Cloud Security Smackdown: AWS vs Azure vs Google Cloud
Feature Comparison
| Feature | AWS (IAM, KMS, CloudTrail) | Azure (AD, Defender, Compliance) | Google Cloud (IAM, Security Scanner, Compliance) |
|---|
| Identity Management | IAM | Azure AD | IAM |
| Threat Detection | GuardDuty | Defender for Cloud | Security Command Center |
| Encryption Service | KMS | Key Vault | Cloud KMS |
| Security Logging | CloudTrail | Security Center Logs | Cloud Audit Logs |
| Compliance & Governance | AWS Artifact | Azure Compliance | Google Cloud Compliance |
| Penetration Testing | No native service | Microsoft Security Scanner | Cloud Security Scanner |
| Best For | Enterprises with fine-grained IAM needs | Businesses tied to Microsoft tools | AI-heavy and cloud-native companies |
Code Samples
AWS Security
Creating an IAM User (Python - Boto3)
1
2
3
4
5
6
7
| import boto3
iam = boto3.client("iam")
response = iam.create_user(UserName="secure-user")
print("Created user:", response["User"]["UserName"])
|
Creating an IAM User (C# - AWS SDK)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
| using Amazon.IdentityManagement;
using Amazon.IdentityManagement.Model;
using System;
using System.Threading.Tasks;
class Program
{
static async Task Main()
{
var iamClient = new AmazonIdentityManagementServiceClient();
var request = new CreateUserRequest { UserName = "secure-user" };
var response = await iamClient.CreateUserAsync(request);
Console.WriteLine("Created user: " + response.User.UserName);
}
}
|
π AWS SDK Docs: Boto3 (Python) | AWS SDK for .NET
Azure Security
Creating an Azure AD User (Python - Azure SDK)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
| from azure.identity import DefaultAzureCredential
from msgraph.core import GraphClient
credential = DefaultAzureCredential()
client = GraphClient(credential=credential)
user_data = {
"accountEnabled": True,
"displayName": "Secure User",
"mailNickname": "secureuser",
"userPrincipalName": "secureuser@yourdomain.com",
"passwordProfile": {"forceChangePasswordNextSignIn": True, "password": "SecurePassword123!"}
}
response = client.post("/users", json=user_data)
print("Created user:", response.json()["id"])
|
Creating an Azure AD User (C# - Azure SDK)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
| using Azure.Identity;
using Microsoft.Graph;
using System;
using System.Threading.Tasks;
class Program
{
static async Task Main()
{
var credential = new DefaultAzureCredential();
var client = new GraphServiceClient(credential);
var user = new User
{
AccountEnabled = true,
DisplayName = "Secure User",
MailNickname = "secureuser",
UserPrincipalName = "secureuser@yourdomain.com",
PasswordProfile = new PasswordProfile { Password = "SecurePassword123!", ForceChangePasswordNextSignIn = true }
};
var newUser = await client.Users.Request().AddAsync(user);
Console.WriteLine("Created user: " + newUser.Id);
}
}
|
π Azure SDK Docs: Azure AD API (Python) | Azure Graph API .NET
Google Cloud Security
Creating a Google IAM Policy (Python - Google SDK)
1
2
3
4
5
6
7
8
| from google.cloud import iam
client = iam.IAMPolicyClient()
resource = "projects/your-project-id"
policy = client.get_iam_policy(resource)
print("Current IAM Policy:", policy)
|
Creating a Google IAM Policy (C# - Google SDK)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
| using Google.Cloud.Iam.V1;
using System;
class Program
{
static void Main()
{
var client = new IamPolicyClientBuilder().Build();
string resource = "projects/your-project-id";
var policy = client.GetIamPolicy(resource);
Console.WriteLine("Current IAM Policy: " + policy);
}
}
|
π Google Cloud SDK Docs: Google IAM (Python) | Google IAM .NET
Final Thoughts
- AWS Security: Best for granular IAM policies, enterprise security, and audit logging.
- Azure Security: Ideal for Microsoft-heavy environments, Active Directory integration, and defender security tools.
- Google Cloud Security: Great for cloud-native security, built-in compliance, and automated security scanning.
No matter which cloud security you use, never share your keys and rotate credentials regularlyβor else, expect an angry email from your CISO. π
References
