AWS

No Change
hold
First Added:October 1, 2024 Updated: June 12, 2026

Amazon Web Services was the first hyperscale Cloud and still has the broadest catalog. We rate it hold for new work: insecure-by-default patterns, opaque “managed” shared-responsibility gaps, and a sprawl of services that encourage operational debt. Prefer Google Cloud Platform (adopt as multi-cloud spearhead) or Azure (assess, with eyes open) when a comparable capability exists. Use Hybrid Cloud to place each workload on the best cloud, not lift-and-shift clones.

Blurb

AWS is the world’s most comprehensive and broadly adopted cloud.

Summary

Why hold: IAM/console complexity, historical foot-guns (public S3, over-broad roles), and services marketed as fully managed that still leave patching, scaling, and security on your team. Total cost often surprises once egress, support, and “almost managed” add-ons stack up.

When AWS anyway: existing estate, partner/marketplace requirements, a service with no peer (rare and shrinking), or regulated footprints already certified on AWS. In those cases, contain blast radius, Terraform, guardrails, DevSecOps gates, and avoid pet clusters on AWS EKS (also hold; prefer Google GKE for greenfield K8s).

Details

TopicNotes
StrengthsMature marketplace, global regions, hiring pool familiarity
WeaknessesDefault-deny is opt-in discipline; service matrix overwhelming
K8sSee AWS EKS; use only when tied to AWS
SecretsSecrets Manager is fine when already on AWS; still design rotation and IAM boundaries
ExitData egress and proprietary APIs are the real lock-in; design portable interfaces