Why Service Mapping Matters

Architects and engineers working across cloud providers need a clear mental model of service equivalence. Without it, time is lost finding the right service, and security controls designed for one platform may not translate correctly to another. Service mapping creates common ground across multi-cloud teams and reduces the risk of misconfiguration when moving between environments.

Compute

Virtual machines: AWS EC2, Azure Virtual Machines, GCP Compute Engine. Managed containers: AWS ECS and Fargate, Azure Container Apps, GCP Cloud Run. Managed Kubernetes: AWS EKS, Azure AKS, GCP GKE. Serverless: AWS Lambda, Azure Functions, GCP Cloud Functions.

Storage

Object storage: AWS S3, Azure Blob Storage, GCP Cloud Storage. Block storage: AWS EBS, Azure Managed Disks, GCP Persistent Disk. File storage: AWS EFS, Azure Files, GCP Filestore.

Networking

Virtual networks: AWS VPC, Azure VNet, GCP VPC. Load balancing: AWS ALB and NLB, Azure Load Balancer, GCP Cloud Load Balancing. DNS: AWS Route 53, Azure DNS, GCP Cloud DNS. Content delivery: AWS CloudFront, Azure CDN, GCP Cloud CDN.

Security Services

Identity and access management: AWS IAM, Azure Entra ID, GCP IAM. Key management: AWS KMS, Azure Key Vault, GCP Cloud KMS. Threat detection: AWS GuardDuty, Azure Defender for Cloud, GCP Security Command Center. Web application firewall: AWS WAF, Azure WAF, GCP Cloud Armor. Secrets management: AWS Secrets Manager, Azure Key Vault Secrets, GCP Secret Manager.

Monitoring and Governance

Audit logging: AWS CloudTrail, Azure Activity Logs, GCP Cloud Audit Logs. Monitoring: AWS CloudWatch, Azure Monitor, GCP Cloud Monitoring. Policy enforcement: AWS Config and SCPs, Azure Policy, GCP Organisation Policy. Security posture: AWS Security Hub, Azure Defender for Cloud, GCP Security Command Center.

Understanding how services map across cloud providers is essential for consistent security architecture in multi-cloud environments. The control that exists in one platform has an equivalent in another. The key is knowing where to find it.
Cloud Service Mapping — AWS, Azure, and GCP Equivalent services across the three major cloud providers for security architects CATEGORY AWS AZURE GCP Compute EC2 / Auto Scaling Virtual Machines / VMSS Compute Engine / MIGs Containers EKS / ECS Fargate AKS / Container Apps GKE / Cloud Run Identity / IAM IAM / Identity Center Entra ID / PIM / RBAC Cloud IAM / Workload Identity Network / Firewall VPC / Network FW / WAF VNet / Azure Firewall / NSG VPC / Cloud Armor / FW Rules CSPM / Detection GuardDuty / Security Hub Defender for Cloud / Sentinel Security Command Centre IaC / Automation CloudFormation / CDK / TF ARM / Bicep / Terraform Deployment Manager / TF Key Management KMS / CloudHSM Key Vault / Managed HSM Cloud KMS / Secret Manager Observability CloudWatch / CloudTrail Monitor / Log Analytics Cloud Monitoring / Logging Services functionally equivalent · Security controls apply consistently · Full editable: lucid.app/lucidchart/fe02fd20-607e-4a8d-9e00-a125867a20f2/edit
// Cloud service mapping across AWS, Azure, and GCP
Back to all articlesCommon Security Mistakes in Cloud Architecture