Azure for AWS professionals
This series of articles helps Amazon Web Services (AWS) experts understand the basics of Microsoft Azure accounts, platform, and services. These articles also cover key similarities and differences between AWS and Azure. Whether you are planning a multicloud solution with Azure and AWS or migrating to Azure, you can compare the capabilities of Azure and AWS services in all categories.
These articles describe:
- How to think about Azure capabilities coming from an AWS background.
- How Azure organizes accounts and resources.
- How the major Azure services differ from AWS services or how they are similar.
Use the table of contents to select specific technology areas that are relevant to your workload. These articles compare services that are roughly comparable. Not every AWS service or Azure service is listed, and not every matched service has exact feature-for-feature parity.
Similarities and differences
Like AWS, Azure builds on a core set of AI, compute, storage, database, and networking services. In many cases, the platforms offer similar products and services. For example, both AWS and Azure can use Linux distributions and open-source software technologies. Both platforms support building highly available solutions on Windows or Linux hosts.
While the capabilities of both platforms are similar, the resources that provide those capabilities are often organized differently. Azure and AWS built their capabilities independently over time, so the platforms have important implementation and design differences. For instance, AWS relies heavily on AWS accounts to serve as a logical boundary for things like applying permissions or tracking spend. Azure has subscriptions which are similar to AWS accounts, it also and resource groups are used to logically group and manage resources at a more granular level.
Exact one-to-one correspondences between the services that you need to build a solution aren't always clear. Sometimes, only one of the platforms offers a particular service.
Primary topics
Use the following pages to learn about Azure technologies and how they map to technologies you are already familre with in Amazon Web Services (AWS). These articles go into a bit more details on how Azure works in these specific areas
- Azure and AWS accounts and subscriptions
- Compute services on Azure and AWS
- Data and AI
- Relational database technologies on Azure and AWS
- Messaging services on Azure and AWS
- Networking on Azure and AWS
- Regions and zones on Azure and AWS
- Resource management on Azure and AWS
- Multicloud security and identity with Azure and AWS
- Compare storage on Azure and AWS
Additional categories
There are some services not covered in the prior articles. Those services are mapped here from their AWS service to their matching Azure service.
Marketplace
| AWS service | Azure service | Description |
|---|---|---|
| AWS Marketplace | Azure Marketplace | Easy-to-deploy and automatically configured third-party applications, including single virtual machine or multiple virtual machine solutions. Both marketplaces also offer the ability purchase SaaS products. Many of these offers are eligible to count toward your consumption commitment. To understand which offers count toward your commitment, see Azure consumption commitment benefit. |
Time series databases and analytics
| AWS service | Azure service | Description |
|---|---|---|
| Amazon Timestream | Azure Data Explorer Azure Time Series Insights |
Fully managed, low latency, and distributed big data analytics platform that runs complex queries across petabytes of data. Highly optimized for log and time series data. Open and scalable end-to-end IoT analytics service. Collect, process, store, query, and visualize data at Internet of Things (IoT) scale--data that's highly contextualized and optimized for time series. |
DevOps and application monitoring
| AWS service | Azure service | Description |
|---|---|---|
| CloudWatch, X-Ray | Azure Monitor | Comprehensive solution for collecting, analyzing, and acting on telemetry from your cloud and on-premises environments. It offers the ability to instrument your code for deeper application performance monitoring with a feature called Application Insights. In AWS, you typically use both X-Ray and CloudWatch. |
| CodeDeploy CodeCommit (deprecated) CodePipeline CodeConnections CodeBuild |
Azure DevOps GitHub GitHub Actions |
Azure DevOps is a single solution focused on collaboration, CI/CD, code testing, code artifacts, security testing, and code management. GitHub is a cloud based platform to showcase, collaborate and manage code. GitHub Actions allows you to automate software development workflows. Many of these functions are supported across the AWS code family of products. AWS no longer offers new customers a code repository, but it does allow integration with 3rd party repositories via CodeConnections. |
| AWS CLI AWS Tools for PowerShell AWS SDKs |
Azure CLI PowerShell Azure SDKs |
Built on top of the native REST API across all cloud services, various programming language-specific wrappers provide easier ways to create solutions. |
| AWS CloudShell | Azure Cloud Shell | Azure Cloud Shell is an interactive, authenticated, browser-accessible shell for managing Azure resources. It gives you the flexibility to choose the shell experience that best suits the way you work, either Bash or PowerShell. |
| AWS Systems Manager | Azure Automation | Configures and operates applications of all shapes and sizes. It provides templates to create and manage a collection of resources. |
| CloudFormation Cloud Development Kit |
Resource Manager Bicep VM extensions Azure Automation Azure Developer CLI |
Provides ways for developers and cloud admins to build and deploy repeatable cloud environments using declarative syntax or common programming languages to define infrastructure as code. |
Internet of Things (IoT)
| AWS service | Azure service | Description |
|---|---|---|
| IoT Core | IoT Hub | A cloud gateway for managing bidirectional communication with billions of IoT devices, securely and at scale. |
| Greengrass | IoT Edge | Deploy cloud intelligence directly onto IoT devices, catering to on-premises scenarios. |
| Kinesis Firehose, Kinesis Streams | Event Hubs Azure Stream Analytics |
Services that facilitate the mass ingestion of events (messages), typically from devices and sensors. The data can then be processed in real-time micro-batches or be written to storage for further analysis. Both Kinesis Streaming and Azure Stream Analytics have real-time data processing capabilities. |
| IoT Things Graph | Digital Twins | Services you can use to create digital representations of real-world things, places, business processes, and people. Use these services to gain insights, drive the creation of better products and new customer experiences, and optimize operations and costs. |
| IoT Device Management IoT Fleetwise |
Azure IoT Central | Services used for connecting and managing IoT devices at scale. Azure IoT Central is for general use cases and vehicle-based use cases. AWS offers IoT Fleetwise specifically for vehicles. |
| IoT ExpressLink | Azure Sphere | Device modules and software to build custom internet-connected devices. |
Management and governance
| AWS service | Azure service | Description |
|---|---|---|
| AWS Organizations | Management Groups | Azure management groups help you organize your resources and subscriptions. |
| AWS Well-Architected Tool | Azure Well-Architected Review | Examine your workload through the lenses of reliability, cost management, operational excellence, security, and performance efficiency. |
| Trusted Advisor | Azure Advisor | Provides analysis of cloud resource configuration and security, so that subscribers can ensure they're making use of best practices and optimum configurations. |
| AWS Billing and Cost Management | Microsoft Cost Management | Microsoft Cost Management helps you understand your Azure invoice (bill), manage your billing account and subscriptions, monitor and control Azure spending, and optimize resource use. |
| Cost and Usage Reports | Usage Details API | Services to help generate, monitor, forecast, and share billing data for resource usage by time, organization, or product resources. |
| Management Console | Portal | A unified management console that simplifies building, deploying, and operating your cloud resources. |
| Application Discovery Service | Migrate | Assesses on-premises workloads for migration to Azure, performs performance-based sizing, and provides cost estimations. |
| Systems Manager | Monitor | Comprehensive solution for collecting, analyzing, and acting on telemetry from your cloud and on-premises environments. |
| Personal Health Dashboard | Resource Health | Provides detailed information about the health of resources, as well as recommended actions for maintaining resource health. |
| CloudTrail | Activity log | The Activity log is a platform log in Azure that provides insight into subscription-level events, such as when a resource is modified or when a virtual machine is started. |
| Config | Azure Policy Application Change Analysis |
Azure Policy helps implement governance for resource consistency, regulatory compliance, security, cost, and management. It allows for bulk remediation for existing resources and automatic remediation for new resources. AWS config is typically used to either monitor for configuration changes or to identify and remediate non-compliant resources. |
| Cost Explorer | Cost Management | Perform cost analysis and optimize cloud costs. |
| Control Tower | Azure Lighthouse | Set up and govern a multi account/subscription environment. |
| Resource Groups and Tag Editor | Resource Groups and Tags | A Resource Group is a container that holds related resources for an Azure solution. Apply tags to your Azure resources to logically organize them by categories. |
| AWS AppConfig | Azure App Configuration | Azure App Configuration is a managed service that helps developers centralize their application and feature settings simply and securely. |
| Service Catalog | Azure Managed Applications | Offers cloud solutions that are easy for consumers to deploy and operate. |
Authentication and authorization
| AWS service | Azure service | Description |
|---|---|---|
| IAM Identity Center Identity and Access Management (IAM) |
Microsoft Entra ID | Allows users to securely control access to services and resources while offering data security and protection. Create and manage users and groups, and use permissions to allow and deny access to resources. |
| Identity and Access Management (IAM) | Azure role-based access control (RBAC) | Azure role-based access control (RBAC) helps you manage who has access to Azure resources, what they can do with those resources, and what areas they have access to. |
| Organizations | Azure Management Groups | Security policy and role management for working with multiple accounts. |
| Multi-Factor Authentication | Microsoft Entra ID | Safeguard access to data and applications while meeting user demand for a simple sign-in process. |
| Directory Service | Microsoft Entra Domain Services | Provides managed domain services, such as domain join, group policy, LDAP, and Kerberos/NTLM authentication, which are fully compatible with Windows Server Active Directory. |
| Cognito | Microsoft Entra External ID | A highly available, global identity management service for consumer-facing applications where you need to support "bring your own identity" scenarios, such as identities from Google or Meta. |
Encryption
| AWS service | Azure service | Description |
|---|---|---|
| Server-side encryption with Amazon S3 Key Management Service | Azure Storage Service Encryption | Helps you protect and safeguard your data and meet your organizational security and compliance commitments. |
| Key Management Service (KMS), CloudHSM | Key Vault Azure Managed HSM |
Provides security solution and works with other services by providing a way to manage, create, and control encryption keys stored in hardware security modules (HSMs). Azure Key Vault allows customers to choose to use a shared HSM or a dedicated HSM. On AWS, KMS uses a shared HSM and CloudHSM is a dedicated HSM. Both platforms offer FIPS validated options. |
| Nitro Enclaves | Azure Confidential Computing | Provides platforms with additional controls to protect data while it is being processed and remotely verify platform trustworthiness. Beyond offering core confidential compute capabilities, Azure offers Azure SQL Always Encrypted and confidential VMs for Azure Virtual Desktop, Azure Data Explorer, and Azure Databricks. |
Firewalls
| AWS service | Azure service | Description |
|---|---|---|
| Web Application Firewall | Web Application Firewall | A firewall that protects web applications from common web exploits. |
| AWS Network Firewall | Firewall | Provides inbound protection and outbound network-level protection across all ports and protocols. Both solutions support the ability to inspect and apply rules for encrypted web traffic. |
Security
| AWS service | Azure service | Description |
|---|---|---|
| Inspector | Defender for Cloud | An automated security assessment service that improves the security and compliance of applications. Automatically assess applications for vulnerabilities or deviations from best practices. |
| Certificate Manager | Azure Key Vault certificates Cloud PKI |
Create and manage certificates and their keys. |
| GuardDuty | Microsoft Sentinel | Detect and investigate advanced attacks on-premises and in the cloud. |
| Artifact | Service Trust Portal | Provides access to audit reports, compliance guides, and trust documents from across cloud services. |
| Shield | DDoS Protection Service | Provides cloud services with protection from distributed denial of services (DDoS) attacks. |
Web applications
| AWS service | Azure service | Description |
|---|---|---|
| Elastic Beanstalk | App Service | Managed hosting platform providing easy to use services for deploying and scaling web applications and services. |
| API Gateway | API Management | A turnkey solution for publishing APIs to external and internal consumers. |
| CloudFront | Azure Front Door | Azure Front Door is a modern cloud content delivery network (CDN) service that delivers high performance, scalability, and secure user experiences for your content and applications. |
| Global Accelerator | Azure Front Door | Easily join your distributed microservices architectures into a single global application using HTTP load balancing and path-based routing rules. Automate turning up new regions and scale-out with API-driven global actions and independent fault-tolerance to your back-end microservices in Azure or anywhere. |
| Global Accelerator | Cross-regional load balancer | Distribute and load balance traffic across multiple Azure regions via a single, static, global anycast public IP address. |
| Lightsail | App Service | Build, deploy, and scale web apps on a fully managed platform. |
| App Runner | Web App for Containers | Easily deploy and run containerized web apps on Windows and Linux. |
| Amplify | Static Web Apps | Boost productivity with a tailored developer experience, CI/CD workflows to build and deploy your static content hosting, and dynamic scale for integrated serverless APIs. |
End-user computing
| AWS service | Azure service | Description |
|---|---|---|
| WorkSpaces, AppStream 2.0 | Azure Virtual Desktop | Manage virtual desktops and applications to enable corporate network and data access to users, anytime, anywhere, from supported devices. Amazon WorkSpaces support Windows and Linux virtual desktops. Azure Virtual Desktop supports single and multi-session Windows virtual desktops. |
Miscellaneous
| Area | AWS service | Azure service | Description |
|---|---|---|---|
| Backend process logic | Step Functions | Logic Apps | Cloud technology to build distributed applications using out-of-the-box connectors to reduce integration challenges. Connect apps, data, and devices on-premises or in the cloud. |
| Enterprise application services | WorkMail, WorkDocs (deprecated), Chime | Microsoft 365 | Fully integrated cloud service that provides communications, email, and document management in the cloud and is available on a wide variety of devices. |
| Gaming | GameLift | PlayFab | Managed services for hosting dedicated game servers. |
| Workflow | Step Functions | Logic Apps | Serverless technology for connecting apps, data and devices anywhere, whether on-premises or in the cloud for large ecosystems of SaaS and cloud-based connectors. |
| Hybrid | Outposts | Azure Arc Azure Local |
AWS Outposts and Azure Local enable you to extend your cloud datacenter to the edge with platforms combining hardware and software. Azure Arc allows you to extend Azure management capabilities to on-premises or multicloud environments. |
| Media | Elastic Transcoder Elemental MediaConvert |
3rd party solutions | Azure does not have a media services offering and instead recommends 3rd party solutions. |
| Satellite | Ground Station | None | Microsoft does not have a fully managed ground station offering. Please visit Microsoft Planetary Computer for Microsoft provided data planet or NASA provided data. |
| Quantum computing | Amazon Braket | Azure Quantum | Managed quantum computing service that developers, researchers, and businesses can use to run quantum computing programs. |
| Data Sharing | AWS Data Exchange | Azure Data Share | Securely share data with other organizations. |
| Contact Center | Amazon Connect | Dynamics 365 Contact Center | AI powered cloud contact center capabilities. |