Cloud Primitives – Compute Layer

By Masoud ChelongarCloud Computing, Software Architecture & Development
Estimated Reading Time: 4 minutes

In this series of articles, we explore cloud services from both architectural and development perspectives.

This first article focuses on the Compute Primitive, the foundational building block that delivers scalable, on-demand processing power, enabling you to run workloads without the burden of managing physical infrastructure.

🔄 Service Mapping

ConceptAWSAzureGCP
Virtual MachineEC2Azure VMCompute Engine

💡 What Actually Matters

Here’s what you need to consider as a developer or architect when choosing a computing machine among different virtual machines.

Networking Model

  • Amazon EC2 runs inside a regional VPC (Virtual Private Cloud). Networking configuration is explicit and highly granular, requiring you to manage components such as subnets, route tables, and security groups directly.
  • Microsoft Azure Virtual Machines operate within a VNet (Virtual Network). The concept is similar to AWS VPC; however, networking is more tightly integrated with Azure’s resource hierarchy, including resource groups and subscriptions.
  • Google Compute Engine uses a global VPC model. While subnets remain regional, the VPC itself is global. This design simplifies multi-region architectures but requires a different IP address planning strategy

Identity & Access Integration

Amazon EC2 uses IAM Roles attached directly to instances, offering a very mature and deeply integrated access control model within AWS. Microsoft Azure Virtual Machines use Managed Identities (either system-assigned or user-assigned), which are strongly integrated with Microsoft Entra ID for secure resource access. Meanwhile, Google Compute Engine attaches Service Accounts to instances, providing a simple and clean identity model for managing permissions to Google Cloud resources.

Autoscaling

Amazon EC2 uses Auto Scaling Groups, which are highly powerful and configurable, giving architects fine-grained control over scaling policies, instance lifecycle, and integration with load balancers. Azure Virtual Machines use Virtual Machine Scale Sets, a similar concept that provides automated scaling with strong native integration into Azure Load Balancer and the broader Azure ecosystem.

On the other hand, Google Compute Engine relies on Managed Instance Groups, which are tightly integrated with Google Cloud’s global load balancing model, offering a more platform-oriented and streamlined scaling experience.

Autoscaling and load balancing in Google Compute Engine often feel the most platform-like. AWS: Amazon EC2 indeed offers the most granular control. With services like Auto Scaling Groups, Elastic Load Balancing, and detailed networking controls, AWS gives architects deep customization options. Azure Virtual Machines generally sits between AWS and GCP. It provides strong integration across services and solid autoscaling and load balancing capabilities, but with less global abstraction than GCP and slightly less low-level flexibility than AWS.

⚡Decision Rules

Choose EC2 when:

  • You need the most granular IAM model (policy-level, condition keys, cross-account trust).
  • You need mature multi-account strategy because it is very powerful in AWS (Organizations + SCPs).
  • You need the widest instance family variety and deep configuration flexibility.
  • You are building complex autoscaling patterns tightly integrated with multiple AWS services.

Choose AWS when you want explicit control and you are comfortable managing architectural complexity.

Choose Azure VM when:

  • You operate inside a Microsoft enterprise ecosystem.
  • Identity (Active Directory / Entra ID) is central to your architecture.
  • You run Windows Server or SQL Server workloads and want to leverage Hybrid Benefit for cost optimization.
  • You already depend on Azure DevOps, Microsoft 365, or the Microsoft security stack.

Choose Azure when your compute layer is part of a broader Microsoft platform strategy.

Choose Compute Engine when:

  • You want a simpler multi-region networking model.
  • You prefer automatic sustained-use discounts without manual cost commitments.
  • You value a clean IAM and service account model.
  • Your workloads are tightly integrated with BigQuery, GKE, or data-intensive services.

Choose GCP when you prioritize simplicity and globally designed infrastructure.

👌 Hidden Gotcha

It is about Network Space

At first glance, EC2, Azure VM, and Compute Engine look nearly identical. The hidden difference appears when you scale beyond a single region. AWS and Azure use regional VPC or VNet boundaries. GCP uses a global VPC model.

companies migrating from AWS or Azure to GCP often underestimate how much simpler and different global networking becomes.

IAM Attachment Model Trap

All three cloud providers support instance-level identity. But, AWS IAM roles are deeply flexible but can become policy-heavy. On the other hand, Azure Managed Identities depend strongly on tenant structure. GCP service accounts are simpler but require careful project-level boundary planning.

If your organization lacks IAM discipline, the complexity compounds quickly, regardless of cloud.

🏰 Architecture Insight

Compute is a primitive, but a strategy. Its architectural impact is defined by the networking and identity layers that surround it.

Most VM comparison discussions focus on CPU, RAM, and pricing. In real architecture, the compute instance is a commodity. The blast radius of networking and identity design is what creates long-term operational complexity.

You might also like:

Architecture Independence in the Age of Cloud Providers

My Reads, Reflections & Takeaways from Cloud Strategy

API-First Transformation — Architecting the Bridge from Legacy to Modern

Leave a Reply

Your email address will not be published. Required fields are marked *