Azure and AWS
- Compute services on Azure and AWS
- Data and AI
- Relational database technologies on Azure and AWS
- Messaging services on Azure and AWS
- Networking on Azure and AWS
- Regions and zones on Azure and AWS
- Resource management on Azure and AWS
- Multicloud security and identity with Azure and AWS
- Storage on Azure and AWS
Other services
The preceding list doesn't include all services. The following tables describe some of the services that aren't included. They map each AWS service to its corresponding Azure service and provide a brief description of the service.
Marketplace
| AWS service | Azure service | Description |
|---|---|---|
| AWS Marketplace | Azure Marketplace | These services present easy-to-deploy and automatically configured partner applications, including single virtual machine (VM) or multiple VM solutions. You can purchase software as a service (SaaS) products from either marketplace. Many of these offerings are eligible to count toward your Azure consumption commitment. To understand which offerings count toward your commitment, see Azure consumption commitment benefit. |
Time series databases and analytics
| AWS service | Azure service | Description |
|---|---|---|
| Amazon Timestream | Azure Data Explorer | Azure Data Explorer is a fully managed, low latency, and distributed big data analytics platform. It runs complex queries across petabytes of data and is optimized for log and time series data. |
DevOps and application monitoring
| AWS service | Azure service | Description |
|---|---|---|
| Amazon CloudWatch and AWS X-Ray | Azure Monitor | Azure Monitor is a comprehensive solution that you can use to collect, analyze, and act on telemetry from your cloud and on-premises environments. Use Application Insights, a feature of Azure Monitor, to instrument your code for more in-depth application performance monitoring. In AWS, you typically use both X-Ray and CloudWatch. |
| AWS CodeDeploy AWS CodeCommit (deprecated) AWS CodePipeline AWS CodeConnections AWS CodeBuild |
Azure DevOps GitHub GitHub Actions |
Azure DevOps is a single solution that focuses on collaboration, continuous integration and continuous delivery (CI/CD), code testing, code artifacts, security testing, and code management. GitHub is a cloud-based platform that you can use to showcase, collaborate on, and manage code. Use GitHub Actions to automate software development workflows. AWS code products support many of these functions. AWS no longer provides a code repository to new customers, but it does allow integration with partner repositories via CodeConnections. |
| AWS CLI AWS Tools for PowerShell AWS SDKs |
Azure CLI Azure PowerShell Azure SDKs |
These services are built on top of the native REST API across all cloud services. Various programming language-specific wrappers provide easier ways to create solutions. |
| AWS CloudShell | Azure Cloud Shell | Azure Cloud Shell is an interactive, authenticated, browser-accessible shell that you can use to manage Azure resources. It gives you the flexibility to choose the shell experience, either Bash or PowerShell, that best suits the way you work. |
| AWS Systems Manager | Azure Automation | Automation configures and operates applications of all shapes and sizes. It provides templates to create and manage a collection of resources. |
| AWS CloudFormation AWS Cloud Development Kit |
Azure Resource Manager Bicep VM extensions Automation Azure Developer CLI |
These services provide ways for developers and cloud admins to build and deploy repeatable cloud environments by using declarative syntax or common programming languages to define infrastructure as code. |
Internet of Things (IoT)
| AWS service | Azure service | Description |
|---|---|---|
| AWS IoT Core | Azure IoT Hub | This service provides a cloud gateway for managing bidirectional communication more securely and at scale with billions of IoT devices. |
| AWS IoT Greengrass | Azure IoT Edge | Use this service to deploy cloud intelligence directly onto IoT devices and cater to on-premises scenarios. |
| Amazon Data Firehose and Kinesis Data Streams | Azure Event Hubs Azure Stream Analytics |
These services facilitate the mass ingestion of events or messages, typically from devices and sensors. The data can then be processed in real-time microbatches or be written to storage for further analysis. Both Kinesis Data Streams and Stream Analytics have real-time data processing capabilities. |
| AWS IoT TwinMaker | Azure Digital Twins | Use these services to create digital representations of real-world places, things, business processes, and people. Gain insights, drive the creation of better products and new customer experiences, and optimize operations and costs. |
| AWS IoT Device Management AWS IoT FleetWise |
Azure IoT Central | Use these services to connect and manage IoT devices at scale. Use Azure IoT Central for general use cases and vehicle-based use cases. AWS provides IoT FleetWise specifically for vehicles. |
| AWS IoT ExpressLink | Azure Sphere | These services provide device modules and software that you can use to build custom internet-connected devices. |
Management and governance
| AWS service | Azure service | Description |
|---|---|---|
| AWS Organizations | Azure management groups | Azure management groups help you organize your resources and subscriptions. |
| AWS Well-Architected Tool | Azure Well-Architected Review | Examine your workload through the lenses of reliability, cost management, operational excellence, security, and performance efficiency. |
| AWS Trusted Advisor | Azure Advisor | Advisor provides analysis of cloud resource configuration and security to help subscribers use best practices and optimum configurations. |
| AWS Billing and Cost Management | Microsoft Cost Management | Cost Management helps you understand your Azure invoice or bill. It also helps you manage your billing account and subscriptions, monitor and control Azure spending, and optimize resource use. |
| Cost and Usage Reports | Cost details APIs | These services help you generate, monitor, forecast, and share billing data for resource usage by time, organization, or product resources. |
| AWS Management Console | Azure portal | Azure portal is a unified management console that simplifies building, deploying, and operating your cloud resources. |
| AWS Application Discovery Service | Azure Migrate and Modernize | Azure Migrate and Modernize assesses on-premises workloads for migration to Azure, performs performance-based sizing, and provides cost estimates. |
| AWS Systems Manager | Azure Monitor | Azure Monitor is a comprehensive solution that you can use to collect, analyze, and act on telemetry from your cloud and on-premises environments. |
| AWS Health Dashboard | Azure Resource Health | See detailed information about the health of resources. Get recommendations for how to maintain resource health. |
| AWS CloudTrail | Activity log | The activity log is a platform log in Azure that provides insight into subscription-level events, like when a resource is modified or when a VM is started. |
| AWS Config | Azure Policy Application change analysis |
Azure Policy helps you implement governance for resource consistency, regulatory compliance, security, cost, and management. Use Azure Policy for bulk remediation for existing resources and automatic remediation for new resources. You typically use AWS Config to monitor for configuration changes or to identify and remediate noncompliant resources. |
| AWS Cost Explorer | Cost Management | Perform cost analysis and optimize cloud costs. |
| AWS Control Tower | Azure Lighthouse | Set up and govern multiple-account or multiple-subscription environments. |
| AWS Resource Groups and Tag Editor | Resource Manager resource groups and tags | A resource group is a container that holds related resources for an Azure solution. Apply tags to your Azure resources to logically organize them by categories. |
| AWS AppConfig | Azure App Configuration | App Configuration is a managed service that helps developers simply and more securely centralize their application and feature settings. |
| AWS Service Catalog | Azure Managed Applications | Azure Managed Applications provides cloud solutions that customers can easily deploy and operate. |
Authentication and authorization
| AWS service | Azure service | Description |
|---|---|---|
| AWS IAM Identity Center AWS Identity and Access Management (IAM) |
Microsoft Entra ID | Use these services to more securely control access to services and resources and improve data security and protection. Create and manage users and groups, and use permissions to allow and deny access to resources. |
| AWS Identity and Access Management (IAM) | Azure role-based access control (RBAC) | Azure RBAC helps you manage who can access Azure resources, which resources they can access, and what they can do with those resources. |
| AWS Organizations | Azure management groups | These services provide security policy and role management when you work with multiple accounts. |
| Multi-Factor Authentication (MFA) for IAM | Microsoft Entra ID | Help safeguard access to data and applications while providing a simple sign-in process to users. |
| AWS Directory Service | Microsoft Entra Domain Services | Domain Services provides managed domain services, such as domain join, group policy, LDAP, and Kerberos/NTLM authentication, which are fully compatible with Windows Server Active Directory. |
| Amazon Cognito | Microsoft Entra External ID | External ID is a highly available, global identity management service for consumer-facing applications in which you need to support "bring your own identity" scenarios, such as identities from Google or Meta. |
Encryption
| AWS service | Azure service | Description |
|---|---|---|
| Server-side encryption with AWS Management Service | Azure Storage service-side encryption | Service-side encryption helps you protect your data and meet your organization's security and compliance commitments. |
| AWS Key Management Service (KMS), AWS CloudHSM | Azure Key Vault Azure Key Vault Managed HSM |
Improve security and work with other services by providing a way to manage, create, and control encryption keys that hardware security modules (HSMs) store. Key Vault provides a shared HSM or a dedicated HSM. On AWS, KMS uses a shared HSM. CloudHSM is a dedicated HSM. Both platforms provide Federal Information Processing Standards-validated options. |
| AWS Nitro Enclaves | Azure confidential computing | Azure confidential computing provides platforms that have more controls to help protect data while it's being processed. It can also remotely verify platform trustworthiness. Azure also provides Azure SQL Always Encrypted and confidential VMs for Azure Virtual Desktop, Azure Data Explorer, and Azure Databricks. |
Firewalls
| AWS service | Azure service | Description |
|---|---|---|
| AWS WAF | Azure web application firewall | These firewalls help protect web applications from common web exploits. |
| AWS Network Firewall | Azure Firewall | These services improve inbound protection and outbound network-level protection across all ports and protocols. Both solutions support the ability to inspect and apply rules for encrypted web traffic. |
Security
| AWS service | Azure service | Description |
|---|---|---|
| Amazon Inspector | Microsoft Defender for Cloud | Defender for Cloud is an automated security assessment service that improves the security and compliance of applications. It automatically assesses applications for vulnerabilities or deviations from best practices. |
| AWS Certificate Manager | Key Vault certificates Microsoft Cloud PKI |
Use these services to create and manage certificates and their keys. |
| Amazon GuardDuty | Microsoft Sentinel | Detect and investigate advanced attacks on-premises and in the cloud. |
| AWS Artifact | Microsoft Service Trust Portal | Use these services to access to audit reports, compliance guides, and trust documents from across cloud services. |
| AWS Shield | Azure DDoS Protection | These services provide cloud services that are better protected from distributed denial of services attacks. |
Web applications
| AWS service | Azure service | Description |
|---|---|---|
| AWS Elastic Beanstalk | Azure App Service | App Service is a managed hosting platform that provides easy-to-use services for deploying and scaling web applications and services. |
| Amazon API Gateway | Azure API Management | These services provide a turnkey solution for publishing APIs to internal and external customers. |
| Amazon CloudFront | Azure Front Door | Azure Front Door is a modern cloud content delivery network service that delivers high performance, scalability, and more secure user experiences for your content and applications. |
| AWS Global Accelerator | Azure Front Door | Easily join your distributed microservices architectures into a single global application that uses HTTP load balancing and path-based routing rules. Automate turning up new regions and scale out by using API-driven global actions and independent fault-tolerance to your back-end microservices in Azure or anywhere. |
| AWS Global Accelerator | Cross-regional load balancer | Distribute and load balance traffic across multiple Azure regions via a single, static, global anycast public IP address. |
| Amazon Lightsail | App Service | Build, deploy, and scale web apps on a fully managed platform. |
| AWS App Runner | Web App for Containers | Easily deploy and run containerized web apps on Windows and Linux. |
| AWS Amplify | Static Web Apps | Static Web Apps boosts productivity by providing a tailored developer experience, CI/CD workflows to build and deploy your static content hosting, and dynamic scaling for integrated serverless APIs. |
End-user computing
| AWS service | Azure service | Description |
|---|---|---|
| Amazon WorkSpaces Family, Amazon AppStream 2.0 | Azure Virtual Desktop | Manage virtual desktops and applications to give users access to the corporate network and data anytime, anywhere, and on supported devices. WorkSpaces Family supports Windows and Linux virtual desktops. Azure Virtual Desktop supports single and multiple-session Windows virtual desktops. |
Miscellaneous
| Area | AWS service | Azure service | Description |
|---|---|---|---|
| Back-end process logic | AWS Step Functions | Azure Logic Apps | Use these cloud technologies to build distributed applications by using out-of-the-box connectors to reduce integration challenges. Connect apps, data, and devices on-premises or in the cloud. |
| Enterprise application services | Amazon WorkMail, Amazon WorkDocs (deprecated), Amazon Chime | Microsoft 365 | These fully integrated cloud services provide communications, email, and document management in the cloud. They're available on various devices. |
| Gaming | Amazon GameLift | Microsoft Azure PlayFab | These managed services host dedicated game servers. |
| Workflow | AWS Step Functions | Logic Apps | Use this serverless technology to connect apps, data, and devices anywhere, including on-premises or in the cloud, for large ecosystems of SaaS and cloud-based connectors. |
| Hybrid | AWS Outposts Family | Azure Arc Azure Local |
Use AWS Outposts and Azure Local to extend your cloud datacenter to the edge by using platforms that combine hardware and software. Use Azure Arc to extend Azure management capabilities to on-premises or multicloud environments. |
| Media | Amazon Elastic Transcoder AWS Elemental MediaConvert |
None | Azure doesn't provide media services, but we recommend several partner solutions. |
| Satellite | AWS Ground Station | None | Microsoft doesn't provide fully managed ground stations. For global environmental data provided by Microsoft, see Microsoft Planetary Computer. Or you can use data provided by NASA. |
| Quantum computing | Amazon Braket | Azure Quantum | Developers, researchers, and businesses can use these managed quantum computing services to run quantum computing programs. |
| Data sharing | AWS Data Exchange | Azure Data Share | Securely share data with other organizations. |
| Contact center | Amazon Connect | Dynamics 365 Contact Center | Connect with customers by using these AI-powered cloud contact center capabilities. |