Skip to content
MyEngineeringPath

Cloud AI Platforms 2026 — AWS vs Azure vs Google for GenAI Compared

1. Introduction and Motivation

Section titled “1. Introduction and Motivation”

Why Managed AI Platforms Exist

Section titled “Why Managed AI Platforms Exist”

You have built a working prototype. It calls the OpenAI API directly, uses LangChain for RAG, and serves a handful of test users. It works. Now you need to move to production: serve thousands of users, meet SOC2 compliance requirements, implement retrieval over proprietary documents, add content filtering, and ensure the system keeps running when model API traffic spikes.

The direct API approach starts to show its limits. Authentication is a static API key that requires rotation. There are no VPC boundaries — traffic goes to the public internet. Model invocations are not logged to your audit system. When you need provisioned throughput for latency guarantees, there is no mechanism for it. And when you need RAG, you build the chunking, embedding, and retrieval pipeline yourself.

Managed AI platforms are the answer to this. AWS Bedrock, Google Vertex AI, and Azure OpenAI Service each provide a production-grade layer on top of foundation model inference: IAM-based authentication, VPC endpoints, audit logging, managed RAG, guardrails, and agent orchestration. They differ in model catalog, ecosystem integration, and compliance posture — but they solve the same class of problem.

The Decision Is Usually Made for You

Section titled “The Decision Is Usually Made for You”

In practice, most organizations choose their managed AI platform based on their existing cloud commitment. An AWS-first organization uses Bedrock. A company whose data lives in BigQuery uses Vertex AI. An enterprise standardized on Azure and Microsoft 365 uses Azure OpenAI Service.

This is the correct instinct. The infrastructure integration advantage — IAM, VPC, audit logging, data connectors — is the durable value. The model catalog is secondary; model availability is converging across platforms, and the same frontier models are increasingly accessible everywhere.

2. Real-World Problem Context

Section titled “2. Real-World Problem Context”

The Cost of Getting This Wrong

Section titled “The Cost of Getting This Wrong”

An engineering team builds a production RAG system using the OpenAI API directly. The system works in staging. Four months later, an OpenAI API outage takes down their product for four hours. They had no fallback routing, no provisioned throughput, and no alternative. The incident postmortem reveals that a managed platform with provisioned throughput and automatic retry routing would have mitigated most of the impact.

A financial services company deploys a GenAI feature that processes customer queries. A compliance review reveals that all inputs and outputs need to be logged with caller identity for audit purposes. They spend three months building a custom API proxy to add logging before discovering that Bedrock’s CloudTrail integration would have provided this automatically on day one.

A team spends two months building a document retrieval pipeline: chunking, embedding, vector storage, retrieval, and re-ranking. A colleague mentions Bedrock Knowledge Bases after the pipeline is in production. Most of what they built is now a custom maintenance burden with equivalent functionality available as a managed service.

These are not failures of engineering skill. They are failures of platform selection — specifically, choosing prototype infrastructure for production workloads.

3. Core Concepts & Mental Model

Section titled “3. Core Concepts & Mental Model”

Managed Inference

Section titled “Managed Inference”

Managed inference means the cloud provider hosts the model, serves requests, handles scaling, and charges you per token. You call an API endpoint. You manage no GPUs, no model server, no auto-scaling configuration. On-demand pricing is pay-per-token with no commitment; provisioned throughput reserves model capacity for guaranteed latency and tokens-per-minute.

Foundation Model Catalog

Section titled “Foundation Model Catalog”

A model catalog provides access to multiple foundation models through a single managed API. Instead of maintaining API keys and integration code for OpenAI, Anthropic, and Meta separately, you use one authentication mechanism and one SDK. Model IDs change; everything else stays the same. The catalog also makes model evaluation and A/B testing significantly simpler.

Provisioned Throughput

Section titled “Provisioned Throughput”

On-demand inference endpoints throttle under burst load. For user-facing applications with latency SLAs, throttling translates directly into user-visible errors. Provisioned throughput reserves model capacity — a defined number of tokens-per-minute — and is billed per hour regardless of utilization. The cost is higher but predictable, and it eliminates throttle-induced failures under load.

Managed RAG

Section titled “Managed RAG”

Managed RAG (Retrieval-Augmented Generation) handles the full pipeline: you upload documents to a data source, the platform handles chunking, embedding, vector storage, metadata indexing, and retrieval. You query the knowledge base and receive retrieved chunks. The platform keeps the index synchronized when documents change. The trade-off is reduced flexibility and schema lock-in in exchange for significantly less operational overhead.

Agent Frameworks

Section titled “Agent Frameworks”

Platform-native agent frameworks (Bedrock Agents, Vertex Agent Builder, Azure Copilot Studio) provide managed scaffolding for tool use and multi-step reasoning. You configure the agent with a model, a set of tools (API connectors, Lambda functions, knowledge bases), and optionally a prompt. The platform handles the tool-use loop. This is higher-level and less flexible than building agents with LangGraph directly, but requires significantly less code to deploy and operate.

Guardrails

Section titled “Guardrails”

Guardrails are managed content filter layers that inspect inputs before they reach the model and outputs before they reach your application. They filter harmful content, detect PII, block off-topic requests, and check whether model responses are grounded in source documents. They run as a separate layer from the model itself, with their decisions logged for compliance purposes.

4. Step-by-Step Explanation

Section titled “4. Step-by-Step Explanation”

Moving from a direct API prototype to a managed platform is not a big-bang migration. It is a step-by-step process that maps your workload requirements to platform capabilities.

Step 1: Identify Your Workload Type

Section titled “Step 1: Identify Your Workload Type”

Before choosing a platform, classify your workload. Pure inference (LLM calls only) has different requirements from RAG (retrieval + inference), which has different requirements from agent workflows (multi-step tool use + orchestration).

For pure inference: the platform decision is primarily about authentication, VPC endpoints, and provisioned throughput. Any of the three platforms works. Your existing cloud commitment decides it.

For RAG: evaluate each platform’s managed retrieval layer — Bedrock Knowledge Bases, Vertex AI Search, Azure AI Search. The right choice depends on your data source (S3, BigQuery, SharePoint) and whether the managed pipeline handles your chunking and retrieval requirements.

For agent workflows: evaluate Bedrock Agents, Vertex Agent Builder, and Azure Copilot Studio. These are higher-level than LangGraph but require less code. If your agent needs custom orchestration logic, you will use LangGraph or an agentic framework on top of the platform’s managed inference.

Step 2: Map Your Existing Cloud Commitment

Section titled “Step 2: Map Your Existing Cloud Commitment”

The right platform for your organization is almost always the one that matches your existing cloud infrastructure. This is not a shortcut — it is the correct engineering decision.

The IAM integration matters. On Bedrock, your existing IAM roles, VPC endpoints, and CloudTrail audit infrastructure extend to AI workloads immediately. On Vertex AI, your existing GCP IAM and VPC Service Controls do the same. On Azure OpenAI, your Entra ID and Azure Monitor integration carries over. Rebuilding this on a foreign platform takes months and introduces a parallel security posture to manage.

Step 3: Run a Bounded Proof of Concept

Section titled “Step 3: Run a Bounded Proof of Concept”

Do not migrate everything to a managed platform at once. Choose one new feature or one internal tool and build it end-to-end on the target platform.

For a RAG PoC: ingest a sample document corpus into the platform’s knowledge base. Build a simple query interface. Measure retrieval quality, latency, and cost against your existing self-built retrieval pipeline. If the managed pipeline does not meet your retrieval quality bar, identify whether the issue is chunking strategy, embedding model choice, or retrieval configuration — all of which are adjustable.

Step 4: Set Up Production Infrastructure

Section titled “Step 4: Set Up Production Infrastructure”

Before moving any user-facing workload to the platform, put the production infrastructure in place.

Enable VPC endpoints or PrivateLink so that model invocations never traverse the public internet. Configure IAM roles with least-privilege permissions — no access to models your application does not call. Enable audit logging (CloudTrail, Cloud Audit Logs, Azure Monitor) and verify that every invocation is captured. Deploy provisioned throughput for the models your production workload will use. Set budget alerts.

Do not skip these steps for a “quick production deployment.” The production infrastructure is the reason you chose a managed platform over the direct API.

Step 5: Migrate from Direct API to Managed Endpoint

Section titled “Step 5: Migrate from Direct API to Managed Endpoint”

Once production infrastructure is in place, migrate existing API calls to the managed endpoint.

The migration is typically straightforward: replace the API base URL and authentication method. The model is identical; only the transport changes. The Anthropic SDK, OpenAI SDK, and Google Cloud SDK all support Bedrock, Vertex AI, and Azure OpenAI respectively through endpoint configuration parameters.

After migration, verify that audit logs are capturing invocations, that VPC routing is confirmed via network flow logs, and that provisioned throughput metrics show expected utilization. Run your evaluation suite to confirm model behavior is unchanged.

5. Architecture & System View

Section titled “5. Architecture & System View”

AWS Bedrock

Section titled “AWS Bedrock”

Bedrock launched in 2023 and is the most mature of the three platforms. Its defining strength is the breadth of its model catalog and the depth of its AWS infrastructure integration.

Model catalog: Claude 3.x and 3.7 (Anthropic), Llama 3.x (Meta), Amazon Titan Text and Titan Embeddings, Mistral models, Cohere Command and Embed, Jamba (AI21 Labs), and Stability AI for image generation. This is the widest third-party model selection of the three platforms, and it is the strongest argument for Bedrock in multi-model architectures.

Inference: On-demand pricing is per-token, throttled under burst load. Provisioned throughput purchases model units — each unit represents a defined tokens-per-minute capacity — billed per hour. Cross-region inference allows automatic routing to a secondary region when primary capacity is exhausted, providing geographic redundancy without application-layer changes.

Knowledge Bases: Connects to S3, Confluence, Salesforce, SharePoint, and web crawler sources. Chunking strategies include fixed-size, semantic (sentence boundary-aware), and hierarchical (nested parent-child chunks). Supported embedding models: Amazon Titan Embeddings, Cohere Embed. Vector storage backends: OpenSearch Serverless, Aurora PostgreSQL (pgvector), Pinecone, Redis, and MongoDB Atlas. (See vector database comparison for a deeper look at self-hosted vs. managed options.) Retrieval supports hybrid search (vector plus keyword) with metadata filtering.

Bedrock Agents: Managed agent framework with tool use via API connectors (OpenAPI schema definition), AWS Lambda function calling, and a code interpreter action group. Supports sub-agents (agent-to-agent delegation) and inline agents (dynamically constructed at request time). The orchestration model is sequential and configured at deployment time — less flexible than LangGraph’s conditional graph model, but requires significantly less code to operate.

Guardrails: Content filters for hate speech, violence, sexual content, and misconduct. PII detection with configurable anonymization or blocking. Topic blocking to prevent the model from discussing specified subjects. Grounded answers check verifies that the model’s response is supported by the retrieved source documents. All Guardrails decisions are logged to CloudTrail.

Security: IAM roles for authentication — no static API keys, no key rotation. VPC endpoints and PrivateLink route model invocations within your AWS network boundary, never traversing the public internet. CloudTrail logs every InvokeModel call with caller identity, model ID, and timestamp. Content logging is optional and configurable. Compliance: SOC 2 Type II, HIPAA, ISO 27001, PCI DSS, FedRAMP Moderate.

Google Vertex AI

Section titled “Google Vertex AI”

Vertex AI is Google Cloud’s managed AI platform, substantially rebuilt around Gemini as the primary model in 2024. Its defining strengths are Gemini’s long context window, native multimodality, and deep integration with Google’s data platform.

Model catalog: Gemini 1.5 Flash, Gemini 1.5 Pro, Gemini 2.0 Flash, Gemini 2.0 Pro (Google), Gemma 2 open-source models (Google), Llama 3.x (Meta), Mistral models, and Claude via Model Garden partnership. The catalog is smaller than Bedrock’s for third-party models, but first-party Gemini access is unmatched here.

Gemini context window: Gemini 1.5 Pro supports a 1M+ token context window; Gemini 2.0 extends this further. At these context lengths, retrieval patterns change. It becomes feasible to pass an entire codebase, a long legal document, or a large structured dataset directly to the model rather than chunking and retrieving. This is a genuine architectural differentiator for specific workloads — not a benchmark number.

Grounding: Vertex AI offers two grounding mechanisms unavailable elsewhere. Vertex AI Search grounding retrieves over your enterprise documents with citations linked back to source chunks. Google Search grounding connects the model to live web results, returning factual answers with source URLs. For applications that require current information — regulatory filings, product availability, recent events — this eliminates a web-crawling pipeline.

Data integration: Native connectors to BigQuery (text-to-SQL generation, embedding generation over structured data), Dataflow, Cloud Storage, AlloyDB, and Spanner. If your data team is on BigQuery, running semantic search over data that already lives there — without an export pipeline — changes the operational picture significantly.

Multimodal: Gemini handles text, images, video, and audio with a single model. For applications that process mixed media — medical imaging with clinical notes, video with transcripts, documents with embedded figures — this simplifies the architecture considerably compared to coordinating separate specialized models.

Agent Builder: Pre-built agent templates, Dialogflow CX integration for voice and conversational interfaces, tool use with Google Workspace and enterprise data sources. Less mature than Bedrock Agents for complex multi-step workflows, but well-suited to enterprise knowledge management and customer-facing use cases on GCP.

Security: VPC Service Controls isolate Vertex AI resources. IAM roles handle authentication. Cloud Audit Logs capture all API calls. Compliance: SOC 2 Type II, HIPAA, ISO 27001, PCI DSS, FedRAMP Moderate.

Azure OpenAI Service

Section titled “Azure OpenAI Service”

Azure OpenAI Service is distinct from the other two platforms in an important way: it is not a multi-model marketplace. It is a managed deployment of OpenAI’s models within Azure’s infrastructure and security perimeter.

Available models: GPT-4o, GPT-4o mini, o1, o1-mini, o3-mini, text-embedding-3-large, text-embedding-3-small, DALL-E 3, Whisper. Access is limited to OpenAI’s model family. If you need Claude or Llama, Azure OpenAI is not the right platform.

Deployment model: Unlike Bedrock’s shared endpoint, Azure OpenAI deploys models to your Azure subscription in your chosen region. You have a dedicated deployment with provisioned throughput configured to your capacity requirements. Traffic is isolated within your Azure tenant.

Microsoft enterprise integration: Azure Active Directory (Entra ID) handles authentication — the same identity system your organization uses for Microsoft 365, internal applications, and Azure infrastructure. Azure Monitor provides observability across all Azure resources including AI workloads. Microsoft Defender for Cloud extends threat detection to AI services. For enterprises standardized on Microsoft tooling, this integration means AI security and access control are governed by the same team and processes that govern the rest of the infrastructure.

Compliance certifications: SOC 2 Type II, HIPAA BAA, FedRAMP High, ISO 27001, PCI DSS, GDPR. FedRAMP High is the most demanding of these certifications and is currently exclusive to Azure OpenAI among managed AI platforms. It is required for U.S. federal government workloads.

Azure AI Content Safety: Content filtering with configurable severity thresholds, groundedness detection (verify model responses against source documents), prompt shield (jailbreak detection and indirect prompt injection detection), and protected material detection for copyright. More granular for prompt injection detection than Bedrock Guardrails.

Azure AI Search: Managed vector search integrated with Azure Blob Storage, SharePoint, SQL databases, and Cosmos DB. Supports hybrid retrieval (BM25 keyword plus vector), semantic re-ranking, and integrated chunking pipelines. Works natively with Azure OpenAI embedding models.

Copilot Studio: Low-code agent builder with native connectors to Microsoft 365 data — Teams conversations, Outlook email, SharePoint documents, Dynamics 365 records. For enterprises building internal knowledge assistants over Microsoft 365 content, Copilot Studio reduces development time significantly compared to a custom RAG pipeline.

📊 Visual Explanation

Section titled “📊 Visual Explanation”

The following diagram shows how a request flows through the managed layers from your application down to the foundation model.

Cloud AI Platform Stack

Managed layers from your application to the foundation model

Your Application
API calls via SDK or REST
Agent Orchestration
Bedrock Agents / Agent Builder / Copilot Studio
RAG & Knowledge Retrieval
Knowledge Bases / Vertex Search / Azure AI Search
Managed Inference
On-demand & provisioned throughput endpoints
Foundation Model Catalog
Claude, GPT-4o, Gemini, Llama, Mistral
Security & Compliance
IAM, VPC, Guardrails, Content Filters, Audit Logs
Idle

The comparison below covers the two most commonly evaluated platforms for greenfield projects. Azure OpenAI’s differentiation is primarily around Microsoft ecosystem integration and compliance certifications rather than model features, which makes a feature-by-feature comparison less useful than the infrastructure narrative above.

AWS Bedrock vs Google Vertex AI

AWS Bedrock
Broadest model catalog, enterprise AWS integration
  • Largest model catalog: Claude, Llama, Titan, Mistral, Cohere
  • Bedrock Agents with Knowledge Bases and tool use
  • Guardrails: content filtering, PII detection, topic blocking
  • Native IAM, VPC, PrivateLink, CloudTrail integration
  • Provisioned throughput with cross-region failover
  • Higher cost per token vs self-hosted at very high volume
  • Agent framework less flexible than code-level orchestration
VS
Google Vertex AI
Gemini-native, multimodal, data platform integration
  • First-party Gemini access: 1M+ token context window
  • Grounding with Google Search for real-time data
  • Deep BigQuery and Dataflow integration
  • Multimodal by default: text, image, video, audio
  • Agent Builder with Dialogflow and tool integration
  • Smaller third-party model catalog than Bedrock
  • Agent tooling less mature than Bedrock Agents
Verdict: Bedrock for multi-model flexibility; Vertex AI for Google-native workloads
Use AWS Bedrock when…
Use Google Vertex AI when…

6. Practical Examples

Section titled “6. Practical Examples”

Example: Calling Claude via the Direct API vs. via Bedrock

Section titled “Example: Calling Claude via the Direct API vs. via Bedrock”

The model and response are identical. What changes is authentication, transport, and the infrastructure layer around the call.

Direct Anthropic API call:

import anthropic


client = anthropic.Anthropic(api_key="sk-ant-...")  # static key, rotation required
response = client.messages.create(
    model="claude-3-5-sonnet-20241022",
    max_tokens=1024,
    messages=[{"role": "user", "content": "Summarize this document: ..."}]
)

The same call via AWS Bedrock:

import boto3
import json


client = boto3.client("bedrock-runtime", region_name="us-east-1")
# Authentication: IAM role assumed by the execution environment. No API key.
# Traffic: routes through VPC endpoint if configured. Never hits public internet.
# Logging: every call captured by CloudTrail automatically.


response = client.invoke_model(
    modelId="anthropic.claude-3-5-sonnet-20241022-v2:0",
    body=json.dumps({
        "anthropic_version": "bedrock-2023-05-31",
        "max_tokens": 1024,
        "messages": [{"role": "user", "content": "Summarize this document: ..."}]
    })
)
result = json.loads(response["body"].read())

The application logic is nearly identical. The infrastructure difference is significant: IAM authentication, VPC routing, CloudTrail audit logging, and the ability to use provisioned throughput — all available on Bedrock without any additional code.

Example: Bedrock Guardrails Configuration

Section titled “Example: Bedrock Guardrails Configuration”

A Guardrails configuration for a customer-facing support assistant:

import boto3


bedrock = boto3.client("bedrock", region_name="us-east-1")


response = bedrock.create_guardrail(
    name="customer-support-guardrail",
    contentPolicyConfig={
        "filtersConfig": [
            {"type": "HATE", "inputStrength": "HIGH", "outputStrength": "HIGH"},
            {"type": "VIOLENCE", "inputStrength": "MEDIUM", "outputStrength": "HIGH"},
        ]
    },
    sensitiveInformationPolicyConfig={
        "piiEntitiesConfig": [
            {"type": "EMAIL", "action": "ANONYMIZE"},
            {"type": "CREDIT_DEBIT_CARD_NUMBER", "action": "BLOCK"},
        ]
    },
    topicPolicyConfig={
        "topicsConfig": [
            {
                "name": "competitor-products",
                "definition": "Questions about competitors' products or pricing",
                "examples": ["How does your product compare to [competitor]?"],
                "type": "DENY"
            }
        ]
    },
    blockedInputMessaging="I cannot respond to this type of request.",
    blockedOutputsMessaging="I cannot provide that information."
)

This guardrail anonymizes email addresses, blocks credit card numbers, prevents competitor discussions, and filters harmful content — all configured declaratively, with decisions logged to CloudTrail.

Choosing Your Platform

Section titled “Choosing Your Platform”

The most common mistake in platform selection is choosing based on the model rather than the infrastructure. Model availability is converging — Claude is on both Bedrock and Vertex AI, Llama is on all three, and cross-platform access is expanding. The infrastructure integration is the durable differentiator.

You are already on AWS. Use Bedrock. IAM authentication alone is significant — no API key rotation, credentials tied to your existing identity posture. VPC endpoints and PrivateLink mean zero traffic on the public internet. CloudTrail logging is automatic. Adding a new GenAI capability requires the same access control and audit patterns as any other AWS service. Multi-model flexibility is an additional benefit for teams that need to route between Claude, Llama, and Cohere based on task requirements.

You are on GCP or your data team uses BigQuery and Dataflow. Use Vertex AI. The data integration advantage is real — running semantic search over data in BigQuery without an export pipeline changes the operational picture significantly. Grounding with Google Search is a capability with no equivalent on other platforms. If you need Gemini’s long context window for processing large documents or entire codebases, Vertex AI is the only platform with first-party access.

You are on Azure or your organization uses Microsoft 365. Use Azure OpenAI. Entra ID authentication, Azure Monitor observability, and Microsoft Defender integration connect AI workloads to your existing security and governance posture. Copilot Studio’s native connectors to Teams, SharePoint, and Dynamics 365 significantly reduce time to build knowledge assistants over Microsoft 365 content. FedRAMP High certification, if relevant to your industry, makes Azure OpenAI the default choice with no alternative.

You need multi-model flexibility and have no existing cloud commitment. Bedrock. Switching between Claude 3.7 Sonnet and Llama 3.3 70B is a one-line model ID change. You can A/B test models, route different task types to different models based on cost or capability, and build fallback routing between models. This is the strongest version of Bedrock’s value proposition.

You need GPT-4o or o1 specifically. Azure OpenAI or the direct OpenAI API. Azure adds enterprise security features at comparable cost and keeps traffic within your Azure network boundary. If you are already on Azure, Azure OpenAI gives you compliance and network integration benefits. If you are not, the direct API is simpler.

You are in a regulated industry. All three platforms have SOC 2, HIPAA, and PCI DSS certifications. FedRAMP High is Azure OpenAI only. For most regulated industries, the deciding factor is your existing cloud commitment combined with which compliance certifications your legal team requires.

7. Trade-offs, Limitations & Failure Modes

Section titled “7. Trade-offs, Limitations & Failure Modes”

Cost at Scale

Section titled “Cost at Scale”

Managed inference carries a cost multiplier over a raw model API — typically 1.1x to 1.5x, depending on the platform and model. At very high volume (above 10 billion tokens per month), self-hosting open-source models on dedicated GPU instances often becomes cheaper on a pure compute basis. Most teams do not reach this volume.

More importantly, the total cost comparison must include engineering time to build and operate the self-hosted stack: GPU provisioning, model server deployment, auto-scaling, security hardening, monitoring, and on-call burden. This cost is consistently underestimated. Managed platforms are the correct financial decision for the vast majority of production workloads.

Vendor Lock-in

Section titled “Vendor Lock-in”

The managed inference layer is relatively portable. Your prompts, application logic, and evaluation suite work against any endpoint — only the model ID and SDK initialization change. The managed RAG pipeline is the most lock-in-heavy component. Bedrock Knowledge Bases schema, Vertex AI Search configuration, and Azure AI Search indices are all proprietary. A migration requires re-chunking, re-embedding, and re-validating retrieval quality.

Design your application so the retrieval interface is abstracted — a function that returns chunks, regardless of what is behind it — rather than scattering SDK-specific calls throughout the application. This does not eliminate migration cost, but it contains it.

Model Dependency

Section titled “Model Dependency”

Azure OpenAI’s catalog is tied entirely to OpenAI’s roadmap. If OpenAI deprecates a model or changes behavior in a version update, your options on Azure OpenAI are limited. Bedrock and Vertex AI offer more model diversity as a hedge against single-vendor dependency. This consideration matters more for systems with a long expected lifespan where the AI landscape five years from now is uncertain.

Latency

Section titled “Latency”

Provisioned throughput consistently outperforms on-demand, not because the model runs faster, but because on-demand endpoints throttle under load and introduce queuing delays. Geographic placement matters at tight latency budgets — a <200ms end-to-end SLA becomes difficult to meet if the inference endpoint is in a different region from your application. Place inference endpoints in the same region as your application servers.

Observability Gap

Section titled “Observability Gap”

Platform-native logging gives you what went in and what came out. It does not give you prompt version history, per-feature cost attribution, regression detection when model behavior changes, or evaluation scores over time. Production systems typically add LangFuse, LangSmith, or Helicone on top of platform logging. These tools track prompt templates, compare output quality across versions, and attribute token spend to application features. Budget the integration work.

8. Interview Perspective

Section titled “8. Interview Perspective”

“Which managed AI platform would you recommend?” Start with your existing cloud infrastructure. For a broader set of GenAI interview questions by level, see the interview guide. “Which cloud provider does your organization primarily use?” is the right first question. Platform selection relative to existing cloud commitment is the most defensible architectural answer and reflects how decisions are actually made. If pressed for a greenfield recommendation with no cloud preference, Bedrock is a reasonable default given model catalog breadth and maturity.

“What is the difference between calling Claude directly and calling it via Bedrock?” The model is identical; the infrastructure wrapper is different. Via Bedrock: authentication via IAM (no API keys to rotate or leak), network traffic via VPC endpoints (no public internet), CloudTrail logging of all invocations (compliance audit trail), provisioned throughput (predictable latency and cost), Guardrails integration (content filtering and PII detection). The direct API is simpler; Bedrock adds the production infrastructure layer.

“How would you handle model version stability in production?” Pin specific model version identifiers — not aliases. Treat model version updates the same way you treat library dependency updates: they go through a staging environment, run against your evaluation suite, and are promoted to production deliberately. Model “upgrades” can silently change output format, response length, or instruction-following behavior. A regression that reaches production is difficult to diagnose because the application code has not changed.

“How do you control costs in a production GenAI system?” Several layers: provision capacity for baseline load (predictable cost); implement semantic caching to serve repeated queries from cache; enforce per-request token limits to prevent runaway prompts; attribute token spend to individual features so you can identify expensive use cases; set budget alerts at 50% and 80% of monthly spend. The most common cost surprise is a new feature or prompt length change that doubles usage before anyone notices.

“What is a guardrail and when would you use one?” A guardrail is a managed content filter layer that inspects inputs before they reach the model and outputs before they reach your application. Use guardrails when the system accepts input from users you do not fully trust, when you need compliance documentation for content moderation decisions, or when you want defense-in-depth against prompt injection. Guardrails are not a substitute for application-level input validation — they are a backstop layer.

9. Production Perspective

Section titled “9. Production Perspective”

Always use provisioned throughput in production. On-demand endpoints are correct for development and low-volume internal tools. For any workload with user-facing latency requirements or traffic that spikes, on-demand throttling will cause cascading failures. The cost difference between on-demand and provisioned throughput is real but predictable; the cost of a production incident from throttle-induced failures is not.

Pin model versions. Major cloud platforms periodically update the models behind version aliases — what a generic model name resolves to may change. Pin to a specific model version identifier in your production deployment. Review and promote updates through the same pipeline as code changes.

Log all inputs and outputs at the platform level. Most regulated industries require this. Beyond compliance, model invocation logs are essential for debugging: when a user reports bad output, you need to see exactly what the model received and returned. Platform-level logging captures this regardless of what happens in the application layer.

Put your cloud AI platform behind an internal API proxy. A thin API gateway in your own infrastructure provides significant operational value: swap providers or models without modifying application code, add per-caller rate limiting, inject observability that spans multiple cloud providers, and route specific request types to different models. This proxy pattern is one of the most consistently valuable architectural decisions in production GenAI systems.

Set budget alerts early. Token usage grows non-linearly. Configure alerts at 50% and 80% of your expected monthly budget. Set a hard limit at 110% to catch runaway usage before it becomes a significant financial event.

Treat system prompts as code. Version-control them, review changes in pull requests, and deploy through your normal deployment pipeline. System prompts with a change history, reviewers, and a rollback path are operationally safer than prompts stored in environment variables.

10. Summary & Key Takeaways

Section titled “10. Summary & Key Takeaways”

All three platforms solve the same core problem: managed model inference with enterprise-grade security, compliance, and retrieval capabilities. The differences are meaningful but primarily reflect ecosystem integration rather than fundamental capability gaps.

AWS Bedrock is the right choice for AWS-first organizations. The broadest model catalog, the most mature agent framework, deep IAM and VPC integration, and comprehensive compliance certifications make it the default for teams already operating on AWS.

Google Vertex AI is the right choice for teams on GCP or with significant investment in Google’s data platform. Gemini’s long context window and native multimodality are genuine architectural advantages for specific workloads. Grounding with Google Search has no equivalent on other platforms.

Azure OpenAI Service is the right choice for enterprises on Azure or Microsoft 365. The compliance certifications — particularly FedRAMP High — and the depth of Microsoft enterprise integration make it the practical choice for regulated industries and organizations standardized on Microsoft tooling.

The model you use matters less than the infrastructure integration. Model availability across platforms is converging, and the same frontier models are increasingly accessible everywhere. Start with your existing cloud commitment, and let the model choice follow from it.

Key takeaways:

  • Platform selection is an infrastructure decision, not a model decision. Your existing cloud commitment is the primary input.
  • Always use provisioned throughput in production. On-demand throttles under load. The cost difference is predictable; the cost of a throttle-induced incident is not.
  • The managed RAG pipeline (Knowledge Bases, Vertex Search, Azure AI Search) is the most lock-in-heavy component. Abstract your retrieval interface so the underlying platform is swappable.
  • Pin model versions and treat updates like dependency updates: test before promoting to production.
  • Put the platform behind an internal API proxy. This abstracts the provider, enables cross-provider routing, and adds observability without coupling application code to a specific SDK.
  • Log all inputs and outputs at the platform level from day one. Retrofitting audit logging into a running system is significantly harder.
Section titled “Related”