Cloud Vendor Product Matrix#
Choosing between cloud vendors requires mapping equivalent services across providers. AWS has 200+ services. Azure has 200+. GCP has 100+. Cloudflare has 20+ but they are tightly integrated and edge-native. This article maps the services that matter for most applications – compute, serverless, databases, storage, networking, and observability – across all four vendors with pricing, availability, and portability for each.
How to Use This Matrix#
Each section maps equivalent products across vendors, then provides:
- Pricing model: How you pay (per-request, per-hour, per-GB)
- Free tier: What you get for $0
- Portability: How easy it is to migrate to another vendor (High/Medium/Low)
- Best for: When to choose each vendor’s offering
Portability scores mean:
- High: Standard API or open protocol. Migration requires config changes only (e.g., S3 API, SQL, SMTP)
- Medium: Custom API but portable concepts. Migration requires code changes but not architecture changes (e.g., Lambda to Workers)
- Low: Deeply proprietary. Migration requires rearchitecting (e.g., DynamoDB, Cosmos DB, Durable Objects)
Global Presence#
| Metric | Cloudflare | AWS | Azure | GCP |
|---|---|---|---|---|
| Edge locations / PoPs | 330+ cities | 600+ CloudFront PoPs | 200+ PoPs | 200+ PoPs |
| Compute regions | N/A (runs at every PoP) | 33 regions, 105 AZs | 60+ regions | 40 regions, 121 zones |
| Countries | 120+ | 30+ (regions) | 60+ (regions) | 40+ (regions) |
| Model | Edge-first (code runs at every PoP) | Region-first (you choose where code runs) | Region-first | Region-first |
Cloudflare is fundamentally different: code deploys to every edge location automatically. AWS, Azure, and GCP require you to choose regions and manage replication. This means Cloudflare has the lowest latency for globally distributed users by default, but you cannot pin workloads to specific regions (except with Durable Objects location hints or D1 data localization).
Serverless Compute#
| Feature | Cloudflare Workers | AWS Lambda | Azure Functions | GCP Cloud Run |
|---|---|---|---|---|
| Runtime | V8 isolates | Container-based | Container-based | Container-based |
| Languages | JS/TS, Rust (WASM), Python (beta) | Node, Python, Java, Go, .NET, Ruby, Rust | Node, Python, Java, C#, PowerShell | Any (Docker) |
| Cold start | <5 ms | 100ms-1s (varies by runtime) | 100ms-2s | 0 (min instances) to 1-2s |
| Max execution | 30s CPU (paid) | 15 min | 10 min (Consumption), 60 min (Premium) | 60 min |
| Memory | 128 MB | 128 MB-10 GB | 1.5 GB (Consumption) | 32 GB |
| Pricing unit | Requests + CPU ms | Requests + GB-seconds | Executions + GB-seconds | vCPU-seconds + memory |
| Price per 1M requests | $0.30 | $0.20 + compute | $0.20 + compute | ~$0.40 (depends on config) |
| Free tier | 100K req/day (no expiry) | 1M req/mo + 400K GB-s | 1M req/mo | 2M req/mo, 180K vCPU-s |
| Free tier expiry | Never | Never (Lambda itself) | Never | Never |
| Portability | Medium | Medium | Medium | High (Docker) |
Best for:
- Cloudflare Workers: Latency-sensitive APIs, edge logic, globally distributed apps. Sub-5ms cold starts are unmatched.
- AWS Lambda: Event-driven backends, complex AWS integrations (SQS, S3 triggers, Step Functions). Broadest trigger ecosystem.
- Azure Functions: .NET workloads, Microsoft ecosystem integration, Event Grid / Service Bus triggers.
- GCP Cloud Run: Docker-based workloads that need serverless scaling. Most portable (any container runs).
Container / VM Compute#
| Feature | Cloudflare | AWS | Azure | GCP |
|---|---|---|---|---|
| Containers (managed) | Containers (beta) | ECS / Fargate | Container Apps / ACI | Cloud Run / GKE Autopilot |
| Kubernetes | – | EKS ($0.10/hr/cluster) | AKS (free control plane) | GKE ($0.10/hr/cluster, free Autopilot) |
| VMs | – | EC2 | Virtual Machines | Compute Engine |
| Bare metal | – | EC2 .metal instances | Dedicated Hosts | Sole-tenant nodes |
| Spot / preemptible | – | Spot Instances (up to 90% off) | Spot VMs (up to 90% off) | Spot VMs (up to 91% off) |
| GPU instances | – | P/G/Inf instances | NC/ND series | A2/G2 instances |
| Portability | N/A | Medium (EC2), High (EKS/Docker) | Medium (VMs), High (AKS/Docker) | Medium (GCE), High (GKE/Docker) |
Cloudflare does not offer traditional VMs or managed Kubernetes. Cloudflare Containers (beta) run Docker workloads at the edge but are not GA and lack the isolation guarantees needed for security-sensitive workloads. If you need VMs, Kubernetes, GPUs, or bare metal, you need AWS, Azure, or GCP.
Databases#
Relational#
| Feature | Cloudflare D1 | AWS RDS | Azure SQL / DB for PG | GCP Cloud SQL |
|---|---|---|---|---|
| Engine | SQLite | PostgreSQL, MySQL, MariaDB, Oracle, SQL Server | SQL Server, PostgreSQL, MySQL | PostgreSQL, MySQL, SQL Server |
| Model | Serverless (pay per query) | Instance-based (pay per hour) | Instance-based or serverless | Instance-based |
| Scaling | Auto (reads at edge) | Manual (read replicas) | Auto (serverless tier) | Manual (read replicas) |
| Max size | 10 GB | 128 TB (Aurora) | 100 TB | 64 TB |
| Free tier | 5B reads, 100M writes, 5 GB (no expiry) | db.t3.micro 750 hrs/mo (12 months) | 750 hrs/mo (12 months) | None |
| Monthly cost (small) | $0-5 | $15-50+ (instance always running) | $15-50+ | $10-40+ |
| Portability | Medium (SQLite dialect) | High (standard SQL) | High (standard SQL) | High (standard SQL) |
Best for:
- D1: Small-to-medium apps, edge-read-heavy workloads, projects where zero management matters. Not for write-heavy or large databases.
- RDS/Aurora: Production workloads needing PostgreSQL/MySQL compatibility, high write throughput, mature tooling.
- Cloud SQL: GCP-native apps, same strengths as RDS in the GCP ecosystem.
Key-Value / Document#
| Feature | Cloudflare KV | AWS DynamoDB | Azure Cosmos DB | GCP Firestore |
|---|---|---|---|---|
| Model | Key-value, eventually consistent | Document/KV, strongly consistent options | Multi-model (document, graph, KV, column) | Document, strongly consistent |
| Pricing | $0.50/M reads, $5/M writes | On-demand: $1.25/M writes, $0.25/M reads | Request-based, varies by consistency | $0.06/100K reads, $0.18/100K writes |
| Free tier | 100K reads/day (no expiry) | 25 GB, 25 WCU/25 RCU (no expiry) | 1000 RU/s, 25 GB (no expiry) | 50K reads, 20K writes/day (no expiry) |
| Max value size | 25 MB | 400 KB | 2 MB | 1 MB |
| Global replication | Automatic (every PoP) | Global Tables (opt-in) | Multi-region writes (opt-in) | Multi-region (opt-in) |
| Portability | Low (custom API) | Low (custom API) | Low (custom API, partial Mongo compat) | Low (custom API) |
All key-value / document databases are low portability. Each has a proprietary API. Choosing one is a long-term commitment. KV is the simplest (just get/put with TTL) but also the most limited.
Object Storage#
| Feature | Cloudflare R2 | AWS S3 | Azure Blob | GCP Cloud Storage |
|---|---|---|---|---|
| Egress | $0 | $0.09/GB | $0.087/GB | $0.12/GB |
| Storage | $0.015/GB/mo | $0.023/GB/mo | $0.018/GB/mo | $0.020/GB/mo |
| Free tier | 10 GB storage (no expiry) | 5 GB (12 months) | 5 GB (12 months) | 5 GB (no expiry) |
| Archive tier | Infrequent Access ($0.01/GB) | Glacier ($0.004/GB), Deep Archive ($0.00099/GB) | Archive ($0.002/GB) | Coldline ($0.004/GB), Archive ($0.0012/GB) |
| API | S3-compatible | Native S3 | Blob API | GCS API (+ S3 interop) |
| CDN integration | Built-in (Cloudflare CDN) | CloudFront (separate service) | Azure CDN (separate) | Cloud CDN (separate) |
| Versioning | Beta | GA | GA | GA |
| Lifecycle rules | Yes | Yes | Yes | Yes |
| Max object | 5 TB | 5 TB | 190 TB (block blob) | 5 TB |
| Portability | High (S3 API) | High (S3 API is the standard) | Medium (Blob API, different from S3) | Medium (GCS API, S3 interop available) |
Best for:
- R2: Any workload where downloads are frequent. Zero egress makes it the cheapest option at scale for serving content.
- S3: The default choice when you need the broadest ecosystem (event notifications, analytics, Glacier archiving).
- Azure Blob: Azure-native apps, Archive tier for cold storage.
- GCS: GCP-native apps, BigQuery integration for analytics on stored data.
CDN and Edge#
| Feature | Cloudflare CDN | AWS CloudFront | Azure CDN / Front Door | GCP Cloud CDN |
|---|---|---|---|---|
| PoPs | 330+ | 600+ | 200+ | 200+ |
| Edge compute | Workers (V8 isolates) | Lambda@Edge / CloudFront Functions | Azure Functions (limited edge) | – |
| Pricing | Free (included with any Cloudflare plan) | $0.085/GB (US), varies by region | $0.081/GB (US), varies | $0.08/GB (US) |
| Free tier | Unlimited bandwidth | 1 TB/mo (12 months) | None | None |
| DDoS protection | Included (all plans) | AWS Shield Standard (free) | Included with Front Door | Cloud Armor ($5/mo + rules) |
| WAF | Included (free plan: limited rules) | $5/mo + $1/rule + $0.60/M requests | Included with Front Door Premium | Cloud Armor ($5/mo + rules) |
| Custom domains | Unlimited, free SSL | Via ACM (free cert) + distribution config | Via Front Door config | Via load balancer config |
| Portability | Medium | Medium | Medium | Medium |
Cloudflare is the clear value leader for CDN. The free plan includes unlimited bandwidth, DDoS protection, basic WAF, and DNS. Every other vendor charges for bandwidth and treats DDoS/WAF as add-on services.
DNS#
| Feature | Cloudflare DNS | AWS Route 53 | Azure DNS | GCP Cloud DNS |
|---|---|---|---|---|
| Hosted zone cost | Free | $0.50/zone/mo | $0.50/zone/mo | $0.20/zone/mo |
| Query cost | Free | $0.40/M queries | $0.40/M queries (first 1B) | $0.40/M queries |
| DNSSEC | Free, one-click | Supported | Supported | Supported |
| Propagation | <5 seconds typical | 60 seconds typical | 60 seconds typical | Varies |
| Health checks | Free (limited) | $0.50-0.75/endpoint/mo | Via Traffic Manager ($0.75/M queries) | Via load balancer |
| Geo routing | Via load balancing rules | Geolocation routing policy | Via Traffic Manager | Via Cloud DNS routing |
| Portability | High (standard DNS) | High (standard DNS) | High (standard DNS) | High (standard DNS) |
DNS is fully portable – it is an open standard. Cloudflare DNS is free with fast propagation, making it the default recommendation unless you need tight integration with Route 53 health checks or Traffic Manager.
Message Queues#
| Feature | Cloudflare Queues | AWS SQS | Azure Service Bus | GCP Pub/Sub |
|---|---|---|---|---|
| Model | Queue (Workers-native) | Queue (pull) | Queue + Topics (push/pull) | Topics + Subscriptions (push/pull) |
| Pricing | $0.40/M messages | $0.40/M requests (Standard) | $0.05/M operations (Basic) | $40/TiB ingested |
| Free tier | 1M messages/mo | 1M requests/mo | None | 10 GB/mo |
| Max message size | 128 KB | 256 KB (up to 2 GB via S3) | 256 KB (Standard), 100 MB (Premium) | 10 MB |
| Max retention | 4 days | 14 days | 14 days (Standard) | 31 days |
| Dead letter queue | Yes | Yes | Yes | Yes |
| FIFO ordering | Yes | Yes (FIFO queues) | Yes (sessions) | Yes (ordering keys) |
| Portability | Low (Workers API) | Medium (HTTP API) | Medium (AMQP) | Medium (HTTP/gRPC API) |
Best for:
- Cloudflare Queues: Connecting Workers to Workers. Simplest setup if you are already on Cloudflare.
- SQS: The default queue for AWS workloads. Battle-tested, simple, pairs with Lambda triggers.
- Service Bus: Enterprise messaging with AMQP, sessions, and complex routing. .NET ecosystem.
- Pub/Sub: Fan-out messaging (one message, many subscribers). Analytics pipelines, event streaming.
Observability#
| Feature | Cloudflare | AWS | Azure | GCP |
|---|---|---|---|---|
| Metrics | Analytics Engine | CloudWatch | Monitor | Cloud Monitoring |
| Logs | Workers Logpush / wrangler tail | CloudWatch Logs | Log Analytics | Cloud Logging |
| Tracing | – | X-Ray | Application Insights | Cloud Trace |
| Dashboards | Cloudflare dashboard (limited) | CloudWatch Dashboards | Azure Monitor Workbooks | Cloud Monitoring Dashboards |
| Alerting | – (use external) | CloudWatch Alarms | Azure Alerts | Cloud Monitoring Alerting |
| Cost | Analytics Engine: $0.25/M data points | CloudWatch: $0.30/metric/mo + $0.50/GB logs | Log Analytics: $2.76/GB ingested | $0.50/metric/mo + $0.50/GiB logs |
| Portability | Low | Low | Low | Low |
Cloudflare’s observability is the weakest of the four. There is no built-in tracing, limited alerting, and no equivalent to CloudWatch Dashboards. For production observability, pair Cloudflare with external tools (Datadog, Grafana Cloud, Axiom). AWS, Azure, and GCP all have comprehensive built-in observability stacks.
Identity and Access Management#
| Feature | Cloudflare | AWS IAM | Azure AD / Entra ID | GCP IAM |
|---|---|---|---|---|
| Model | API tokens + Zero Trust | Users, Roles, Policies | Users, Groups, Roles, Service Principals | Users, Service Accounts, Roles |
| Granularity | Per-service tokens | Per-action policies | Per-action role assignments | Per-action policies |
| Cross-account | – | Cross-account roles (STS) | Azure Lighthouse | Cross-project roles |
| MFA | Yes (dashboard) | Yes (per-user) | Yes (Conditional Access) | Yes (per-user) |
| Service identity | API tokens | IAM Roles for services | Managed Identities | Service Accounts + Workload Identity |
| Portability | Low | Low | Low | Low |
IAM is always low portability – every vendor’s permission model is deeply proprietary. Cloudflare’s IAM is simpler (API tokens scoped to services) but less granular than AWS/Azure/GCP.
Pricing Model Comparison#
| Dimension | Cloudflare | AWS | Azure | GCP |
|---|---|---|---|---|
| Compute billing | Per-request + CPU time | Per-request + GB-seconds | Per-execution + GB-seconds | Per-vCPU-second + memory |
| Storage billing | Per-GB/month | Per-GB/month | Per-GB/month | Per-GB/month |
| Egress (data out) | $0 (Workers, R2, Pages) | $0.09/GB | $0.087/GB | $0.12/GB |
| Bandwidth (CDN) | Free (unlimited) | $0.085/GB (US) | $0.081/GB (US) | $0.08/GB (US) |
| Commitment discounts | Annual plan (minor savings) | Reserved Instances, Savings Plans (up to 72% off) | Reserved VMs (up to 72% off) | CUDs (up to 57% off) |
| Billing complexity | Simple (few line items) | Complex (dozens of line items per service) | Complex | Complex |
| Cost predictability | High (per-operation, no idle cost) | Low-Medium (instance-hours, NAT GW, data transfer) | Low-Medium | Low-Medium |
The fundamental pricing difference: Cloudflare charges per operation with zero egress. AWS/Azure/GCP charge per instance-hour, per-GB-transferred, and per-operation, with egress fees on nearly everything. This makes Cloudflare extremely cost-predictable but also means you cannot optimize costs through reserved instances or committed use discounts (because there are no instances to reserve).
Free Tier Summary#
| Category | Cloudflare | AWS | Azure | GCP |
|---|---|---|---|---|
| Compute | 100K req/day | 1M Lambda req/mo, 750 hrs EC2 (12mo) | 1M Functions/mo, 750 hrs B1s VM (12mo) | 2M Cloud Run req/mo, 1 e2-micro VM |
| Database | D1: 5B reads, 5 GB | DynamoDB: 25 GB. RDS: 750 hrs (12mo) | Cosmos DB: 1000 RU/s. SQL: 750 hrs (12mo) | Firestore: 50K reads/day |
| Object storage | R2: 10 GB, $0 egress | S3: 5 GB (12mo) | 5 GB (12mo) | 5 GB |
| KV / Cache | KV: 100K reads/day | ElastiCache: none | Redis: none | Memorystore: none |
| CDN bandwidth | Unlimited | 1 TB/mo (12mo) | None | None |
| DNS | Free (unlimited) | $0.50/zone + $0.40/M queries | $0.50/zone | $0.20/zone |
| Expiry | Never | 12 months for most | 12 months for most | Mixed (some never, some 90-day) |
Cloudflare has the most generous permanent free tier. AWS has the broadest free tier but most of it expires after 12 months (RDS, EC2, S3, CloudFront). GCP’s free tier is mixed – some services are always-free (e2-micro, Firestore), others are trial credits. Azure is similar to AWS with 12-month limits on key services.
Portability Summary#
| Category | Most Portable | Least Portable |
|---|---|---|
| Serverless compute | Cloud Run (Docker) | All others (custom runtimes/APIs) |
| Relational DB | AWS RDS, Azure SQL, Cloud SQL (standard SQL) | D1 (SQLite dialect, smaller ecosystem) |
| Object storage | R2, S3 (S3 API is the standard) | Azure Blob (different API) |
| Key-value | All are low portability | DynamoDB, Cosmos DB, KV (all proprietary) |
| DNS | All are high portability | – |
| CDN | All are medium portability | – |
| Queues | SQS, Pub/Sub (HTTP APIs) | Cloudflare Queues (Workers-only) |
| IAM | None are portable | All are deeply proprietary |
The most portable stack: Docker containers (Cloud Run / Fly.io) + PostgreSQL (any managed provider) + S3-compatible storage (R2 or S3) + standard DNS. This combination lets you move between vendors by changing configuration, not code.
The least portable stack: Lambda with DynamoDB triggers + SQS + CloudFront Functions + Cognito. Every component is AWS-specific. Migration requires a full rewrite.
Choosing a Vendor#
For most new projects, evaluate these criteria in order:
Do you need specific managed services? If your project depends on SageMaker, BigQuery, Active Directory integration, or another vendor-specific service, that vendor wins by default.
What is your budget? At $0-50/month, Cloudflare’s free tier and per-operation pricing is hard to beat. At $500+/month, AWS/Azure/GCP commitment discounts become significant.
Where are your users? If globally distributed, Cloudflare’s edge-first model gives the lowest latency without configuration. If concentrated in one region, a regional deployment on any vendor works.
What is your team’s expertise? The vendor your team already knows is often the right choice. Cloud expertise takes months to build. Switching vendors means retraining, not just reconfiguring.
How much operational overhead can you absorb? Cloudflare requires the least ops work (no regions, no VPCs, no security groups). AWS offers the most control but demands the most operational investment.
When none of these criteria produce a clear winner, default to Cloudflare for APIs and static sites (lowest cost, least ops), AWS for complex backends (broadest services), or GCP for data/ML workloads (BigQuery, Vertex AI).