Cloud Services Cross-Reference: Developer Tools & DevOps
This document maps developer tooling and DevOps services across AWS, Azure, Oracle Cloud Infrastructure (OCI), and Google Cloud Platform (GCP). Coverage includes CI/CD pipelines, source code repositories, artifact and package management, infrastructure as code, command-line and SDK tooling, API management, cloud shell and browser-based IDEs, and application deployment platforms. While all four providers offer a CI/CD pipeline, an artifact registry, a CLI, and an API gateway, there are meaningful structural differences: Azure delivers its DevOps stack as a unified integrated platform (Azure DevOps), Google's native IaC tool (Deployment Manager) is being deprecated in favor of Terraform, and Apigee stands apart as a full enterprise API lifecycle management suite rather than a simple gateway.
1. CI/CD Pipelines
CI/CD pipelines automate the build, test, and deployment phases of application delivery. All four providers offer fully managed pipeline services; the primary differences are in integration depth with their own ecosystems, trigger options, deployment target breadth, and pricing model.
AWS — CodePipeline + CodeBuild + CodeDeploy AWS splits the CI/CD concern across three services. CodePipeline is the orchestration layer: it models the workflow as a sequence of stages (source, build, test, deploy) and triggers on commits, schedule, or manual approval. CodeBuild is the managed build executor, compiling source code, running tests, and producing artifacts in fully managed, ephemeral build environments. CodeDeploy handles the deployment of those artifacts to EC2, Lambda, ECS, or on-premises targets. Amazon CodeCatalyst (launched 2022) provides a unified project management and CI/CD surface that wraps these services with collaborative project tooling and built-in workflow templates.
Azure — Azure Pipelines Azure Pipelines is a component of Azure DevOps and provides a single service covering CI and CD. Pipelines are defined in YAML or via a classic visual designer and support parallel jobs, deployment environments with gates and approvals, and deployment to Azure, AWS, GCP, or on-premises. Integration with Azure Repos, GitHub, Bitbucket, and external Git providers is first-class. Hosted agents support Windows, Linux, and macOS build environments. Azure Pipelines is notable for offering genuinely unlimited CI/CD minutes to open-source projects.
OCI — OCI DevOps Build Pipelines + Deployment Pipelines OCI DevOps provides separate Build Pipeline and Deployment Pipeline constructs. Build Pipelines define managed build steps (compile, test, produce artifacts) against OCI-hosted or mirrored repositories. Deployment Pipelines specify delivery stages and target environments, which can be OKE clusters, OCI Functions, OCI compute instances, or Oracle Container Engine. Visual Builder Studio (VB Studio) provides a higher-level DevOps hub that wraps OCI DevOps with project management, Git hosting, and issue tracking.
GCP — Cloud Build + Cloud Deploy Cloud Build is GCP's serverless CI service: builds execute as isolated container steps defined in a YAML build configuration file. It integrates with Cloud Source Repositories, GitHub, GitLab, and Bitbucket. Cloud Deploy (GA 2022) is a separate managed continuous delivery service that models delivery pipelines as release promotion sequences across environments (dev, staging, production), with approvals and rollback built in. Cloud Deploy targets GKE, Cloud Run, GKE Enterprise, and Anthos clusters.
| Feature | AWS CodePipeline / CodeBuild | Azure Pipelines | OCI DevOps Pipelines | GCP Cloud Build / Cloud Deploy |
|---|---|---|---|---|
| Build service | CodeBuild | Azure Pipelines (agents) | OCI DevOps Build Pipelines | Cloud Build |
| CD / delivery service | CodePipeline + CodeDeploy | Azure Pipelines (releases) | OCI DevOps Deployment Pipelines | Cloud Deploy |
| Pipeline-as-code | Yes (JSON/YAML) | Yes (YAML) | Yes (YAML buildspec) | Yes (cloudbuild.yaml) |
| Hosted build agents | Linux, Windows, ARM, GPU | Linux, Windows, macOS | Linux (Oracle Linux) | Linux containers (custom images) |
| Deployment targets | EC2, ECS, Lambda, Beanstalk, on-prem | Azure services, any cloud, on-prem | OKE, OCI Functions, compute, OCIR | GKE, Cloud Run, Anthos, on-prem |
| External SCM integration | GitHub, Bitbucket, GitLab (via CodeStar Connections) | GitHub, Bitbucket, GitLab, external Git | GitHub, GitLab, Bitbucket, VB Studio | GitHub, GitLab, Bitbucket, Bitbucket Server |
| Approval gates | Yes | Yes (environments + approvals) | Yes | Yes (Cloud Deploy) |
| Parallel execution | Yes | Yes (parallel jobs) | Yes (parallel stages) | Yes (parallel steps) |
| Unified project hub | CodeCatalyst | Azure DevOps (full suite) | Visual Builder Studio | None native |
Key differentiators:
- Azure Pipelines is the most feature-complete single-service CI/CD offering, with a single YAML file covering the full build-to-deploy lifecycle and no need to glue separate services together.
- AWS uses a three-service model (CodePipeline + CodeBuild + CodeDeploy), which provides flexibility but requires more integration work.
- GCP's Cloud Deploy adds structured promotion and rollback semantics distinct from the CI layer, which separates concerns cleanly for larger teams.
- OCI DevOps integrates directly with OCI Resource Manager for Terraform-based environment provisioning within the deployment pipeline.
2. Source Code Repositories
All four providers offer managed, private Git repository hosting. The market context is important: GitHub, GitLab, and Bitbucket dominate adoption and are first-class integration targets for all four cloud CI/CD systems. Cloud-native hosted repos serve teams that prefer to minimize external service dependencies.
AWS — CodeCommit CodeCommit is a fully managed, private Git service. AWS ceased accepting new CodeCommit customers in July 2024 but reversed that decision in November 2025, restoring full general availability. Git LFS support is on the roadmap for Q1 2026. For new projects, AWS's own documentation guidance steers teams toward GitHub or Bitbucket via CodeStar Connections, integrated natively with CodePipeline and CodeBuild.
Azure — Azure Repos Azure Repos provides unlimited private Git repositories and legacy Team Foundation Version Control (TFVC) repositories within Azure DevOps. Pull requests support required reviewers, branch policies, build validation, and merge strategies. Azure Repos integrates natively with all other Azure DevOps services. Organizations can also connect GitHub repositories to Azure Boards and Azure Pipelines without hosting code in Azure Repos.
OCI — OCI DevOps Code Repositories + Visual Builder Studio OCI DevOps hosts private Git repositories with pull request support, branch management, forks, and repository insights. External repository mirroring is supported for GitHub, GitLab, Bitbucket Cloud, Bitbucket Server, GitLab Server, and Visual Builder Studio. VB Studio provides an alternative, higher-level Git hosting surface with tight integration to issue tracking and CI/CD.
GCP — Cloud Source Repositories + Secure Source Manager Cloud Source Repositories provides private Git hosting with mirroring from GitHub and Bitbucket. Secure Source Manager (GA 2024) is a new, dedicated, enterprise-grade service that provides a GitHub-compatible API, private repository hosting with VPC Service Controls, and compliance-grade audit logging. Google's guidance for new projects is to use Secure Source Manager rather than the legacy Cloud Source Repositories.
| Feature | AWS CodeCommit | Azure Repos | OCI DevOps Code Repos | GCP Cloud Source Repos / Secure Source Manager |
|---|---|---|---|---|
| Repository type | Git | Git + TFVC | Git | Git |
| Pull requests | Yes | Yes (with policies) | Yes (with reviewer rules) | Yes (Secure Source Manager) |
| Branch policies / protection | Limited | Yes (Azure Repos) | Yes | Yes (Secure Source Manager) |
| Mirroring from GitHub/GitLab | No | No (connect, not mirror) | Yes | Yes (Cloud Source Repos) |
| Private endpoint support | Yes (VPC endpoint) | Yes (Azure Private Link) | Yes (private endpoint) | Yes (Secure Source Manager + VPC SC) |
| Enterprise compliance features | Basic | Azure DevOps auditing | OCI IAM + audit logs | Secure Source Manager (VPC SC, CMEK) |
| Status (2025) | GA (returned Nov 2025) | GA | GA | Secure Source Manager GA |
Key differentiators:
- Azure Repos has the most mature pull request governance model with branch policies, required builds, and code owners.
- GCP Secure Source Manager is the most compliance-oriented option, with VPC Service Controls, CMEK, and a GitHub-compatible API for tool compatibility.
- OCI's mirroring capability is unique: repositories from external providers can be kept in sync, enabling build triggers on externally hosted code without copying workflows.
3. Artifact & Package Management
Artifact repositories store build outputs, container images, and language packages (npm, Maven, PyPI, NuGet, etc.) for consumption by CI/CD pipelines and application runtimes.
AWS — CodeArtifact CodeArtifact is a managed artifact repository supporting npm, PyPI, Maven, NuGet, Gradle, and generic (universal) packages. It acts as a proxy for public registries (npmjs.com, pypi.org, Maven Central), caching packages internally and allowing policy-controlled access. CodeArtifact integrates with IAM for fine-grained package-level permissions. Container image storage is handled separately by Amazon ECR.
Azure — Azure Artifacts Azure Artifacts is an Azure DevOps component providing package feeds for NuGet, npm, Maven, Python, Cargo, and Universal packages. Upstream sources connect feeds to public registries while preserving the ability to block externally published packages. Access control uses Azure DevOps organizations, projects, and feed-level permissions.
OCI — OCI Artifact Registry + OCI Container Registry (OCIR) OCI maintains two registries. Artifact Registry stores generic (universal) files with immutability support and repository-level access control; each tenancy supports up to 500 repositories consuming up to 500 GB. OCIR (Container Registry) stores Docker and OCI-format container images and is the standard integration point for OKE, OCI Functions, and OCI DevOps deployment pipelines. Language package hosting (npm, Maven, PyPI) is not a native OCI capability.
GCP — Artifact Registry Google Artifact Registry (GA 2021, replaces Container Registry) is a unified repository for Docker images, Helm charts, and language packages (npm, Maven, PyPI, Apt, Yum, Python, Go). Integration with Cloud Build, GKE, Cloud Run, and Binary Authorization is native. Remote repositories proxy public registries with caching; virtual repositories aggregate multiple upstream sources behind a single endpoint.
| Feature | AWS CodeArtifact + ECR | Azure Artifacts | OCI Artifact Registry + OCIR | GCP Artifact Registry |
|---|---|---|---|---|
| Container image storage | ECR (separate) | Azure Container Registry (separate) | OCIR (separate) | Unified in Artifact Registry |
| Language package types | npm, PyPI, Maven, NuGet, Gradle | NuGet, npm, Maven, Python, Cargo, Universal | Generic/Universal files only | npm, Maven, PyPI, Apt, Yum, Go, Helm |
| Public registry proxying | Yes (upstream sources) | Yes (upstream sources) | No (manual upload) | Yes (remote repositories) |
| Immutable artifacts | Yes (package immutability) | Retention policies | Yes (artifact immutability flag) | Yes (immutable tags) |
| Binary Authorization | No native equivalent | No native equivalent | No native equivalent | Yes (GCP-native, integrates with GKE/Cloud Run) |
| Package scanning | ECR scanning (CVE) | Microsoft Defender for Containers | OCI Vulnerability Scanning | Artifact Analysis (on-demand / continuous) |
Key differentiators:
- GCP Artifact Registry is the most unified: a single service for containers, Helm, and language packages, eliminating the split between container and package registries found on AWS, Azure, and OCI.
- AWS ECR's cross-account replication and pull-through cache for public ECR is the most mature multi-account distribution model.
- OCI Artifact Registry covers generic binaries but does not natively host language ecosystem packages; teams relying on Maven Central or PyPI proxying must use a third-party solution or external tooling.
4. Infrastructure as Code (IaC)
IaC services define and provision cloud resources from declarative or programmatic templates. The market-standard tool is Terraform (HashiCorp, now IBM); all four clouds ship native IaC solutions and all four officially support Terraform as a deployment path.
AWS — CloudFormation + CDK CloudFormation is AWS's declarative IaC service using JSON or YAML templates organized into Stacks and StackSets (multi-account/region). It provides native drift detection, automatic rollback on failure, change sets for previewing changes, and deep integration with all AWS services. The AWS Cloud Development Kit (CDK) is a higher-level framework allowing IaC to be written in TypeScript, Python, Java, Go, or .NET; CDK synthesizes to CloudFormation templates at deploy time. AWS SAM (Serverless Application Model) is a CDK-adjacent framework specialized for serverless workload definitions. The 2025 year-in-review for CloudFormation highlighted early validation improvements and IaC-to-AI tooling integration.
Azure — ARM Templates + Bicep Azure Resource Manager (ARM) templates are JSON-based declarative IaC definitions for all Azure resources. Bicep is a domain-specific language (DSL) that transpiles to ARM JSON, providing a cleaner syntax, type checking, and better IDE support. Bicep is the Microsoft-recommended authoring surface; the Azure CLI compiles Bicep to ARM transparently. ARM/Bicep integrates natively with Azure Pipelines and supports what-if analysis (preview of changes) and complete/incremental deployment modes.
OCI — Resource Manager (OCI-managed Terraform) OCI Resource Manager is a managed Terraform execution service. Users upload Terraform configurations (from local files, GitHub, GitLab, Bitbucket, or OCI DevOps repositories), and Resource Manager provides remote state storage, state locking, team-based access control, and job execution (plan/apply/destroy). OCI is the only major cloud whose native IaC service is built entirely on open-source Terraform rather than a proprietary DSL; this eliminates lock-in at the configuration syntax level. Resource Manager integrates with OCI DevOps deployment pipelines for fully automated infrastructure provisioning.
GCP — Infrastructure Manager (Terraform-based) — replacing Deployment Manager Cloud Deployment Manager, GCP's original native IaC tool (YAML + Python/Jinja templates), is deprecated and will reach end of support on March 31, 2026. Infrastructure Manager (GA 2024) replaces it: a managed Terraform execution service analogous to OCI Resource Manager, providing remote state, drift detection, and IAM-based access control. The DM Convert tool migrates Deployment Manager configurations to Terraform or KRM (Kubernetes Resource Model). Config Connector remains an option for managing GCP resources from Kubernetes manifests.
| Feature | AWS CloudFormation / CDK | Azure ARM / Bicep | OCI Resource Manager | GCP Infrastructure Manager |
|---|---|---|---|---|
| Native syntax | JSON/YAML (CFn), TypeScript/Python/Java/Go/.NET (CDK) | JSON (ARM), Bicep DSL | HCL (Terraform) | HCL (Terraform) |
| Underlying engine | Proprietary (CloudFormation) | Proprietary (ARM) | Open-source Terraform | Open-source Terraform |
| State management | CloudFormation-managed | ARM-managed | Remote state in OCI Object Storage | Remote state in GCS |
| State locking | Yes | Yes | Yes | Yes |
| Multi-account / multi-region | StackSets | Management Groups / Blueprints | Multi-tenancy compartments | Terraform workspace + org policies |
| Change preview | Change sets (CFn), diff (CDK) | What-if analysis | Terraform plan | Terraform plan |
| Drift detection | Yes (CFn) | No native (ARM) | Yes (Terraform state) | Yes (Terraform state) |
| CI/CD integration | CodePipeline / CDK Pipelines | Azure Pipelines | OCI DevOps pipelines | Cloud Build / Cloud Deploy |
| Higher-level abstraction | CDK (TypeScript/Python/Java/Go/.NET) | Bicep DSL | Terraform modules | Terraform modules |
Key differentiators:
- OCI Resource Manager and GCP Infrastructure Manager are both managed Terraform services; configurations are portable between them with cloud-specific provider modules being the only delta.
- AWS CDK provides the most expressive IaC model for developer-first teams: general-purpose programming languages, strong typing, unit-testable constructs, and full access to all AWS APIs via generated L1 constructs.
- Bicep is developer-friendly compared to raw ARM JSON but remains Azure-specific; Terraform is the portability choice for multi-cloud organizations.
- GCP teams using Deployment Manager must migrate before March 2026.
5. Command-Line Interface (CLI) Tools
All four clouds provide a CLI for scripting, automation, and interactive resource management.
AWS — AWS CLI v2 The AWS CLI is a unified tool installed as a standalone binary (no Python runtime dependency in v2). It provides command coverage for all AWS services, supports named profiles for multi-account management, has built-in AWS SSO integration, and supports JSON/table/text output. The AWS SAM CLI and AWS CDK CLI are separate tools for serverless and CDK workflows. AWS CloudShell provides a browser-based pre-authenticated shell with the CLI pre-installed.
Azure — Azure CLI (az) The Azure CLI is a cross-platform (Linux, macOS, Windows) command-line tool installable via package managers or the Azure CloudShell (which provides Bash and PowerShell). It supports interactive mode, JMESPath queries for output filtering, and multi-subscription context switching. Azure PowerShell (Az module) is the PowerShell-native alternative for Windows-centric automation.
OCI — OCI CLI
The OCI CLI is a Python-based tool available for Linux, macOS, and Windows. It uses a configuration file (~/.oci/config) for credential and tenancy management and supports profiles for multi-tenancy/multi-region switching. OCI CloudShell provides a browser-based session with the CLI pre-authenticated, Terraform, kubectl, and SQLcl pre-installed.
GCP — gcloud CLI
The gcloud CLI is the primary tool for interacting with GCP services. It is Python-based and ships as part of the Google Cloud SDK. The SDK also includes gsutil (Cloud Storage), bq (BigQuery), and kubectl. Cloud Shell provides a browser-based, pre-authenticated environment with gcloud and other tools pre-installed. The Cloud Shell Editor extends this with a VS Code-based browser IDE.
| Feature | AWS CLI v2 | Azure CLI (az) | OCI CLI | gcloud CLI |
|---|---|---|---|---|
| Installation | Standalone binary | Standalone binary / pip | pip / standalone installer | Google Cloud SDK (Python) |
| Platform support | Linux, macOS, Windows | Linux, macOS, Windows | Linux, macOS, Windows | Linux, macOS, Windows |
| Multi-account / multi-tenancy | Named profiles + SSO | Azure subscriptions + tenants | Config profiles (per tenancy) | gcloud config configurations |
| Output formats | JSON, table, text, YAML | JSON, table, TSV | JSON, table, formatted | JSON, table, YAML, text |
| Shell completion | Bash, Zsh, Fish | Bash, Zsh, Fish, PowerShell | Bash | Bash, Zsh, Fish |
| Cloud Shell browser access | AWS CloudShell | Azure Cloud Shell | OCI Cloud Shell | Google Cloud Shell |
| PowerShell native alternative | AWS Tools for PowerShell | Azure PowerShell (Az module) | None native | None native |
6. SDKs
All four clouds publish officially maintained SDKs for major languages. SDK coverage is broadly equivalent across the major languages; the primary differentiator is language breadth, release cadence, and API documentation quality.
| Language | AWS SDK | Azure SDK | OCI SDK | GCP Cloud Client Libraries |
|---|---|---|---|---|
| Python | boto3 | azure-sdk-for-python | oci | google-cloud-python |
| Java | AWS SDK for Java v2 | azure-sdk-for-java | oci-java-sdk | google-cloud-java |
| JavaScript / TypeScript | AWS SDK for JavaScript v3 | azure-sdk-for-js | oci-typescript-sdk | google-cloud-node |
| Go | AWS SDK for Go v2 | azure-sdk-for-go | oci-go-sdk | google-cloud-go |
| .NET / C# | AWS SDK for .NET | azure-sdk-for-net | oci-dotnet-sdk | google-cloud-dotnet |
| Ruby | AWS SDK for Ruby v3 | azure-sdk-for-ruby (limited) | oci-ruby-sdk | google-cloud-ruby |
| PHP | AWS SDK for PHP | azure-sdk-for-php (limited) | Not official | google-cloud-php |
| Rust | AWS SDK for Rust (preview) | azure-sdk-for-rust (preview) | Not official | Not official |
| Swift | AWS SDK for Swift | Not official | Not official | Not official |
Notes:
- AWS has the broadest SDK language coverage, including Rust (preview) and Swift.
- OCI SDKs for Java, Python, Go, TypeScript/JavaScript, .NET, and Ruby are officially maintained; PHP and Rust are not officially published.
- Azure and GCP publish SDKs for all major languages; Ruby and PHP coverage on Azure is limited to older, lower-traffic packages.
7. API Management
API management services provide a gateway layer (routing, authentication, rate limiting, transformation) and a management plane (developer portal, analytics, policy lifecycle). The providers differ significantly in scope: AWS API Gateway and OCI API Gateway are infrastructure-layer gateways, while Azure API Management and GCP Apigee are full API lifecycle management platforms.
AWS — Amazon API Gateway Amazon API Gateway supports REST APIs, HTTP APIs, and WebSocket APIs. REST APIs (originally called "edge-optimized") offer the full policy set; HTTP APIs offer lower latency and cost for proxy-style deployments. API Gateway integrates natively with Lambda, ECS, HTTP backends, and AWS services via AWS integrations. It provides usage plans, API keys, throttling, and authorization via Lambda authorizers, IAM, or Cognito. There is no native developer portal; AWS Marketplace offers third-party options.
Azure — Azure API Management (APIM) Azure APIM is a full-featured API management platform with three planes: an API gateway (traffic control, policy enforcement), a management plane (configuration, monitoring, analytics), and a developer portal (customizable self-service portal for API discovery, documentation, and subscription management). APIM policies are XML-based and support transformation, caching, rate limiting, OAuth, mutual TLS, JWT validation, and circuit breaking. The developer portal is fully customizable and was redesigned with Fluent UI/React in 2025.
OCI — OCI API Gateway OCI API Gateway is an infrastructure-level managed gateway placed within an OCI VCN on a public or private subnet. It routes to OCI Functions, OKE, compute instances, and external HTTP backends. Policy support includes JWT authentication (via IDCS OAuth), API key validation, rate limiting, request/response transformation, and CORS. Pricing is $3 per million API calls. There is no native developer portal component.
GCP — Apigee Apigee is the most enterprise-complete API management solution among the four providers and is a leader in the 2025 Gartner Magic Quadrant for API Management. Apigee provides policy-driven traffic management (50+ policy types), OAuth/API key/JWT security, developer portal (Drupal-based or integrated hosted portal), API hub for enterprise-wide catalog governance, analytics and monitoring, multi-region deployment, and hybrid cloud deployment (Apigee hybrid). Apigee X runs on GCP infrastructure natively; Apigee Edge (legacy) runs on Apigee-managed infrastructure. As of 2025, Apigee also supports AI product bundling, MCP server tooling for agent-accessible APIs, and automatic API specification enhancement for LLM discoverability.
| Feature | AWS API Gateway | Azure API Management | OCI API Gateway | GCP Apigee |
|---|---|---|---|---|
| API types | REST, HTTP, WebSocket | REST, HTTP, GraphQL, SOAP, gRPC | REST, HTTP | REST, gRPC, GraphQL, WebSocket |
| Gateway tier | Infrastructure gateway | Full platform | Infrastructure gateway | Full enterprise platform |
| Developer portal | None native | Yes (customizable) | None native | Yes (Drupal-based or hosted) |
| Policy engine | Lambda authorizers, usage plans | XML policy chain (50+ built-in) | Route-level policies | Policy chain (50+ policy types) |
| OAuth / JWT | Lambda authorizer or Cognito | Native (APIM policies) | IDCS OAuth (Authorizer function) | Native (Apigee policies) |
| Rate limiting | Per-stage / per-client usage plans | Per-subscription / per-operation | Per-route, per-client-IP | Per-product / per-app |
| Analytics | CloudWatch metrics | Azure Monitor + APIM built-in | OCI Monitoring + Logging | Apigee Analytics (detailed) |
| API catalog / governance | None native | APIM Products | None native | Apigee API Hub |
| Hybrid / multi-cloud | No | Yes (self-hosted gateway) | No | Yes (Apigee hybrid) |
| Monetization | No | No | No | Yes (Apigee developer plans) |
| Pricing model | Per API call + data transfer | Per unit/hour (tiers) | $3 per million API calls | Per API call (enterprise licensing) |
Key differentiators:
- Apigee is the only offering with a native API governance catalog (API Hub), monetization, and hybrid-cloud deployment. It is categorically more capable than the other three but requires enterprise-level budget and operational investment.
- Azure APIM is the strongest mid-tier option: a full developer portal, rich XML policy chain, and SOAP/legacy API support make it the choice for enterprises modernizing mixed API estates.
- AWS API Gateway and OCI API Gateway are best suited to teams wanting a managed traffic gateway for their own cloud workloads without full API lifecycle management overhead.
8. Cloud Shell & Browser-Based IDEs
Cloud Shell provides browser-accessible, pre-authenticated terminal access to cloud resources without local tooling setup. Several providers extend this into a browser-based IDE.
AWS — AWS CloudShell + (deprecated) AWS Cloud9 AWS CloudShell is a browser-based shell embedded in the AWS Console. It runs on Amazon Linux 2023, provides 1 GB of persistent storage, and comes pre-installed with AWS CLI, AWS SAM CLI, Python, Node.js, Git, and common shell utilities. Cloud9 was AWS's cloud IDE (browser-based, collaborative, with a code editor, terminal, and debugger), but it is no longer available to new customers as of 2024. The recommended replacement is VS Code with the AWS Toolkit extension, or AWS CloudShell for scripting needs.
Azure — Azure Cloud Shell
Azure Cloud Shell runs as a managed, ephemeral container accessible from the Azure Portal, portal.azure.com, or shell.azure.com. It offers a choice of Bash (using Azure CLI) or PowerShell (using Az module). The environment includes Azure CLI, PowerShell Az module, Terraform, Ansible, kubectl, Helm, Git, and common scripting tools. It includes a built-in Monaco-based code editor accessible via code <file>. Storage is backed by an Azure Files share (512 MB persistent by default).
OCI — OCI Cloud Shell OCI Cloud Shell is a browser-based shell embedded in the OCI Console. It provides a pre-authenticated Linux environment (Oracle Linux) with the OCI CLI, Terraform, Ansible, kubectl, Maven, Git, SQLcl, Docker, and PowerShell pre-installed. 5 GB of persistent home directory storage is provided. Sessions persist as a docked frame as you navigate the Console and time out after 60 minutes of inactivity. File upload and download are supported.
GCP — Google Cloud Shell + Cloud Shell Editor Cloud Shell is a browser-accessible shell pre-installed with gcloud CLI, kubectl, Docker, Terraform, Python, Node.js, Go, Ruby, and common tools. 5 GB of persistent home directory storage is provided. Cloud Shell Editor, accessible at ide.cloud.google.com, is a full Eclipse Theia-based browser IDE with integrated terminal, Git version control, and Cloud Code extension pre-installed. Cloud Code provides first-class GKE and Cloud Run debugging. Cloud Workstations is a separate, fully managed, enterprise-grade cloud development environment based on Code-OSS (VS Code OSS) with customer-controlled container images, VPC connectivity, and IAM access control.
| Feature | AWS CloudShell | Azure Cloud Shell | OCI Cloud Shell | GCP Cloud Shell |
|---|---|---|---|---|
| Persistent storage | 1 GB | Azure Files share (512 MB default) | 5 GB home directory | 5 GB home directory |
| Shell options | Bash, Zsh, PowerShell | Bash, PowerShell | Bash, Zsh, PowerShell | Bash, Zsh, Fish |
| Pre-installed IaC | None (aws-cli only) | Terraform, Ansible | Terraform, Ansible | Terraform |
| Browser IDE | None (Cloud9 deprecated) | Monaco editor (code command) |
None built-in | Cloud Shell Editor (Theia / VS Code-based) |
| Managed cloud IDE (separate service) | None (Cloud9 deprecated) | None (use VS Code locally or Cloud Shell) | Visual Builder Studio (higher-level IDE) | Cloud Workstations (Code-OSS, enterprise) |
| Session persistence | Per console session | Per session (storage persists) | Docked to console; persists across navigation | Per session (storage persists) |
9. Application Deployment Platforms (PaaS)
These services provide managed application hosting where the developer supplies code or a container image and the platform handles server provisioning, scaling, patching, and load balancing.
AWS — Elastic Beanstalk + AWS App Runner Elastic Beanstalk is AWS's original PaaS: deploy application code (Java, .NET, PHP, Node.js, Python, Ruby, Go, Docker) and Beanstalk provisions EC2 instances, a load balancer, and Auto Scaling groups, and applies rolling deployments. The underlying infrastructure is visible and tunable. AWS App Runner (GA 2021) is a newer, fully abstracted service for containerized web applications and APIs: deploy from a container image or source code (GitHub), and App Runner handles everything including auto-scaling to zero. App Runner received VPC support, custom domains, and WAF integration in recent updates, making it production-viable.
Azure — Azure App Service Azure App Service is the most feature-rich managed PaaS among the four. It supports code deployments (Node.js, Python, Java, PHP, Ruby, .NET, static HTML) and Docker containers. App Service Plans define the underlying compute tier; multiple apps share a plan. Features include deployment slots (blue/green staging), auto-healing, custom domains with managed TLS, WebJobs for background tasks, VNet integration, and native integration with GitHub Actions and Azure Pipelines. The Premium tier supports private endpoints and zone redundancy.
OCI — No equivalent native PaaS OCI does not offer a direct equivalent to Elastic Beanstalk or App Service. Managed application hosting on OCI is addressed by OKE (Kubernetes), OCI Functions (serverless), or Oracle Container Engine combined with OCI DevOps deployment pipelines. Oracle Application Express (APEX) and ORDS cover the low-code and REST-data application tier, but not general application hosting.
GCP — App Engine App Engine is GCP's original PaaS (one of the oldest cloud PaaS services, predating EC2). It offers two environments: Standard (sandboxed, language-specific runtimes with free tier and fast scaling including scale-to-zero, supports Python, Java, Node.js, PHP, Ruby, Go) and Flexible (Docker containers on managed Compute Engine VMs, no scale-to-zero). For new containerized workloads, Google recommends Cloud Run (serverless containers) over App Engine Flexible. App Engine Standard remains a good fit for low-traffic or bursty web applications that benefit from the free tier and instant scale-to-zero.
| Feature | AWS Elastic Beanstalk | AWS App Runner | Azure App Service | GCP App Engine | OCI |
|---|---|---|---|---|---|
| Code deployment (no container required) | Yes | Yes (source code from GitHub) | Yes | Yes (Standard) | No equivalent |
| Container deployment | Yes (Docker) | Yes (ECR / container image) | Yes | Yes (Flexible) | OKE / OCI Functions |
| Scale to zero | No | Yes | No (except Consumption plan) | Yes (Standard) | OCI Functions only |
| Underlying infrastructure visible | Yes (EC2) | No | Yes (App Service Plan) | No (Standard) / Yes (Flexible VMs) | N/A |
| Deployment slots (staging) | No native | No | Yes | Yes (traffic splitting) | N/A |
| VNet / VPC integration | Yes | Yes (recent) | Yes (VNet Integration) | Limited | N/A (native VCN) |
| Managed TLS | Yes | Yes | Yes | Yes | N/A |
| Language runtimes | Java, .NET, PHP, Node.js, Python, Ruby, Go, Docker | Container image or Node.js/Python/Java source | Node.js, Python, Java, PHP, Ruby, .NET, Docker | Python, Java, Node.js, PHP, Ruby, Go (Standard) | N/A |
Key differentiators:
- Azure App Service is the most mature and fully featured general-purpose PaaS, with deployment slots, VNet integration, WebJobs, and the widest language runtime support.
- AWS App Runner is the simplest path to production for container workloads: connect a repo or image, set CPU/memory, and get a running service with no infrastructure decisions required.
- GCP App Engine Standard is still the best scale-to-zero option for bursty or low-traffic workloads given its generous free tier and instant cold-start performance.
- OCI has no native PaaS equivalent; teams needing managed application hosting on OCI should evaluate OKE with OCI DevOps or consider Cloud Run on GCP if portability is acceptable.
Summary Cross-Reference
| Category | AWS | Azure | OCI | GCP |
|---|---|---|---|---|
| CI pipeline | CodeBuild | Azure Pipelines | OCI DevOps Build Pipelines | Cloud Build |
| CD / delivery | CodePipeline + CodeDeploy | Azure Pipelines (releases) | OCI DevOps Deployment Pipelines | Cloud Deploy |
| Source repositories | CodeCommit | Azure Repos | OCI DevOps Code Repos / VB Studio | Cloud Source Repos / Secure Source Manager |
| Artifact / package registry | CodeArtifact + ECR | Azure Artifacts + ACR | Artifact Registry + OCIR | Artifact Registry (unified) |
| Container registry | Amazon ECR | Azure Container Registry | OCI Container Registry (OCIR) | Artifact Registry |
| IaC (native) | CloudFormation + CDK | ARM Templates + Bicep | Resource Manager (Terraform-based) | Infrastructure Manager (Terraform-based) |
| IaC (community standard) | Terraform (AWS provider) | Terraform (AzureRM provider) | Terraform (OCI provider) | Terraform (Google provider) |
| CLI | AWS CLI v2 | Azure CLI (az) | OCI CLI | gcloud CLI |
| SDK (primary) | boto3 (Python), AWS SDK v3 (JS) | azure-sdk-for-python / js | oci (Python), oci-java-sdk | google-cloud-python / java |
| API gateway | Amazon API Gateway | Azure API Management | OCI API Gateway | Apigee |
| Cloud shell | AWS CloudShell | Azure Cloud Shell | OCI Cloud Shell | Google Cloud Shell |
| Browser IDE | None (Cloud9 deprecated) | Monaco editor in Cloud Shell | None native | Cloud Shell Editor (Theia) |
| Managed cloud IDE | None | None | Visual Builder Studio (project hub) | Cloud Workstations |
| PaaS (code/container hosting) | Elastic Beanstalk, App Runner | Azure App Service | No native equivalent | App Engine, Cloud Run |
| Unified DevOps suite | CodeCatalyst (partial) | Azure DevOps (full suite) | Visual Builder Studio (partial) | None |
References
- AWS Developer Tools Overview
- AWS CodeCommit Returns to General Availability
- What is Azure DevOps?
- Azure API Management Key Concepts
- OCI DevOps Service
- OCI Artifact Registry Overview
- OCI Resource Manager Overview
- OCI API Gateway Overview
- Google Cloud Developer Tools
- Google Cloud Deployment Manager Deprecation
- What is Apigee?
- AWS App Runner
- Apigee Leader in 2025 Gartner Magic Quadrant