AWS vs GCP Service Map

Compute

Category	AWS	GCP	Notes
Virtual Machines	EC2	Compute Engine (GCE)	GCP VMs are simpler to configure
Auto Scaling	Auto Scaling Groups (ASG)	Managed Instance Groups (MIG)
ARM Instances	Graviton (m7g, c7g, r7g)	Tau T2A (Ampere Altra)	AWS Graviton more mature
Spot/Preemptible	Spot Instances	Spot VMs	GCP Spot replaced Preemptible
Container Service	ECS (Fargate)	Cloud Run	Cloud Run scales to zero
Kubernetes	EKS	GKE	GKE Autopilot = fully managed
Serverless Functions	Lambda (15 min max)	Cloud Functions (9 min / 60 min HTTP)	CF 2nd gen supports concurrency
Batch Processing	AWS Batch	Batch on GKE / Cloud Run Jobs
App Platform	Elastic Beanstalk	App Engine	Both legacy, prefer containers

---

Database

Category	AWS	GCP	Notes
Managed PostgreSQL	RDS PostgreSQL / Aurora PostgreSQL	Cloud SQL / AlloyDB	AlloyDB = PostgreSQL-compatible, 4x faster
Managed MySQL	RDS MySQL / Aurora MySQL	Cloud SQL MySQL
Global Database	Aurora Global Database	Spanner	Spanner = globally consistent
NoSQL (Key-Value)	DynamoDB	Firestore / Bigtable	DynamoDB = single-digit ms, Bigtable = wide-column
In-Memory Cache	ElastiCache (Redis/Memcached)	Memorystore (Redis/Memcached)
Document DB	DocumentDB	Firestore (native mode)
Graph DB	Neptune	No native (use Neo4j on GKE)
Time Series	Timestream	Bigtable (time-series schema)
Search	OpenSearch	Vertex AI Search / Elasticsearch on GKE
Data Warehouse	Redshift	BigQuery	BigQuery = serverless, pay-per-query

---

Storage

Category	AWS	GCP	Notes
Object Storage	S3	Cloud Storage (GCS)	Nearly identical feature set
Block Storage	EBS (gp3, io2)	Persistent Disk (pd-ssd, pd-balanced)
File Storage	EFS (NFS)	Filestore (NFS)
Archive	S3 Glacier / Glacier Deep Archive	GCS Archive / Coldline
High-Performance	FSx for Lustre	Cloud Storage FUSE / Filestore Enterprise
Storage Gateway	Storage Gateway	Transfer Appliance
Backup	AWS Backup	Backup and DR

---

Networking

Category	AWS	GCP	Notes
Virtual Network	VPC (regional)	VPC (global)	GCP VPCs span all regions
Subnets	AZ-scoped	Region-scoped	GCP subnets are regional
Hub-Spoke	Transit Gateway	Network Connectivity Center (NCC)	TGW more mature
Shared Networking	RAM (VPC sharing) / TGW	Shared VPC (host + service projects)	GCP Shared VPC = tighter integration
VPC Peering	VPC Peering	VPC Peering	Both non-transitive
DNS	Route 53	Cloud DNS	Route 53 also does domain registration
CDN	CloudFront	Cloud CDN (via Global LB)	CloudFront = standalone, Cloud CDN = LB feature
NAT	NAT Gateway	Cloud NAT	Cloud NAT doesn’t need a separate gateway resource
Load Balancer (L7)	ALB (Application LB)	Global External HTTP(S) LB	GCP LB = single anycast IP globally
Load Balancer (L4)	NLB (Network LB)	TCP/UDP Network LB
Internal LB	Internal ALB/NLB	Internal HTTP(S) / TCP LB
Direct Connect	Direct Connect	Cloud Interconnect
VPN	Site-to-Site VPN	Cloud VPN (HA VPN)
Service Mesh	App Mesh / ECS Service Connect	Traffic Director / Anthos Service Mesh
Private Service Access	VPC Endpoints (Interface/Gateway)	Private Service Connect / Private Google Access

---

Security

Category	AWS	GCP	Notes
IAM	IAM (Users, Roles, Policies)	IAM (Members, Roles, Bindings)	AWS: identity-based, GCP: resource-based
SSO	IAM Identity Center	Cloud Identity / Workspace
Role Assumption	STS AssumeRole	Service Account Impersonation
Workload Identity	IRSA / EKS Pod Identity	Workload Identity (GKE)
External Identity	OIDC Federation / SAML	Workload Identity Federation
Organization Policy	SCPs (Service Control Policies)	Organization Policies (Constraints)
Secrets Manager	Secrets Manager / Parameter Store	Secret Manager
Key Management	KMS	Cloud KMS
Certificate Manager	ACM (Certificate Manager)	Certificate Manager
Web Application Firewall	AWS WAF	Cloud Armor
DDoS Protection	Shield Standard / Advanced	Cloud Armor (built-in)
Network Firewall	AWS Network Firewall (Suricata)	Cloud NGFW (Palo Alto)
IPS/IDS	Network Firewall (Suricata rules)	Cloud NGFW Enterprise (IPS)
Security Hub	Security Hub	Security Command Center (SCC)
Threat Detection	GuardDuty	Event Threat Detection (SCC)
Vulnerability Scanning	Inspector	Artifact Analysis / Web Security Scanner
Compliance	Audit Manager / Config	Assured Workloads / Asset Inventory
Private CA	ACM Private CA	Certificate Authority Service (CAS)
Firewall Rules	Security Groups + NACLs	VPC Firewall Rules (priority-based)	AWS = stateful SG + stateless NACL
Container Image Scanning	ECR Image Scanning	Artifact Registry + Artifact Analysis

---

Kubernetes (EKS vs GKE)

Category	AWS (EKS)	GCP (GKE)	Notes
Managed K8s	EKS	GKE Standard
Fully Managed	EKS + Fargate	GKE Autopilot	Autopilot = no node management
Networking	VPC CNI (pod IPs from VPC)	VPC-native (alias IPs)	Both give pods real VPC IPs
Ingress	AWS LB Controller	GKE Gateway Controller
Node Scaling	Karpenter / Cluster Autoscaler	NAP (Node Auto-Provisioning)	Karpenter = faster, smarter
Pod Identity	IRSA / EKS Pod Identity	Workload Identity
Multi-Cluster	EKS Connector	GKE Fleet / GKE Enterprise	GKE fleet management is more mature
Version Management	Manual upgrade	Release Channels (Rapid/Regular/Stable)	GKE auto-upgrades by default
GPU Support	p5/g5 instances + NVIDIA plugin	A100/H100/L4 + GKE GPU pools
Service Mesh	Istio (self-managed)	Anthos Service Mesh (managed Istio)
Policy Engine	OPA Gatekeeper / Kyverno	Policy Controller (managed Gatekeeper)
Config Sync	ArgoCD / Flux (self-managed)	Config Sync (managed GitOps)

---

CI/CD

Category	AWS	GCP	Notes
CI/CD Pipeline	CodePipeline + CodeBuild	Cloud Build	Both integrate with GitHub
Container Registry	ECR	Artifact Registry	Artifact Registry also handles non-container packages
GitOps	ArgoCD on EKS (self-managed)	Config Sync (managed) or ArgoCD
IaC	CloudFormation / Terraform	Deployment Manager (legacy) / Terraform	Both primarily use Terraform
Feature Flags	AppConfig	Firebase Remote Config

---

Monitoring & Observability

Category	AWS	GCP	Notes
Metrics	CloudWatch Metrics	Cloud Monitoring
Logs	CloudWatch Logs	Cloud Logging
Traces	X-Ray	Cloud Trace
Dashboards	CloudWatch Dashboards	Cloud Monitoring Dashboards
APM	X-Ray	Cloud Trace + Cloud Profiler
Managed Prometheus	Amazon Managed Prometheus (AMP)	Google Managed Prometheus (GMP)
Managed Grafana	Amazon Managed Grafana (AMG)	No native (use Grafana Cloud or self-host)
Alerting	CloudWatch Alarms + SNS	Cloud Monitoring Alerting

Tip

Most enterprise platform teams use open-source observability (Prometheus/VictoriaMetrics + Grafana + Loki + Tempo) instead of cloud-native tools. This provides a consistent experience across both clouds and avoids vendor lock-in.

---

Data & Analytics

Category	AWS	GCP	Notes
Data Warehouse	Redshift	BigQuery	BigQuery = serverless, no cluster management
ETL / Data Integration	Glue	Dataflow (Apache Beam)
Data Catalog	Glue Data Catalog	Dataplex / Data Catalog
Stream Processing	Kinesis Data Streams	Pub/Sub + Dataflow
Streaming Ingestion	Kinesis Firehose	Pub/Sub → BigQuery streaming
Batch Processing	EMR (Spark/Hadoop)	Dataproc (managed Spark/Hadoop)
Data Lake	S3 + Lake Formation	GCS + Dataplex
ML Platform	SageMaker	Vertex AI
Event Bus	EventBridge	Eventarc
Message Queue	SQS	Pub/Sub (pull subscription)
Pub/Sub	SNS	Pub/Sub (push subscription)
Workflow Orchestration	Step Functions	Workflows / Cloud Composer (Airflow)

---

Account / Project Structure

Concept	AWS	GCP	Notes
Organization	AWS Organization	GCP Organization
Grouping	Organizational Units (OUs)	Folders	GCP folders can nest deeply
Isolation Unit	AWS Account	GCP Project	Projects are lighter-weight than Accounts
Billing	Per-Account (consolidated billing)	Per-Project (billing account)
Resource Sharing	RAM (Resource Access Manager)	Shared VPC / Cross-project IAM
Landing Zone	Control Tower / AFT	Cloud Foundation Toolkit
Guardrails	SCPs + Config Rules	Org Policies + SCC

Note

Key mental model difference: AWS accounts are heavyweight (separate IAM, VPC, billing). GCP projects are lightweight (shared org IAM, Shared VPC across projects). This means GCP naturally supports more projects per team, while AWS often consolidates more workloads per account.

---

Pricing Model Differences

Aspect	AWS	GCP
Compute billing	Per-second (60s minimum)	Per-second (1 min minimum)
Data egress	$0.09/GB (first 10 TB)	$0.12/GB (first 1 TB), cheaper at scale
Sustained use discounts	No (use Savings Plans)	Yes (automatic 30% for full-month use)
Free tier	12 months + always-free tier	$300 credit (90 days) + always-free tier
Support plans	Developer ($29), Business (3% of spend), Enterprise ($15K+/mo)	Standard ($29), Enhanced ($500+/mo), Premium ($12.5K+/mo)
Inter-AZ/Zone traffic	$0.01/GB	Free (within same region)
NAT Gateway	$0.045/GB + $0.045/hr	$0.045/GB (no hourly charge)

Tip

GCP’s free inter-zone traffic is a significant advantage for Kubernetes. In AWS, cross-AZ pod-to-pod traffic costs $0.01/GB each way. A busy 3-AZ EKS cluster with 100 GB/day cross-AZ traffic costs ~$60/month just in data transfer. On GKE, this is free.

---

References

AWS

• AWS Documentation Home — entry point for all AWS service documentation
• AWS Architecture Center — reference architectures and best practices
• AWS Pricing Calculator — estimate costs for AWS services

GCP

• Google Cloud Documentation Home — entry point for all GCP service documentation
• Google Cloud Architecture Center — reference architectures, best practices, and design guides
• Google Cloud Pricing Calculator — estimate costs for GCP services

Tools & Frameworks

• Cloud Comparison Tool (AWS vs Azure vs GCP) — community-maintained service mapping across major cloud providers
• CNCF Landscape — comprehensive map of cloud-native technologies and projects
• Terraform Registry — official Terraform providers and modules for AWS, GCP, and other platforms