Featured image of post Exploring Cloud Lock-In: Should I Take the Candy from the Stranger?
DevOps Azure Cloud Operations AWS Microsoft Azure Cloud Google Cloud Azure Service Bus Azure Queue

Exploring Cloud Lock-In: Should I Take the Candy from the Stranger?

Thoughts on cloud lockin... and if it matters...

Exploring Cloud Lock-In: Should I Take the Candy from the Stranger?

You know that age-old advice: “Don’t take candy from strangers.”

It’s solid wisdom—except when the stranger is a cloud provider handing you delicious, irresistible services for “free” (or at least, seemingly affordable).

Before you know it, you’re hooked, and suddenly you’re paying a premium just to stay on the same platform because moving your app elsewhere would be like untangling Christmas lights… from a cactus.

So, should you take the candy?

Let’s talk about cloud lock-in, how AWS, Azure, and GCP keep you on a tight leash, and whether it’s worth fighting back.

What’s the Rhetorical Problem Here?

Cloud providers are in the business of making your life easy—until you try to leave.

They offer incredibly useful, managed services that abstract away complexity.

But these services also introduce dependencies that make migration painful, expensive, and sometimes downright impossible.

The question is: Should you embrace the lock-in or fight against it?

To answer that, let’s break down how the major cloud providers—AWS, Azure, and GCP—reel you in and how you can avoid (or at least minimize) the trap.

How AWS, Azure, and GCP Lock You In

Each cloud provider has a set of value-added services that are incredibly convenient but will tie you down harder than an overly possessive partner.

AWS Lock-In Traps

  1. Lambda (Serverless Compute) – Write once, locked forever.

    Moving to another cloud’s function service means rewriting your code to match their API.

  2. DynamoDB (NoSQL Database) – Fully managed, scales effortlessly, but it’s proprietary.

    Migrating to another NoSQL database like MongoDB isn’t exactly plug-and-play.

  3. RDS (Managed Databases) – You’re using PostgreSQL, but you’ve also got AWS-specific extensions.

    Oops.

  4. S3 (Storage) – Technically, object storage is “standardized,” but try moving petabytes of data without selling a kidney.

  5. API Gateway – Integrates so well with AWS Lambda and IAM that switching to another API gateway means completely refactoring.

Azure Lock-In Traps

  1. Azure Functions – Similar to AWS Lambda, but tightly coupled with Azure services.

  2. Cosmos DB – Serverless, distributed, and fully managed, but moving data elsewhere is not fun.

  3. Azure SQL – Feels like SQL Server but with some extra Azure magic (read: dependencies).

  4. Azure AD (Identity Management) – If your app deeply integrates with Azure AD, migrating to another identity provider can be painful.

  5. Azure DevOps – Great CI/CD pipelines… until you want to use something else.

GCP Lock-In Traps

  1. BigQuery – Super-fast analytics, but proprietary SQL dialect makes migration tricky.

  2. Firestore – Easy-to-use document database, but not a drop-in replacement for MongoDB.

  3. Cloud Functions – Yet another serverless compute service with unique quirks.

  4. GKE (Kubernetes Engine) – Kubernetes should be portable, but Google’s managed features make it just different enough.

  5. Cloud Spanner – An amazing distributed database, but unless you enjoy rewriting your entire backend, you’re staying put.

How to Build Without Locking Yourself In

If you don’t want to wake up one day realizing your entire architecture is shackled to a single provider, here’s what you can do:

1. Deploy Open-Source Equivalents

  • Instead of DynamoDB, use MongoDB or Cassandra.
  • Instead of BigQuery, use Presto or ClickHouse.
  • Instead of Azure Functions, use OpenFaaS or Knative.
  • Instead of Cloud Spanner, use CockroachDB.
  • Instead of AWS API Gateway, deploy Kong or Traefik.

2. Stick to Containerized Workloads

  • Deploy apps in Docker and use Kubernetes (but beware of managed Kubernetes lock-in like GKE’s unique features).

3. Use Multi-Cloud Friendly Tools

  • For databases: PostgreSQL, MySQL, Redis.
  • For identity: Auth0, Keycloak, Okta.
  • For storage: MinIO (a self-hosted S3-compatible alternative).
  • For monitoring/logging: Prometheus, Grafana, Elastic Stack.

Pros and Cons of Avoiding Lock-In

StrategyProsCons
Go all-in on one cloudMaximum efficiency, deep integration, faster deploymentLocked-in, hard to migrate, cost increases over time
Use multi-cloud toolsMore flexibility, better negotiating powerMore complex, potentially higher operational cost
Host your own servicesUltimate portability, complete controlHigh maintenance, requires more expertise

So… Is Avoiding Lock-In Worth It?

The million-dollar question: Should you fight cloud lock-in, or just embrace it and ride the wave?

The answer? It depends.

  • If you’re a startup looking to move fast, lock-in is fine—you’ll likely be acquired or pivot before it becomes a real problem.
  • If you’re a big enterprise with long-term roadmaps, avoid proprietary services when possible to maintain bargaining power.
  • If you’re running critical systems that can’t afford downtime, multi-cloud or hybrid solutions might be worth the complexity.

My Opinion: Take the Candy, But Have an Escape Plan

Cloud providers make it so easy to use their services that resisting is hard.

My Take: The trick is to enjoy the convenience while keeping an exit strategy in mind.

© 2001 - 2025 Brian Braatz Blog