Amazon AWS · Microsoft Azure
Google Cloud — Complete Cloud Guide

EC2 is the foundational AWS service — nearly every AWS architecture uses it. Instance types: t3/t4g (general purpose, cheap), c6i/c7g (compute-optimized), r6i (memory-optimized), p3/p4d (GPU for AI/ML). Pricing: On-Demand (pay per hour), Reserved Instances (1–3 year discount up to 72%), Spot Instances (spare capacity, up to 90% discount). Auto Scaling groups automatically add/remove EC2 instances based on demand. A cloud engineer who can't configure and manage EC2 is a junior hire at best.

S3 stores "objects" (files) in "buckets" (containers). Storage classes optimize cost: S3 Standard (frequently accessed), S3 Intelligent-Tiering (auto-moves objects), S3 Glacier (archive, cents per GB/month). S3 is used for: static website hosting, data lake foundation, ML training data, application backups, user-uploaded content. Key features: versioning, lifecycle policies, cross-region replication, bucket policies/ACLs (access control), and S3 Transfer Acceleration. S3 powers the internet — AWS, Netflix, Airbnb, and millions of apps use it as their primary file store.

Lambda is the cornerstone of "serverless architecture" on AWS. Supports: Python, Node.js, Java, Go, C#, Ruby. Common patterns: image processing (trigger on S3 upload), REST APIs (API Gateway + Lambda), scheduled jobs (CloudWatch Events → Lambda), data pipeline transforms. Lambda functions can scale from zero to thousands of concurrent executions automatically. Cold starts (brief delay when first invoked) are the main drawback. SAM (Serverless Application Model) and the Serverless Framework simplify Lambda development. Lambda on a résumé signals modern cloud-native development experience.

RDS supports: MySQL, PostgreSQL, MariaDB, Oracle, SQL Server. Amazon Aurora is MySQL/PostgreSQL-compatible and scales storage automatically to 128 TB. Key features: Multi-AZ deployments (automatic failover if a data center fails), Read Replicas (horizontal scaling for read-heavy apps), automated backups and point-in-time recovery. DynamoDB is AWS's proprietary NoSQL database — massively scalable key-value store used by Amazon.com itself. A cloud engineer who has worked with RDS + DynamoDB covers both the relational and NoSQL database needs of most enterprise applications.

VPC fundamentals: Subnets (public subnets face the internet; private subnets are isolated); Security Groups (virtual firewalls for individual resources — stateful); NACLs (Network Access Control Lists — subnet-level firewall, stateless); Internet Gateway (connects VPC to internet); NAT Gateway (lets private subnet resources access internet without being publicly accessible); Route 53 (AWS DNS — domain name management and traffic routing); CloudFront (CDN — delivers content globally from edge locations near users); Direct Connect (dedicated private fiber from on-premises to AWS).

IAM concepts: Users, Groups, Roles (identities that can be assumed by services or users), Policies (JSON documents defining permissions). Key services: KMS (Key Management Service — encrypts data at rest); Secrets Manager (stores API keys and passwords securely); GuardDuty (threat detection, monitors for anomalous activity); Security Hub (aggregates security findings); WAF (Web Application Firewall — blocks common web attacks). AWS Well-Architected Framework's Security Pillar is the standard reference. AWS shared responsibility model: Amazon secures the cloud infrastructure; customers secure what they put in the cloud.

SageMaker Studio is the integrated ML development environment. SageMaker provides: data labeling (Ground Truth), model training at scale, automated ML (AutoML), model deployment (endpoints), MLOps pipelines, and model monitoring. Amazon Bedrock (launched 2023) is the fastest-growing AWS service — it provides access to foundation models as an API. Rekognition (image/video analysis), Polly (text-to-speech), Lex (chatbots), Comprehend (NLP) are pre-trained AI services that require no ML expertise. An AWS cloud engineer who also has SageMaker/Bedrock experience commands the highest salaries in the market.

CloudFormation templates define AWS infrastructure in JSON or YAML. AWS CDK (Cloud Development Kit) lets engineers write CloudFormation using Python, TypeScript, or Java — increasingly preferred over raw YAML. Terraform (by HashiCorp) uses HCL (HashiCorp Configuration Language) and works across AWS, Azure, and GCP — a cloud engineer fluent in Terraform is valuable to any organization regardless of which cloud they use. IaC enables: version-controlled infrastructure, reproducible environments, disaster recovery automation, and team collaboration on infrastructure.

Azure VM series: B-series (burstable/dev/test), D-series (general purpose), E-series (memory-optimized), F-series (compute-optimized), N-series (GPU — AI/ML). Azure Hybrid Benefit: customers running Windows Server or SQL Server on-premises can reuse their existing licenses on Azure VMs — saving up to 49% compared to paying list price. Azure VM Scale Sets automatically adjust the number of VMs based on demand. Azure Spot VMs provide up to 90% discount for interruptible workloads.

Entra ID is Azure's #1 differentiator for enterprise customers — virtually every large organization uses Active Directory on-premises, and Entra ID extends this to the cloud. Key features: SSO (Single Sign-On — one login for thousands of apps); MFA (Multi-Factor Authentication); Conditional Access (block login from unknown locations); PIM (Privileged Identity Management — just-in-time elevated access); B2C (customer identity for consumer-facing apps). Seeing "Azure AD/Entra ID" on a résumé signals enterprise identity expertise — one of the most in-demand Azure skills.

Azure DevOps components: Boards (Agile project management); Repos (Git code hosting); Pipelines (CI/CD automation — YAML-based); Artifacts (package management); Test Plans (QA management). GitHub Actions is replacing Azure Pipelines for new projects. Azure DevOps + Azure Kubernetes Service is a common enterprise pattern for containerized application deployment. A candidate listing "Azure DevOps Pipelines" signals professional CI/CD experience in the Microsoft ecosystem.

Azure SQL Family: Azure SQL Database (fully managed), Azure SQL Managed Instance (near-100% SQL Server compatibility), Azure Database for PostgreSQL/MySQL (open-source options). Cosmos DB is a multi-model database supporting multiple APIs: SQL, MongoDB, Cassandra, Gremlin, Table. It's the best choice for globally distributed apps requiring consistent low latency. Key Azure data services: Synapse Analytics (data warehouse + analytics), Data Factory (ETL pipeline), Databricks (big data + ML). Azure Data Engineer is one of the most in-demand cloud roles, driven by data governance and compliance requirements.

Azure AI portfolio: Azure OpenAI Service (GPT-4o, DALL-E, Whisper within Azure); Azure AI Foundry (build/fine-tune/deploy AI models at scale); Azure Machine Learning (MLOps, model training, deployment); Cognitive Services (pre-built AI — vision, speech, language, translation); Azure AI Search (intelligent search with RAG/embeddings). Microsoft Copilot integrations: Copilot for Microsoft 365, Copilot Studio (build custom AI assistants), GitHub Copilot. Azure AI cloud engineers are among the highest-compensated cloud specialists in 2025–2026.

Azure's hybrid dominance stems from: Azure Arc (unified management), Azure Stack HCI (run Azure services on your own hardware), Azure Migrate (assessment and migration tools), Azure Site Recovery (disaster recovery). Microsoft's enterprise relationships mean most large organizations that aren't "cloud-native" chose Azure for their hybrid journey. An Azure specialist with hybrid cloud experience — particularly Azure Arc and Azure Stack — is extremely valuable to large enterprises mid-migration.

GCE machine types: E2 (general purpose, cheapest), N2/N2D/C2 (balanced and compute-optimized), M2/M3 (memory-optimized), A2/A3 (GPU/TPU for AI). Google's custom machine types let you specify exact CPU/RAM ratios — only pay for what you need. Google Cloud Spot VMs (equivalent to AWS Spot) offer 60–91% discount for interruptible workloads. Google's network performance is notable — VM-to-VM communication within a region is extremely fast due to Google's private backbone. App Engine (PaaS) lets developers deploy apps without managing VMs at all.

BigQuery is widely considered the best data warehouse in the cloud market — its advantages include: serverless (no cluster management), columnar storage (extremely fast for analytics queries), automatic query optimization, built-in machine learning (BigQuery ML — run ML models directly in SQL), real-time streaming ingest, and Omni (query data across AWS and Azure S3-compatible storage without moving it). BigQuery consistently wins performance benchmarks against AWS Redshift and Azure Synapse. A GCP Data Engineer without BigQuery experience is a major gap.

Vertex AI provides: AutoML (train models without code), custom model training, model evaluation and deployment, Model Garden (access to 130+ foundation models including Gemini), Pipelines (MLOps), Feature Store (shared feature engineering), Colab Enterprise (Jupyter notebooks with enterprise features). Google's AI advantages: TPUs (Tensor Processing Units — custom chips optimized for ML, 10x faster than GPUs for certain workloads), Gemini 1.5 Pro (longest context window in the industry — 1M tokens), and AI Search (RAG-powered enterprise search). GCP AI engineers are among the most in-demand cloud professionals globally.

All three clouds offer managed Kubernetes: AWS EKS, Azure AKS, Google GKE. GKE is widely considered the most mature and production-ready managed Kubernetes service, with features like Autopilot (Google manages all nodes), automatic security patching, and native integration with Google's private network. Kubernetes skills are cloud-agnostic and transfer between all providers — a K8s expert is valuable regardless of which cloud an organization uses. Cloud Run is GCP's serverless container service — deploy containers without managing Kubernetes, similar to AWS Fargate.

GCP storage: Cloud Storage (object), Persistent Disk (block — SSDs for VMs), Filestore (managed NFS file storage). Networking: Global VPC (single VPC spans all regions — unique to Google), Cloud CDN (content delivery network on Google's global edge), Cloud Load Balancing (global anycast load balancing — routes users to nearest healthy backend automatically), Cloud Armor (DDoS protection and WAF), Cloud Interconnect (dedicated fiber to GCP). Google's private network (one of the largest in the world) processes 40% of global internet traffic — GCP customers benefit from this infrastructure directly.

Anthos features: multi-cluster Kubernetes management, service mesh (Istio) for microservices communication, centralized policy enforcement across clouds, unified monitoring and logging. Google's differentiation in multi-cloud: as a smaller market-share provider, Google has been aggressive about supporting interoperability — Anthos, BigQuery Omni, and AlloyDB Omni all run outside GCP. A GCP engineer with Anthos experience is rare and valuable. For organizations hedging on vendor lock-in, GCP + Anthos is a compelling architectural choice.