Product Comparison

Alibaba Cloud for AWS Professionals

●

Alibaba Cloud for AWS Professionals

Overview

Alibaba Cloud for AWS Professionals

Contents

1. Objective

2. Why Alibaba Cloud

3. Portal websites

4. Regions and zones

5. Endpoints

6. Accounts, constraints, and pricing

6.1 Accounts

6.2 Service constraints

6.3 Pricing

7. Resource management interfaces

7.1 Web based console

7.2 Rest API

7.3 Command line interface (CLI)

8. Types of cloud services

9. Services

1. Objective

This document is intended to help professionals, such as engineers, architects, and operations and

maintenance (O&M) personnel, who are familiar with AWS services to understand how to navigate

through Alibaba Cloud services. This document compares Alibaba Cloud with AWS in terms of

products, characteristics, and solution architecture to reveal the similarities and differences between

the two cloud providers regarding concepts, terminologies, and implementation. In addition, it

provides quick-reference mappings of AWS products, concepts, and terminology to the

Product Comparison Alibaba Cloud for AWS Professionals

corresponding products, concepts, and terminology on Alibaba Cloud. This section provides a general

overview of the services provided by the two cloud providers. For more information, please navigate

to the relevant categories for specific products.

2. Why Alibaba Cloud

Founded in 2009, Alibaba Cloud provides a comprehensive set of cloud computing services with

global coverage to help you develop your businesses. Alibaba Cloud is the cloud computing branch

of Alibaba Group, serving the internal demands of Alibaba’s extensive e-commerce ecosystem,

including Taobao, Tmall, and Alipay. According to the Gartner’s report

Market Share Analysis: Public

Cloud Services, Worldwide, 2016

, Alibaba Cloud is the third largest cloud service provider globally.

Alibaba Cloud is also the leader of the Chinese market, with more than 40 cloud computing products

and services, spanning across 16 data center regions globally.

3. Portal websites

Like AWS, Alibaba Cloud has two portals, namely the Chinese Portal and Global Portal, which provide

services for enterprises and individuals who are registered in China and abroad, respectively. The

Global Portal consists of a bilingual console (English and Chinese) and a multilingual website (English,

Chinese, and Japanese). On either portal, users can browse and read about Alibaba Cloud products

and services, as well as register or log on to the portal to purchase and manage their cloud services.

Because laws and security regulations vary from region to region and from country to country, the

Chinese portal differs from the global portal to some extent in terms of products, solutions, support

services, and marketplace product offerings. Due to exchange rates and local tax rates, prices on the

Chinese portal and global portal may vary as well. For pricing details, see Pricing on Chinese Portal

and Pricing on Global Portal.

To launch services in China and internationally, you do not need to have separate accounts on the

Chinese Portal and Global Portal. For more information, see 6.1 Accounts.

4. Regions and zones

AWS resources are distributed globally in multiple positions, and these positions are marked by

regions and zones. A region is a cluster of data centers. Each region represents a geographically

separate area, and may be composed of multiple separate zones.

Alibaba Cloud uses the same concept and terminologies: regions and zones. Regions are located in

different cities around the world, whereas zones are physical areas within the same region but with

independent power grids and networks.

For the full list of our regions and zones, see Regions and Zones.

Element AWS Term Alibaba Cloud Term

Cluster of data centers and

services

Region Region

Product Comparison Alibaba Cloud for AWS Professionals

Note: The availability of regions and zones do not apply to all products of Alibaba Cloud. The

zones of some services are transparent to users, such as for Object Storage Service (OSS) and

Elastic Compute Service (ECS) images, while other services run on multiple regions by default,

such as DNS and CDN.

5. Endpoints

An endpoint is the web address (URL) of your service, which can be accessed by a client application.

To reduce the network latency of application requests, most AWS services are provided with

endpoints to optimize user requests.

Alibaba Cloud uses the same design to provide endpoints for most services. For the list of endpoints

of Object Storage Service, see OSS Endpoints.

6. Accounts, constraints, and pricing

6.1 Accounts

Like AWS, Alibaba Cloud users are required to create and configure accounts before purchasing and

using Alibaba Cloud services. For details about operating procedure, see Create an Alibaba Cloud

Account. After the procedure is complete, you can log in to Alibaba Cloud console and purchase

services. You only need one Alibaba Cloud account to operate globally and within China. This greatly

simplifies billing, account management, and service deployments for products and services that are

launched internationally.

To purchase an ECS server that is located within the Mainland China territory, you will need to comply

with China’s real-name authentication requirements. For more information, see Real-name

Registration. The order generated based on the services you purchase will be sent to your account.

You can query and download the billing on the Billing Management Page.

6.2 Service constraints

Alibaba Cloud sets default service purchase quotas and constraints on accounts, which are similar to

the account constraints on AWS. These limits are set to ensure optimized performance and security

for users. Some of the quotas can be increased by opening a ticket on the Console. Visit ECS Limits

Abstracted data center Availability zone Zone

Edge node Edge Network Location Edge node

Element AWS Term Alibaba Cloud Term

Entry point to a service Endpoint Endpoint

Product Comparison Alibaba Cloud for AWS Professionals

to familiarize and understand the quotas and constraints set for ECS products and services.

6.3 Pricing

Like AWS, Alibaba Cloud employs different billing methods and prices for different services, allowing

you to choose the proper billing model for your needs. The two main types of billing methods are

Subscription and Pay-As-You-Go. Subscription is more economical for long term usage, while Pay-As-

You-Go is better for small-scale, experimental usage of Alibaba Cloud products. For details about

pricing, see Pricing Page.

7. Resource management interfaces

7.1 Web based console

The AWS web based console is an important entry point for AWS to manage service resources.

Alibaba Cloud also provides a web based console on which users create, manage, and monitor their

resources. You can also use the Management Terminal on the console to connect directly to Alibaba

Cloud servers. For details about the web based console, visit the Console Page.

7.2 Rest API

Both AWS and Alibaba Cloud provide REST APIs for most functions provided by the console.

7.3 Command line interface (CLI)

Like AWS, Alibaba Cloud provides a CLI through which users can interact with and manage cloud

computing services and resources. AWS provides an Amazon CLI tool, while Alibaba Cloud provides

an Alibaba Cloud CLI tool. The CLI tools provide standard CLIs for most cloud computing services and

are compatible with mainstream OSs, including Windows, Linux, and Mac OS X.

8. Types of cloud services

The following sections compare general cloud computing services and the relevant characteristics of

AWS and Alibaba Cloud, respectively.Generally speaking, cloud services are composed of a set of

basic services, falling into computing, storage, network, and database services. Basic AWS and

Alibaba Cloud services include:

Element AWS Term Alibaba Cloud Term

Web-based console Console Console

REST API API API

Command line interface Amazon CLI Alibaba Cloud CLI

Product Comparison Alibaba Cloud for AWS Professionals

Upper layer services can be created on these basic services through user platforms. Typically, these

upper layer services fall into:

Security Services

These services are employed to protect user data, applications, and services as well as to prevent

malicious attacks. For example, AWS provides AWS Shield Standard/Advanced and AWS WAF, and

Alibaba Cloud offers Anti-DDoS Basic/Pro, Web Application Firewall, and Server Guard.

Management Services

These services are employed to help users trace cloud applications and manage application

permissions and keys. For example, AWS has CloudWatch, Identity and Access Management (IAM),

and Key Management Service (KMS), and Alibaba Cloud has CloudMonitor, Resource Access

Management, and Key Management Service.

Domains & Websites

These services are employed to provide users with products and services for website development.

This includes Domain Name System (DNS) services, domain names purchasing and management, and

website building tools. Examples include AWS Route 53 and Alibaba Cloud Web Hosting, DNS, and

Domains.

Big Data Analytics Services

These services are employed to process a massive amount of data. AWS products include AWS

Kinesis, and EMR, and Alibaba Cloud products include MaxCompute, E-MapReduce, DataWorks, and

DataV.

Category AWS Alibaba Cloud

Computing

Elastic Compute Cloud (EC2),

EC2 Elastic GPUs, Auto

Scaling, Elastic Container

Service (ECS)

Elastic Compute Service

(ECS), Elastic GPU Service

(EGS), Auto Scaling,

Container Service

Storage

Amazon Simple Storage

Services (S3), DynamoDB,

SimpleDB, CloudFront, Elastic

File System (EFS)

Object Storage Service (OSS),

Table Store, Alibaba Cloud

CDN, Network Attached

Storage (NAS)

Network

Virtual Private Cloud (VPC),

Direct Connect, Direct

Connect, NAT Gateway, ELB,

Elastic IP Addresses, VPN

Gateway

Virtual Private Cloud (VPC),

Express Connect, Express

Connect, NAT Gateway, SLB,

Elastic IP, VPN Gateway

Database

Relational Database Service

(RDS), ElastiCache,

DynamoDB, Database

Migration Services (DMS)

ApsaraDB for RDS, ApsaraDB

for Redis, ApsaraDB for

MongoDB, HybridDB for

PostgreSQL, Data

Transmission Service (DTS)

Product Comparison Alibaba Cloud for AWS Professionals

Application Services

These services are used to optimize cloud providers’ application architectures. For example, AWS

has SNS and Alibaba Cloud has Message Service.

Media Services

These services are employed to help users to create media application and platform on cloud. For

example, AWS has Elemental MediaLive and Elastic Transcoder, and Alibaba Cloud has ApsaraVideo

Live and ApsaraVideo for Media Processing.

9. Services

The following table provides a one-to-one mapping of the services provided by AWS and Alibaba

Cloud (global portal):

Compute

Storage & CDN

Networking

Description AWS Alibaba Cloud

Virtual Servers Elastic Compute Cloud (EC2)

Elastic Compute Service

(ECS)

GPU Servers EC2 Elastic GPUs Elastic GPU Service (EGS)

Auto Scale Auto Scaling Auto Scaling

Container Management

Elastic Container Service

(ECS)

Container Service

Description AWS Alibaba Cloud

Object Storage

Amazon Simple Storage

Services (S3)

Object Storage Service (OSS)

NoSQL Database DynamoDB ,SimpleDB Table Store

Content Delivery CloudFront Alibaba Cloud CDN

Shared File Storage Elastic File System (EFS)

Network Attached Storage

(NAS)

Description AWS Alibaba Cloud

Networking Virtual Private Cloud (VPC) Virtual Private Cloud (VPC)

Dedicated Network Direct Connect Express Connect

NAT Gateway NAT Gateway NAT Gateway

Load Balancing Elastic Load Balancing (ELB) Server Load Balancer (SLB)

Product Comparison Alibaba Cloud for AWS Professionals

Databases

Security

Monitoring & Management

Domains & Websites

Elastic IP Elastic IP Addresses Elastic IP

Cross-premises Connectivity VPN Gateway VPN Gateway

Description AWS Alibaba Cloud

Relational Database

Relational Database Service

(RDS)

ApsaraDB for RDS

Caching ElastiCache ApsaraDB for Redis

Elastic Data Warehouse RedShift HybridDB for PostgreSQL

NoSQL - Document Storage N/A ApsaraDB for MongoDB

Database Migration

Database Migration Services

(DMS)

Data Transmission Service

(DTS)

Description AWS Alibaba Cloud

DDoS Mitigation AWS Shield - Standard Anti-DDoS Basic

DDoS Mitigation AWS Shield - Advanced Anti-DDoS Pro

Mobile Security N/A Mobile Security

Web Application Security

Web Application Firewall

(WAF)

Web Application Firewall

Instance Security N/A Server Guard

Certificate Service Certificate Manager SSL Certificates Service

Description AWS Alibaba Cloud

Monitoring CloudWatch CloudMonitor

Authentication and

Authorization

Identity & Access Manager

(IAM)

Resource Access

Management

Encryption Key Management Service Key Management Service

Resource Orchestration CloudFormation

Resource Orchestration

Service

Description AWS Alibaba Cloud

Web Applications Elastic Beanstalk Web Hosting

Product Comparison Alibaba Cloud for AWS Professionals

●

Analytics

Application Service

Media Services

Compute

Alibaba Cloud for AWS Professionals

Contents

1. Virtual servers

1.1 Login instance

Domain Name Route 53 Domains

Domain Name System (DNS) Route 53 Alibaba Cloud DNS

Description AWS Alibaba Cloud

Big Data Processing Amazon EMR MaxCompute ,E-MapReduce

Data Visualization N/A DataV

Development Platform N/A DataWorks

Description AWS Alibaba Cloud

Notification Service

Amazon Simple Notification

Service (SNS)

Message Service

API Service API Gateway API Gateway

Log Service

Amazon Kinesis Data

Firehose

Log Service

Email Sending and Receiving Amazon Simple Email Service DirectMail

Description AWS Alibaba Cloud

Live Video Streaming AWS Elemental MediaLive ApsaraVideo Live

Media Transcoding Service AWS Elastic Transcoder

ApsaraVideo for Media

Processing

Product Comparison Alibaba Cloud for AWS Professionals

●

1.2 Instance images

2. Automatic scalings

3. Container service

4. High performance computing

This article discusses the main differences and similarities between AWS and Alibaba Cloud compute

services. It covers the following products:

1. Virtual servers

Both AWS EC2 and Alibaba Cloud ECS provide virtual servers for cloud computing. Virtual servers, or

virtual machines, provide IaaS services to users. Alibaba Cloud and AWS servers share similar

terminologies and concepts, as shown in the following table:

1.1 Login instance

Feature AWS Alibaba Cloud

Virtual Servers Elastic Compute Cloud (EC2)

Elastic Compute Service

(ECS)

Block Storage EBS ECS Disk

Automatic Scaling Auto Scaling Auto Scaling

Container Service EC2 Container Service (ECS) Container Service

High Performance

Computing

High Performance

Computing (HPC)

Elastic High Performance

Computing (E-HPC)

Feature Amazon EC2 Alibaba Cloud ECS

Virtual machine Instance Instance

Images Amazon Machine Image Images

Temporary Instance Type Spot instance Spot instance

Firewall Security Group Security Group

Automatic Instance Scaling Auto Scaling Auto Scaling

Persistent Block Storage of

Instances

Elastic Block Store Cloud Disk

Local Mount Disk Instance storage Local disk

Shared Block Storage N/A Shared Block Storage

Disk Volume Backup Snapshot Snapshot

VM Import RAW, OVA, VMDK, and VHD RAW, VHD

Deployment Location Zone Zone

Product Comparison Alibaba Cloud for AWS Professionals

AWS and Alibaba Cloud allows you to connect to your virtual server through SSH protocol. Alibaba

Cloud also allows you to connect directly to the server using the Management Terminal on the

console.

Connecting through SSH protocol: Alibaba Cloud ECS and AWS EC2 differ in login instance methods.

Though both servers provide SSH keys for login, Alibaba Cloud allows an SSH key to be created after

an instance startup is successful and a login after the instance is bound. Furthermore, Alibaba Cloud

ECS provides the username + password login method for users who are not familiar with SSH keys.

Connecting by Management Terminal: Besides the method of connecting to your virtual machine by

SSH client tools, Alibaba Cloud provides an easy way to allow users to connect to ECS directly by

Management Terminal (also called VNC) on the console. VNC connection is a better option if you are

checking the boot procedure, configuring BIOS during startup, reconfiguring the firewall, or

troubleshooting when the instance malfunctions.

Alibaba Cloud ECS and AWS EC2 employ the same method to categorize VM instances by

specifications and types, but the categorization differs in terms of CPU, memory, storage

performance, and network capability. AWS EC2 categorizes instances by configuration, while Alibaba

Cloud ECS categorizes instances into different families by application scenarios. Each family is

composed of different instance types. Learn more about Alibaba Cloud ECS instance families at

Alibaba Cloud ECS Instance Families.

Alibaba Cloud ECS provides multiple types of instance families and configurations to meet business

requirements and performance requirements in different scenarios. The following table lists AWS EC2

instance types and Alibaba Cloud ECS instance families.

TargetGroup Scenario

AWS EC2 Instance

Type

Alibaba Cloud ECS

Instance Family

Entry Level General Type t2 t5

EnterPrise Level

General type m4, m5 g5

Computing instance c4, c5 c5

High-frequency

computing instance

c5 c4, cm4, ce4, hfc5

Memory instance

r4 r5, re4

x1 se1

Big data instance d2 d1

Local SSD instance i2, i3 i1, i2

Instance of high

capability of packet

forwarding

N/A sn1ne, sn2ne, se1ne

GPU visualization

computing instance

g2, g3 ga1

GPU computing

instance

p2, p3 gn4, gn5

Product Comparison Alibaba Cloud for AWS Professionals

1.2 Instance images

Instance image refers to the running environment template for virtual machine instances. AWS EC2

and Alibaba Cloud ECS use images to create instances. AWS instance images are referred to as

Amazon Machine Images (AMIs), and Alibaba Cloud instance images are simply referred to as Images.

When an instance is created, Alibaba Cloud ECS provides four types of images for users to choose

from: public images, cloud marketplace images, user shared images, and custom images. AWS EC2

provides official AMI templates, custom AMIs, cloud marketplace AMIs, and community AMIs.

Public images are system images provided by Alibaba Cloud ECS for users, which are similar to the

AWS official AMI templates.

Cloud marketplace images are provided by third-party ISV partners on the Alibaba Cloud

Marketplace. Beside the OS, cloud marketplace images may be preinstalled with other software and

services.

Like the custom AMIs of AWS, Alibaba Cloud custom images are created by users based on snapshots

or the current state of an instance. Custom images can be shared to other specific Alibaba Cloud

users by using the image sharing function of Alibaba Cloud ECS.

The community AMIs of AWS is available to all AWS accounts, a feature which is currently not

supported on Alibaba Cloud ECS.

Like EC2 AMIs of AWS, ECS images are a type of regional resource. Custom images and shared

images can be used only in the same region. To use the images in a different region, you need to

replicate them to that region first.

Additionally, Alibaba Cloud also provides two types of local block storage for instances, which feature

low access latency, high random IOPS, and high I/O throughput: local NVMe SSD and SATA HDD.

These ECS type families with local block disk are similar to AWS EC2 of local storage.

Instance pricing model: Alibaba Cloud ECS provides pay-as-you-go and yearly/monthly subscription

options. The pay-as-you-go model is similar to that of AWS EC2, which is a post-paid based payment.

The yearly/monthly purchase is a payment and settlement method used in the prepaid model.

Similar to AWS EC2 Spot Instance, Alibaba Cloud ECS currently provides billing models for spot

instances. For more information on Alibaba Cloud Spot instances, see Alibaba Cloud Spot instances.

FPGA computing

instance

f1 f1

Category AWS Alibaba Cloud

Basic EBS magnetic media Basic cloud disk

Intermediate General SSD (gp2) Ultra cloud disk

Advanced (I/O Optimized) PIOPS (io1) SSD cloud disk

Product Comparison Alibaba Cloud for AWS Professionals

Instance configuration modification: The yearly/monthly instances of Alibaba Cloud ECS support

anytime upgrade and renewal for configuration downgrading, allowing users to conveniently adjust

the ECS specifications according to sever loads and business requirements.

2. Automatic scaling

Auto Scaling is a feature that automatically adjusts computing resources based on the volume of user

requests. Both AWS and Alibaba Cloud support automatic scaling, and the products share the same

name (Auto Scaling). Auto Scaling enables users to set automatic scaling policies according to actual

business circumstances and add/release ECS instance resources to meet business requirements.

Both Alibaba Cloud Auto Scaling and AWS Auto Scaling support the following scaling modes:

Custom mode: Add/release compute instances, such as AWS EC2 and Alibaba Cloud ECS,

manually.

Scheduled mode: Users configure periodic tasks to add/release compute instances according

to a schedule.

Dynamic mode: Auto Scaling is performed automatically by monitoring compute resources.

AWS adds/releases EC2 instances based on the CloudWatch scaling policy, while Alibaba

Cloud adds/releases ECS instances based on the CloudMonitor scaling policy.

AWS Auto Scaling is enabled by Amazon CloudWatch and is available for use at no additional fees.

However, the usage of the Amazon EC2 instance added by Auto Scaling, and Amazon CloudWatch

service fees, still apply and are billed separately.

Similar to AWS, Alibaba Cloud Auto Scaling is offered to customers at no extra cost. You will only be

charged for the usage of the ECS instances automatically created or manually added to Auto Scaling.

3. Container service

AWS EC2 Container Service (ECS) and Alibaba Cloud Container Service are container orchestration

services that simplify container management and application scaling. Both services replace the need

to install, operate, and scale your container cluster infrastructure.

Alibaba Cloud Container Service enables you to efficiently run and manage Docker applications on a

distributed cluster of Alibaba Cloud ECS instances. Being a fully-managed service, Container Service

helps you to focus on your applications rather than managing container infrastructure.

AWS ECS and Alibaba Cloud Container Service use the same service model. With Alibaba Cloud

Function Feature Amazon Auto Scaling Alibaba Cloud Auto Scaling

Custom mode Supported Supported

Scheduled mode Supported Supported

Dynamic mode Supported Supported

Product Comparison Alibaba Cloud for AWS Professionals

Container Service, users can deploy, manage, and expand Docker containers with ease. Alibaba Cloud

Container Service supports App lifecycle management using Docker containers, provides a variety of

App publishing methods and continuous delivery capabilities, supports microservice architecture, and

integrates with Server Load Balancer, Security Group, Cloud Disk, and Resource Access Management.

Like Amazon Elastic Container Registry, Alibaba Cloud Container Service provides an image

warehouse (Container registry) hosted by Alibaba Cloud, allowing access to official Alibaba Cloud

images and those of Docker, and enables accelerated access to official Docker images.

Amazon ECS and Alibaba Cloud Container Service differ in their pricing models. Amazon ECS provides

two different pricing models: Fargate Launch Type Model and EC2 Launch Type Model.

Like the second pricing model of Amazon ECS, Alibaba Cloud Container Service is free of charge.

Resources used in collaboration with Container Server (including Server Load Balancer and ECS) are

charged separately. ECS instances or Server Load Balancer instances automatically created from the

Container Service or manually added are billed by their respective prices.

4. High performance computing

AWS High Performance Computing (HPC) and Alibaba Cloud Elastic High Performance Computing (E-

HPC) are optimized compute resources created by using parallel computing and aggregating

multiple computing capabilities.

AWS and Alibaba Cloud both provide high performance computing capabilities that allow users to

solve complex, compute intensive challenges in the field of science, engineering, and business.

However, Alibaba Cloud E-HPC provides an all-in-one high performance computing service which we

call HPCaaS. E-HPC supports Infrastructure as a Service (IaaS) with high-performance CPU and

heterogeneous computing GPU instances, Platform as a Service (PaaS) with high-performance

computing software stack, and Software as a Service (SaaS) with application template customization.

There are two different ways to help you deploy and manage an HPC cluster on AWS. One is using a

fully-managed service offered by AWS, such as AWS Batch, Lambda, and Step Functions, while

another way is by using third-party software.

Unlike AWS HPC, Alibaba Cloud E-HPC provides a fully-managed control panel that allows user to

deploy an HPC cluster, manage users, upload job data, and submit the user job.

To launch or scale up HPC clusters on AWS, users can benefit from automation using AWS Auto

Scaling. Alibaba Cloud E-HPC also provides auto scaling capability to allow user to scale up/down the

cluster ECS nodes automatically.

Every AWS service provides encryption and options to grant granular permissions for each user while

maintaining the ability to share data across approved users.

Similar to AWS HPC, Alibaba Cloud E-HPC is protected by multi-tenant security isolation of the

highest level that is provided by ECS, EGS, and VPC. Furthermore, E-HPC service also allows user to

manage user permissions and passwords with the E-HPC console.

Product Comparison Alibaba Cloud for AWS Professionals

●

AWS users only need to pay for the services they consume, and once the resources have been

stopped, there are no additional costs or termination fees.

Like AWS, E-HPC is billed for the resources that you created: ECS, E-HPC, Network Attached Storage

(NAS), and Internet traffic of login nodes. E-HPC is free of charge during the test invitation phase.

These two services can be compared as follows:

Storage & CDN

Alibaba Cloud for AWS Professionals

Contents

1. Object storage

1.1 Service models

1.2 Security

1.3 Object management

1.4 OSS image processing service (Image service)

1.5 Service level agreement (SLA)

1.6 Pricing

2. Content delivery

2.1 Service model

2.2 Basic functions

2.3 Security

2.4 Streaming media

2.5 Pricing

3. File storage

3.1 Service model

3.2 Performance

3.3 Security

Function Feature Amazon HPC Alibaba Cloud E-HPC

Cluster Deployment and

Management

Third-party software E-HPC Console

User Management Third-party software E-HPC Console

Auto Scale Supported Supported

Secure Supported Supported

Product Comparison Alibaba Cloud for AWS Professionals

●

3.4 Migration

3.5 Pricing

4. Nosql database

4.1 Service model

4.2 Data model

4.3 Performance

4.4 Security

4.5 Backup and restore

4.6 Pricing

This article discusses the main differences and similarities between AWS and Alibaba Cloud of storage

& Content Delivery Network (CDN) services. It covers the following products:

1. Object storage

This section compares AWS Simple Storage Service S3 and the distributed Object Storage Service

(OSS) of Alibaba Cloud.

Object storage is a type of data storage where data are managed as objects, instead of blocks or files.

Typically, object storage is used to store large files that are dominated by read operations. Like AWS

S3, Alibaba Cloud OSS boasts high reliability, cost effectiveness, and scalability. Users can request

data of any amount, regardless of time or location.

To distinguish between scenarios requiring different data access frequencies, Alibaba Cloud OSS

categorizes storage types into Standard, Infrequent Access, and Archive, which are equally reliable

but have different availability, shortest storage time, and storage overhead. For details, see

Introduction to Storage Types.

1.1 Service models

The following table compares the basic functions and terminologies of AWS S3 vs Alibaba Cloud OSS:

Feature AWS Alibaba Cloud

Object storage Simple Storage Service(S3) Object Storage Service(OSS)

Content Delivery Network CloudFront CDN

File Storage Elastic File System (EFS)

Network Attached Storage

(NAS)

NoSQL Database DynamoDB Table Store

Function Feature Amazon S3 Alibaba Cloud OSS

Deployment unit Bucket Storage space

Object identifier Key Key

Object metadata Metadata Object meta

Product Comparison Alibaba Cloud for AWS Professionals

1.1.1 Storage space (bucket)

Similar to AWS S3, Alibaba Cloud OSS uses buckets to store data. As the place where data is stored, a

bucket is configured with a region, access permission, and lifecycle to meet user requirements. An

AWS S3 bucket must be named in accordance with the DNS standard. Similarly, a bucket of Alibaba

Cloud OSS must be named in line with certain standards. Bucket names of AWS S3 and Alibaba Cloud

OSS must be globally unique, and they should not be nested.

By setting a bucket ACL, Alibaba Cloud OSS authenticates a user to see whether the user has access

permission for a bucket, thereby implementing access control by storage space levels.

Buckets of Alibaba Cloud OSS do not currently support version control, though it is supported by

AWS S3. Alibaba Cloud OSS will support this feature soon, please stay tuned for more information.

The following table compares the features and terminologies of the deployment unit functions

belonging to AWS S3 and Alibaba Cloud OSS:

1.1.2 Object

Like AWS S3, Alibaba Cloud OSS stores file data in buckets. The file data is composed of a Key-Value

and Object Meta pair. The Key is unique within a bucket, the Value stores object content, and the

Object Meta is a pair of key values which describe object properties, including last modification time,

size, and custom information.

Object version control Supported Not supported

Object lifecycle management Supported Supported

Update event notification Supported Supported

Storage type

Standard, Infrequent Access,

Glacier, and low redundancy

storage

Standard, Infrequent Access,

and Archive

Deployment location Region Region

Function Feature Amazon S3 Alibaba Cloud

Object storage Simple Storage Service(S3) Alibaba Cloud OSS

Deployment Unit Bucket Storage space (bucket)

Bucket ACL Supported Supported

Lifecycle Management Supported Supported

Max Bucket Quantity 100 30

Storage Type

Standard, Standard IA, and

Glacier

Standard, Infrequent Access,

and Archive

Version Control Supported Not Supported

Deployment Location Region Region

Product Comparison Alibaba Cloud for AWS Professionals

Similar to AWS S3, Alibaba Cloud OSS does not place a limit on the quantity of objects in a bucket.

For large files, Alibaba Cloud OSS supports segment-by-segment uploading. The max file size cannot

exceed 48.8 TB.

1.2 Security

1.2.1 Object permission management (Object ACL)

Alibaba Cloud OSS and AWS S3 use similar methods to manage object permissions. Each Alibaba

Cloud OSS object can be configured with read and write permissions for the root account or any sub-

account. By default, access permissions inherit bucket ACL properties. Users can set an ACL to

Private-Read-Write, Public-Read, or Public-Read-Write. You are strongly discouraged from using the

Public-Read-Write permission, and are should use it cautiously.

In addition, in combination with Alibaba Cloud Security Token Service (STS), OSS can employ the

temporary security credentials of STS to implement object access, without exposing the account

AccessKey, thereby achieving highly secure access control.

1.2.2 Data security management

Alibaba Cloud OSS provides similar data encryption functions as AWS S3 to protect data during

transmission and storage. Users can protect data in transmission by encrypting it through a client.

Alibaba Cloud OSS uses AES256 algorithms to implement data encryption on a server. After data is

uploaded to OSS, the server encrypts the data and stores it on OSS. If a user downloads the data, the

OSS decrypts the data and returns original data to the user.

1.3 Object management

1.3.1 Object lifecycle management

Alibaba Cloud OSS and AWS S3 provide similar lifecycle management functions. Alibaba Cloud OSS

provides conversion and expiration operations for object lifecycles, allowing users to set matching

rules, countdown times, and a schedule for objects, based on which the OSS degrades the storage

type of the objects or deletes the objects that have expired.

Alibaba Cloud OSS categorizes storage types into Standard, Infrequent Access, and Archive, which

correspond to the Standard, Standard IA, and Glacier types on AWS S3.

1.3.2 Event notification

Both Alibaba Cloud OSS and AWS S3 provide event notification functions. To enable users to receive

notifications in case of an event in the storage space, Alibaba Cloud OSS allows users to create event

notification rules. Based on these rules, a message will be sent to a target after the corresponding

event.

Product Comparison Alibaba Cloud for AWS Professionals

Alibaba Cloud OSS has a different message push target from AWS S3. The OSS allows an event

message to be sent to a specified URL over HTTP or a topic of Alibaba Cloud Message Service. Users

can obtain event messages after subscribing to the topic.

1.4 OSS image processing service (Image service)

Alibaba Cloud OSS provides easy-to-use image processing functions for image files. After a user

uploads images to OSS, the user can process the images through the RESTful API, for example,

converting the image format, zooming, cropping, rotating, or adding watermarks.The following table

compares the features and terminologies of the object function between AWS S3 and Alibaba Cloud

OSS:

1.5 Service level agreement (SLA)

Both AWS S3 and Alibaba Cloud OSS provide service availability guarantees. For KPIs that do not

reach the guarantee standard, the cloud providers will provide compensation according to the time

the service is unavailable. For details about the Alibaba Cloud OSS SLA, see Alibaba Cloud OSS

Service Level Agreement.

Function Feature Amazon S3 Alibaba Cloud OSS

Storage object Object Object

Object ACL Supported Supported

Max object size 5T 48.8T

Data reliability 99.999999999%(11s 9) 99.99999999%(10s 9)

Object metadata Metadata Object meta

Object lifecycle management Supported Supported

Object version control Supported Not Supported

Update event notification Supported Supported

Cross-region Replication Supported Supported

Object append write Not Supported Supported

Concurrent or segment

upload

Supported Supported

High consistency YES YES

Data encryption

Encrypted on client and

server

Encrypted on client and

server

Request protocol HTTP/HTTPS HTTP/HTTPS/Bit Torrent

Image processing function Not Supported Supported

Product Comparison Alibaba Cloud for AWS Professionals

1.6 Pricing

Amazon S3 offers a free usage tier for each month, where users only pay for the resources they

consumed that exceed a predefined limit. The pricing for your S3 is dependent on the storage usage

by storage type and size, request type and quantity, storage management fees, data transferred

“out” of Amazon S3, and data transfer acceleration fees.Like Amazon S3, Object Storage Service

(OSS) fees are calculated based on the total volume of storage used, the amount of data transferred,

and number of API requests made. Learn more about OSS Pricing.

2. Content delivery

Content delivery network refers to the network of edge or proxy servers, which cache data in order to

accelerate access to certain files. AWS CloudFront and Alibaba Cloud CDN are two global content

delivery network (CDN) vendors that provide network of Edge Locations and Edge Nodes distributed

globally. This section compares the AWS CloudFront and Alibaba Cloud CDN in different dimensions.

2.1 Service model

Similar to AWS CloudFront, Alibaba Cloud CDN publishes source content to an edge node over a

transmission network that is composed of edge nodes deployed globally. In combination with a

precise scheduling system, the CDN improves users’ web request speed.

2.2 Basic functions

The following table compares the basic features and terminologies of content delivery network

between AWS CloudFront and Alibaba Cloud CDN:

Function Feature Amazon CloudFront Alibaba Cloud CDN

Source Station Type

S3 domain name, custom

domain name

OSS domain name, custom

domain name, and IP

address

Automatic Compression Supported Supported

Cache Request Type

Default: GET, HEAD Optional:

OPTIONS

GET

Transparently Transmitted

Request Type

Configurable, the following

options are supported: 1)

GET, HEAD; 2) GET, HEAD,

OPTIONS; 3) GET, HEAD,

OPTIONS, PUT, POST,

PATCH, DELETE

The following requests are

supported but not

configurable: GET, POST,

HEAD, PUT, DELETE,

OPTIONS

Cache Refresh Not supported supported

Cache Failure supported Not supported

HTTP Jump to HTTPS Supported Supported

CDN Cache TTL Supported Supported

Product Comparison Alibaba Cloud for AWS Professionals

2.2.1 Source station type

Alibaba Cloud CDN can be configured as an origin site, including OSS domain name, custom origin

domain name, and IP address.

AWS CloudFront accelerates delivery of S3 domain name or custom origin domain name

configurations.

2.2.2 Data compression

To reduce transmission content and accelerate delivery speed, both Alibaba Cloud CDN and AWS

CloudFront provide the data compression function.

2.2.3 Cache request type

Alibaba Cloud CDN caches GET requests, and transmits POST/HEAD/PUT/DELETE/OPTIONS requests

to the origin site transparently. Unlike Alibaba Cloud CDN, AWS CloudFront caches GET and HEAD

requests by default, and caches OPTIONS requests selectively, depending on the requirements of

CloudFront users.

2.2.4 Cache refresh

In certain scenarios, for example, origin site updates or static content modifications, users may need

to refresh the CDN cache manually. Alibaba Cloud CDN allows users to pull the latest content from

the origin site manually to refresh the CDN content. Alibaba Cloud CDN supports URL refresh,

directory refresh, and URL push. AWS CloudFront does not support refreshing specified cache

content.

2.2.5 Cache invalidation

In certain scenarios, users may need to remove CDN cache content in advance. On AWS CloudFront,

users set cache objects to the Invalidation state and pull the latest content from the origin site to

access the objects or access objects based on a file name that carries a version of the objects using

the object version management function. Alibaba Cloud CDN does not currently support forcibly

configuring cache invalidation.

2.2.6 Access log

Alibaba Cloud CDN and AWS CloudFront provide log download/combination tools. Alibaba Cloud

CDN implements log download on the console, but AWS CloudFront stores logs in S3 buckets for

users to download.

Configuration

Access Log S3 Console

Geographic Location Limit Supported Not Supported

Product Comparison Alibaba Cloud for AWS Professionals

2.2.7 Geographic location restriction

To specify the regions where content is delivered, AWS CloudFront allows users to set a whitelist and

blacklist of countries. Where data can be delivered is determined based on the whitelist and blacklist.

Alibaba Cloud CDN does not support this function.

2.3 Security

The following table compares the security functions and terminologies of content delivery network

between AWS CloudFront and Alibaba Cloud CDN:

2.3.1 Https

Similar to AWS CloudFront, Alibaba Cloud CDN supports full link HTTPS speedup. Alibaba Cloud

users can select a certificate using the certificate service or upload a custom certificate/private key

and query and update the certificate in online mode.

The two cloud providers support redirect HTTP to HTTPS. Alibaba Cloud CDN supports HTTP and

HTTPS, redirect HTTP to HTTPS, and redirect to HTTP or HTTPS.

Alibaba Cloud CDN does not currently support SNI back-to-source.

2.3.2 Access authentication

AWS CloudFront and Alibaba Cloud CDN support access authentication for private content. Alibaba

Cloud CDN uses signature URL through which a user initiates a request to the CDN. Upon receiving

the request, the CDN node checks the request for its validity and rejects invalid requests. Alibaba

Cloud CDN supports three models of signature encryption methods.

AWS CloudFront creates Origin Access Identity user (Trusted Signer), and authorizes the Trusted

Signer with the right to access private content. When a user who meets the permission requirement

requests to access the private content, an App delivers a Signed URL or Set-Cookie headers. The user

clicks the Signed URL or Set-Cookie, and AWS CloudFront checks the request for its validity using a

key and rejects invalid requests.

2.3.3 Sub-account access control

Function Feature Amazon CloudFront Alibaba Cloud CDN

Full Link HTTPS Supported Supported

Integrated Certificate

Management

Yes Yes

Access Authentication Supported Supported

Sub-account Access Control Supported Supported

WAF Security Defense Supported Supported

Product Comparison Alibaba Cloud for AWS Professionals

Like AWS CloudFront, Alibaba Cloud CDN authorizes sub-accounts with a policy to access CDN

resources based on the Resource Access Management (RAM) service, thereby limiting or authorizing

permissions on the CDN resources.

2.3.4 WAF security defense

AWS CloudFront and Alibaba Cloud CDN can combine with WAF to implement security defense.

2.4 Streaming media

Alibaba Cloud CDN supports live streaming, on-demand, RTMP video scenarios, and provides video

transcoding, slicing, and playback functions.

The following table compares the streaming media functions of AWS CloudFront and Alibaba Cloud

CDN:

2.5 Pricing

AWS CloudFront offers two types of pricing model: On-demand pricing and reserved capacity pricing.

The costs for CloudFront comprises of data transfer fees out to Internet/region and the request fees

of all HTTP/HTTPS methods.

The pricing of Alibaba Cloud CDN comprises of data transfer traffic and HTTPS requests for secure

acceleration. There are two billing methods for data transfer fees: Pay-By-Bandwidth and Pay-By-

Traffic. You can also subscribe to one or more Traffic Packages for a year.

For the duration of the resource package, fees are deducted for your use of the traffic quota. For

traffic exceeding the quota, fees are billed based on the existing billing rules.

3. File storage

AWS and Alibaba Cloud both provide file storage services. In this section we are going to compare

and contrast Amazon Elastic File System (Amazon EFS) with Alibaba Cloud Network Attached Storage

(NAS).

3.1 Service model

Function Feature Amazon CloudFront Alibaba Cloud CDN

Live Streaming Supported Supported

On-demand Videos Supported Supported

Video Transcoding Supported Supported

Format

Microsoft Smooth, HLS, HDS

or MPEG-DASH, and RTMP

HLS, RTMP

Product Comparison Alibaba Cloud for AWS Professionals

An Amazon Elastic File System (Amazon EFS) is accessed by EC2 instances running inside VPC.

Amazon EFS allow users to create and configure file systems. You can mount EFS file system on EC2

instance through a standard file system interface and file system access semantic.

Like Amazon EFS, you can access the Alibaba Cloud NAS file system through standard POSIX

interfaces when using Alibaba Cloud ECS instances or other nodes such as HPC or Docker.

3.2 Performance

There are two performance modes that Amazon EFS offers: General Purpose and Max I/O. Users can

choose the preferred performance mode according to specific use cases.

Throughput on Amazon EFS scales as a file system grows. And Amazon EFS offers a burstable

performance capability for high throughput levels in short periods of time.

Like Amazon EFS, Alibaba Cloud NAS also offers two performance modes: capacity-type and

performance-type*. Each model offers different performance and storage capability.

Total throughput for each performance-type* file system (MB/s) = minimum [0.6MB/s * capacity of

file system (GB) + 600MB/s, 20GB/s]

Total throughput for each capacity-type file system (MB/s) = minimum [0.15MB/s * capacity of file

system (GB) + 150MB/s, 10GB/s]

The upper limit of the storage capacity of an SSD performance-type file system is 1 petabyte, and

that of a capacity-type file system is 10 petabytes.

Function Feature Amazon EFS Alibaba Cloud NAS

Access Point Mount target Mount Point

Storage Capacity Petabyte scale

10 PB (Capacity-type),1 PB

(Performance-type)*

Scale Up/Down Supported (automation) Supported

Performance Supported Supported

Cross Instance Access Supported Supported

Multiple Client Access Supported Supported

Access Control Supported Supported

Protocol NFSv4.0, v4.1 NFSv3, NFSv4, >SMB2.0*

Compute Node EC2 ECS, HPC, Docker

Performance Amazon EFS Alibaba Cloud NAS

Latency Millisecond-level Millisecond-level

Total throughput for Each

File System

1-3GB/s,Burst up to 10+

GB/s

10 GB/s (Capacity-type),20

GB/s(Performance-type)*

Concurrent Clients per File Several thousand 10,000+

Product Comparison Alibaba Cloud for AWS Professionals

As of January 2018, SMB for Windows and performance type NAS (all SSD) are only available

on the Mainland China portal. These two features will be launched on the International

portal soon.

3.3 Security

Amazon EFS offers four levels of access control to consider for Amazon EFS file systems, with

different mechanisms used for each.

Like Amazon EFS, Alibaba Cloud NAS also provided multiple security mechanisms including support

for network isolation (VPC) and user isolation (classic network), file system standard access and group

permissions control, and RAM master account and sub-account authorization. These features are

implemented to ensure complete data security in the file system.

3.4 Migration

Amazon EFS File Sync provides a fast and simple way for you to securely sync data from existing on-

premises or in-cloud file systems into Amazon EFS file systems. Users need to download and deploy a

File Sync agent into the source environment, configure the source and destination file systems, and

start the sync.

Alibaba Cloud NAS also provides migration tool named nasimport. It supports migration to Alibaba

Cloud NAS from a wide variety of source storage including:

Local data centers

Alibaba Cloud OSS

Third-party storage services (Amazon S3, Baidu Object Storage, Tencent Cloud COS, Jinshan

Object Storage, UPYUN, Qiniu, and HTTP links)

Learn more about Nasimport Tools.

3.5 Pricing

With Amazon EFS, you pay only for the storage used by your file system. You don’t need to

provision storage in advance and there is no minimum fee or setup cost.

Like Amazon EFS, Alibaba Cloud NAS fees are calculated based on the total volume of storage used

per month. There is no minimum fee and there are no set-up charges. There are also no charges for

bandwidth or requests. Furthermore, NAS provides a storage plan for users who want to create a NAS

file system. By purchasing a storage plan ahead of time, you realize significant cost savings compared

to Pay-As-You-Go storage fee per GB.

Learn more about Alibaba Cloud NAS pricing.

System

Product Comparison Alibaba Cloud for AWS Professionals

4. Nosql database

Amazon DynamoDB and Alibaba Cloud Table Store are two similar fully managed cloud NoSQL

database services. With cloud based NoSQL database service, users do not have to care about

hardware provisioning, setup and configuration, replication, partition, software patching, and cluster

scaling.

4.1 Service model

Amazon DynamoDB is a fully managed NoSQL database service whose service-side latencies are

typically within a single-digit millisecond. With a distributed database cluster, DynamoDB provides

unlimited storage space and it automatically scales up and down.

DynamoDB supports both document and key-value data structures. Like other database systems,

DynamoDB stores data in tables. A table is a collection of items, and each item is a collection of

attributes. Once you have created a DynamoDB table, use the AWS SDKs to write, read, modify, and

query items in DynamoDB.

Similarly, Alibaba Cloud Table Store is a fully managed NoSQL database service based on automatic

data partitioning and load balancing technologies. Based on SSD technology, this cloud NoSQL

database service enables you to store large quantities of structured and semi-structured data with

real-time access. Table Store also features strong consistency and single-digit millisecond latency.You

can query Table Store by RESTful API, web-based Management Console, or SDKs.

4.2 Data model

A table is a collection of data in Amazon DynamoDB. Each table contains multiple items. An item is a

group of attributes and can have its own distinct attributes. Each item is composed of one or more

attributes. Most of the attributes are scalar, which means that they can have only one value. Some of

the items have a nested attribute (address).

Function Feature Amazon EFS Alibaba Cloud NAS

Data Model Amazon DynamoDB Alibaba Cloud Table Store

Latency Single-digit milliseconds Single-digit milliseconds

Scale Any Any

Storage Medium SSD SSD

Data Partition Supported Supported

Data structure Document/ Key-value

Structured and semi-

structured

Access method

SDKs, the Management

Console and API

RESTful API and SDKs

Product Comparison Alibaba Cloud for AWS Professionals

In order to determine the partition for each item, you must specify the primary key in each table. A

primary key can be either a partition key or a partition key & sort key.

DynamoDB also allows user to define up to 5 global secondary indexes and 5 local secondary indexes

in each table to improving data access. DynamoDB supports nested attributes up to 32 levels

deep.Like Amazon DynamoDB, the data model of Alibaba Cloud Table Store is described by Table,

Row, Primary Key, and Attribute. A table is a set of rows, and a row consists of the Primary Key and

Attribute. The Primary Key and Attribute consist of names and values.

A table must define at least a Primary Key. And the first primary key will be the partition key.

Each Attribute column can contain multiple versions, and each version (that is, the timestamp)

corresponds to a value, which is different from that of a Primary Key column.

4.2.1 Version control

Unlike Amazon DynamoDB, Alibaba Cloud Table Store provides version management for each

attribute columns. The version is a timestamp defined by the number of milliseconds that have

elapsed since 01/01/1970 00:00:00 UTC. When you read from each row, you can specify the maximum

number of versions per attribute column, or the version range. The earlier versions will be discarded

when the number of version exceeds the value of Max Versions.

4.2.2 Time to live (TTL)

Similar to Amazon DynamoDB, Alibaba Cloud offers TTL attribute which provide a mechanism to set a

specific timestamp for expiring items from your table. Table Store clears any data asynchronously that

exceeds the TTL.

The following table compares the data model of each service:

4.3 Performance

Data Model Amazon EFS Alibaba Cloud Table Store

Schema Schema-less Schema-less

Data Unit Table Table

Data Record Item Row

Unique Identifier

Partition key /Partition key

and sort key

Primary Key

Primary Key Type String, number, or binary String, integer, or binary

Secondary Indexes Supported Not Supported

Nested Attribute Supported Not Supported

Versioning Not Supported Supported

TTL Supported Supported

Product Comparison Alibaba Cloud for AWS Professionals

You need to specify the throughput capacity in terms of read capacity units and write capacity units

when creating a table or index in Amazon DynamoDB. And if your read or write requests exceed the

throughput settings for a table, DynamoDB can throttle that request.

DynamoDB provides the three mechanisms for managing throughput:

DynamoDB Auto Scaling: By setting a DynamoDB auto scaling, the table will increase and

decrease the throughput to adjust the request.

Provisioned Throughput: By defining the throughput manually, DynamoDB will throttle your

application if it exceeds your provisioned throughput settings.

Reserved Capacity: You pay a one-time upfront fee and commit to a minimum usage level

over a period of time.

Like AWS DynamoDB, the read/write throughput of Alibaba Cloud Table Store is measured by

read/write capacity units (CUs). Table Store provides two options for managing throughput:

Reserved throughput: Set the reserved read/write throughput to a value greater than 0, and

Table Store will assign and reserve enough resources for the table according to this

configuration to guarantee low resource costs.

Additional throughput: If the actual consumed read/write throughput exceed the reserved

read/write throughput, Table Store will give an additional throughput automatically to meet

user’s requests.

4.4 Security

AWS provides authentication and access control for Amazon DynamoDB by integrating with AWS

Identity and Access Management (IAM) for fine-grained access control for users within your

organization. You can assign unique security credentials to each user and control each user’s access

to services and resources. You can also obtain temporary security credentials from AWS Security

Token Service (AWS STS) by using web identity federation.

Alibaba Cloud Table Store also offers user-level data isolation, access control and permission

management. With Resource Access Management (RAM) and Security Token Service (STS), Table

Performance Amazon DynamoDB Alibaba Cloud Table Store

Read Capacity Units(per

second)

Strongly consistent read: 4

KB/item

4 KB/item

Write Capacity Units(per

second)

1 KB/item 4 KB/item

Product Comparison Alibaba Cloud for AWS Professionals

●

Store enable users to access the tables through subaccounts with different permissions and grant

users temporary access authorization.

4.5 Backup and restore

Amazon DynamoDB provides on-demand backup and restore capability. You can back up and restore

your DynamoDB table data with a single click in the AWS Management Console or with a single API

call.

Unlike Amazon DynamoDB, Alibaba Cloud Table Store automate the backup and restore process.

Table Store manages data with multiple cloud data backups across different servers in different racks.

When any node of the backups fails, the other servers with backup copies will immediately restore to

achieve virtually zero data loss.

4.6 Pricing

Amazon DynamoDB offers a free tier limit. Users only need to pay for the resources they consumed

exceeding the limits. The DynamoDB fees depend on indexed data storage, throughput type,

Capability Units consumption, the traffic of data transfer “out”, and the storage size of the table for

backup and restore operations.

Like DynamoDB, Alibaba Cloud Table Store pricing is divided into four parts: data storage that exceed

free quota, the reserved read/write throughput, the additional read/write throughput and the

Internet downstream traffic. Learn more about Table Store Pricing.

Security

Alibaba Cloud for AWS Professionals

Contents

1. WAF

1.1 Service mode comparison

1.2 Access control

1.3 Web attack defense

1.4 Business risk control

1.5 Console configuration

1.6 Pricing

1.7 Feature comparison

Product Comparison Alibaba Cloud for AWS Professionals

●

2. Distributed denial of service (DDoS) protection service

2.1 Service model comparison

2.2 Black hole policies

2.3 Large DDoS defense

2.4 Monitoring & Reporting

2.5 Deployment architecture

2.6 Pricing

2.7 Feature comparison

3. Feature comparison

3.1 Service model

3.2 Services integration

3.3 Renewal

3.4 Pricing

3.5 Feature comparison

4. Mobile security

4.1 Risk detection

4.2 Security protection

4.3 Threat intelligence

4.4 Pricing

5. Server guard

5.1 Vulnerability management

5.2 Baseline detection

5.3 Intrusion detection

5.4 Pricing

This article discusses the main differences and similarities between AWS and Alibaba Cloud security

services. It covers the following products:

1. WAF

Alibaba Cloud WAF is a web application firewall that can protect web applications from vulnerability

attacks such as SQL injections, XSS, and malicious bot attacks. Alibaba Cloud WAF shares many

Feature AWS Alibaba Cloud

Web Application Firewall

(WAF)

AWS WAF Alibaba Cloud WAF

Anti-DDoS AWS Shield Anti-DDoS

Certificate Service AWS Certificate Manager

Alibaba Cloud SSL

Certificates Service

Mobile Security N/A Mobile Security

Server Security N/A

Server Guard (Server

Security)

Product Comparison Alibaba Cloud for AWS Professionals

similar functionalities and technologies with AWS WAF, but it also boasts unique advantages in its

defense capabilities.

1.1 Service mode comparison

AWS WAF can be deployed on the AWS CloudFront (CDN), a web server, or a load balancer of a Web

server. Alibaba Cloud WAF is deployed by configuring the domain name resolution service.

1.2 Access control

Before deploying AWS WAF, you neet to create a Web ACL and define rules. Alibaba Cloud WAF

allows ACL rule configuration after a domain name is configured and supports the combination of

different HTTP fields, such as IP, URL, Referer, and User-Agent to implement precise access control.

The access control policies can be applied to scenarios such as anti-leeching and website

management background protection.

1.3 Web attack defense

AWS WAF provides simple Web application protection policies to defend against SQL attacks and

cross-site scripting attacks. Alibaba Cloud WAF protects against TOP 10 common threats such as

OWASP, provides high/medium/low policies according to different website businesses for GET, POST

and other common HTTP requests, includes website stealth that avoids site addresses being exposed

to attackers, and implements regular patch updates for zero-day vulnerabilities and global patch

updates.

1.4 Business risk control

Data risk control is a Big Data capability of WAF based on Alibaba Cloud, and is implemented for

specific business scenarios using an industry leading risk engine and man/machine identification

techniques. Alibaba Cloud WAF’s Big Data ability is developed through our experience in providing

world-class security to customers. This includes hosting more than 37% of China-based websites,

maintaining the most popular accessed IP database in China, and mitigating more than 800 million

attacks every day.

Generally, data risk control can effectively protect key businesses against spoofing behaviors,

including but not limited to spam registration, SMS verification code flooding attacks, library hitting

and brute force password cracking, malicious buying, robotic ticket buying, and junk email.

1.5 Console configuration

Like AWS WAF Management Console, Alibaba Cloud WAF console supports domain name

configuration and combination of different policies to implement access control, which is as precise

as that of AWS WAF.

Alibaba Cloud WAF also provides robust and friendly visualized console for attacks analysis and

Product Comparison Alibaba Cloud for AWS Professionals

monitoring, including business analysis and security overview. Business analysis looks at recent access

to different domain names. Security overview provides a general score which is obtained based on

the severity of recent attacks, attacker threat, and protection rules and policies. Recent web attacks

and CC attacks are displayed graphically, and common attack risks are warned in advance and are

reported.

1.6 Pricing

AWS WAF pricing is c based on the number of web access control lists (web ACLs) that you create,

the number of rules that you add per web ACL, and the number of web requests that you receive.

There are no upfront commitments for AWS WAF. Alibaba Cloud WAF pricing is based on a monthly

subscription that comes in different packages with different feature specifications. Learn more about

Alibaba Cloud WAF Pricing.

1.7 Feature comparison

The comparison of AWS and Alibaba Cloud WAF services can be summarized as follows:

Feature AWS WAF Alibaba Cloud WAF

Deployment Modes

Deploy on AWS CloudFront

or ELB in front of the Web

server

Deployed between the client

CDN and load balancer and

configured with domain

name resolution service to

facilitate connection

Configure Web ACL Policy Supported Supported

Custom Rules Supported Supported

Types of Web Attacks

SQL detection and

prevention, SQL injection,

cross site scripting (XSS), and

other common attacks

Common OWASP

vulnerabilities, including SQL

injection, XSS, Webshell

uploading, backdoor

isolation, command injection,

illegal HTTP protocol

requests, common Web

server vulnerability attacks,

unauthorized access to core

files, path traversing, and

scan protection.

HTTP Flood Protection Supported Supported

Risk Warning Not Supported Supported

Rules Configuration Supported Supported

Attacks Monitoring Supported Supported

Security Report Supported Supported

Business Analysis Not Supported Supported

Product Comparison Alibaba Cloud for AWS Professionals

2. Distributed denial of service (DDoS) protection service

To safeguard data and applications from DDoS attacks, Alibaba Cloud and AWS both provide cloud-

based anti-DDoS services to ensure the application availability and performance of properties on the

cloud. In this section, we discuss the Amazon Shield and Alibaba Cloud Anti-DDoS security services.

2.1 Service model comparison

Like AWS Shield Standard and Advanced, Alibaba Cloud provides free and enterprise-level DDoS

protection services that fall under two tiers: Anti-DDoS Basic and Anti-DDoS Pro.

AWS Shield Standard and Alibaba Cloud Anti-DDoS Basic, both with no additional costs, provide

protection in the face of network layer (layer 3) and transport layer (layer 4) DDoS attacks. As for web

application protection, users can subscribe to Alibaba Cloud WAF service to minimize web attacks

such as HTTP/HTTPS flood and DDoS attacks.

Similar to AWS Shield, Alibaba Anti-DDoS Pro provides protection for layer 3/layer 4/layer 7 DDoS

attacks. However, the two services differ in their technology.

AWS Shield Advanced employs routing techniques to distribute attacks to different AWS nodes to

protect against large DDoS attacks.

Alibaba Cloud Anti-DDoS Basic supports redirection technologies. The primary protection method is

automatic cleaning, supplemented by active mitigation. The service hosts the complete attack

protection operation on behalf of a user.

Unlike AWS Shield Advanced, Alibaba Cloud Anti-DDoS Pro users need to resolve the domain name

to the Anti-DDoS Pro IP address for non-web services. Anti-DDoS Pro then directs all public network

traffic to the Anti-DDoS server room. The user access traffic is forwarded to the source station IP by

protocol based port forwarding. Meanwhile, the malicious attack traffic is cleaned and filtered

through the Anti-DDoS Pro service, and normal traffic is returned to the source station IP.

2.2 Black hole policies

Alibaba Cloud Anti-DDoS has a specific concept termed black hole. Black hole refers to the restriction

of server access when the attack traffic to a server exceeds a specified threshold. Users can configure

the black hole threshold for the server, and Alibaba Cloud will block external network access to the

server.

For Alibaba Cloud Anti-DDoS Basic, default threshold settings apply to ECS, Sever Loader Balancer,

Tier AWS Shield Alibaba Cloud Security

Basic AWS Shield Standard

Alibaba Cloud Anti-DDoS

Basic

Advanced AWS Shield Advanced Alibaba Cloud Anti-DDoS Pro

Product Comparison Alibaba Cloud for AWS Professionals

and EIP. Besides the default black hole threshold, Anti-DDoS Pro provides a higher capacity for DDoS

mitigation.

2.3 Large DDoS defense

Like AWS Shield Advanced, Alibaba Cloud Anti-DDoS Pro has large DDoS mitigation capability.

Alibaba Cloud Security provides up to 300 Gbps (Mainland China) and 100 Gbps (Hong Kong and

Singapore) DDoS mitigation, which can mitigate SYN flood, ACK flood, ICMP flood, UDP flood, NTP

flood, SSDP flood, DNS flood, HTTP flood, and CC attacks.

2.4 Monitoring & Reporting

Monitoring and reporting are important parts of security services. Both AWS Shield and Alibaba

Cloud Anti-DDoS provides network flow monitoring, which inspects abnormal traffic packets

automatically.

In Alibaba Cloud Anti-DDoS Pro, the network traffic is monitored in real time. It also provides a

detailed security report of past attacks.

2.5 Deployment architecture

AWS Shield Advanced can be deployed on Amazon CloudFront and Amazon Route 53 edge sites. By

deploying on Amazon CloudFront, web application security can be ensured.

The deployment architecture of the Anti-DDoS Pro is as follows:

Network traffic route: Anti-DDoS Pro (entry-level anti-DDoS) —> CDN (static resource acceleration)

—> WAF (middle layer and application layer protection) —> Source Station (ECS/SLB/VPC/IDC…).This

architecture will remain unchanged even if any product is removed.

2.6 Pricing

Like AWS Shield Standard, Anti-DDoS Basic provides protection for DDoS attacks at no additional

costs.

AWS Shield Advanced requires a 1-year subscription commitment and charges a monthly fee, plus a

usage fee based on data transfer out from Amazon CloudFront, Elastic Load Balancing (ELB), and

Amazon Elastic Compute (EC2).

Anti-DDoS Pro is a paid service with a usage fee based on the protection capacity and carrier

network. It provides two kinds of payment method: Pre-paid, Post-paid. Learn more about Anti-DDoS

billing methods.

2.7 Feature comparison

AWS Shield features and terminology map to those of Alibaba Cloud Anti-DDoS as follows:

Product Comparison Alibaba Cloud for AWS Professionals

3. Certificate service

Similar to AWS Certificate Manager (ACM), Alibaba Cloud SSL Certificates Service allows users to

purchase, provision, and manage SSL/TSL certificates on Alibaba Cloud.

3.1 Service model

Alibaba Cloud SSL Certificates Service provides certificate purchasing, deploying, and revocation.

After the certificate is issued, users can deploy digital certificates with a single click to other Alibaba

Cloud services.

3.2 Services integration

AWS users cannot use AWS Certificate Manager (ACM) to directly install ACM Certificate on the AWS

based website or application. ACM is integrated with following services to deploy ACM Certificates on

the cloud: Elastic Load Balancing, Amazon CloudFront, AWS Elastic Beanstalk, Amazon API Gateway,

and CloudFormation. For example, to serve secure content on CloudFront over SSL/TLS, you need to

install SSL/TLS certificates on either the CloudFront distribution or on the backend content source.

Like ACM, if you have purchased Alibaba Cloud’s CDN, Anti-DDoS Pro IP, WAF, or Server Load

Balance, you need to enable HTTPS-secured visiting to these cloud products in advance. Then use the

Alibaba Cloud SSL Certificates Service to deploy your purchased digital certificates to these products

through one-click deployment.

Feature AWS Shield Alibaba Cloud Anti-DDoS

Type of DDoS Attacks

UDP reflection attacks, SYN

flood, DNS query flood,

HTTP flood/cache-busting

(layer 7) attacks

SYN flood, UDP flood, ACK

flood, ICMP flood, DNS

query flood, NTP reply flood,

HTTP flood attack, and Web

application attacks

Application Layer Protection

Supported (combined with

AWS WAF)

Supported

Large DDoS Mitigation

Capability

Supported (AWS Shield

Advanced)

Supported (Anti-DDoS Pro)

Protection Capacity Capacity do not disclosed

Anti-DDoS Basic provide

500Mbps ~ 5Gbps capacity

for different regions Anti-

DDoS Pro can defend against

up to 300Gbps capacity

Technical Architecture

Routing techniques (Shield

Advanced)

Defense room (Anti-DDoS

Pro)

Service Integration

EC2, ELB, CloudFront,

Route53

Supports services inside and

outside of the cloud

Product Comparison Alibaba Cloud for AWS Professionals

3.3 Renewal

ACM attempts to automatically renew ACM Certificates before they expire except for certificates

associated with Route 53 private hosted zones. If ACM is unable to automatically renew the

certificate, it will send notifications to users to require manual renewal.

You need to renew certificates manually on Alibaba Cloud Certificates Service. After renewal and

review are complete, a new certificate will be issued. You can install this new certificate on your server

to replace the expiring certificate.

3.4 Pricing

SSL/TLS certificates provisioned through AWS Certificate Manager are free. You pay only for the AWS

resources you create to run your application.

Alibaba Cloud Certificates Service not only provides free, trusted certificates, but also provide

purchasing highly-secure certificates straight from the Alibaba Cloud platform.

3.5 Feature comparison

AWS ACM features and terminologies maps to that of Alibaba Cloud SSL Certificates Service as

follows:

4. Mobile security

AWS does not provide security services specifically for mobile applications. Alibaba Cloud’s Mobile

Security provides security services for the full lifecycle of mobile app delivery, including risk detection,

Feature

AWS Certificate Manager

(ACM)

Alibaba Cloud SSL Certificate

Using Existing Certificate Supported Supported

Import Third-Party

Certificates

Supported Supported

Free Certificates Supported Supported

Paid Certificates Not Supported Supported

Renewal Supported Supported

Integrated Services

AWS Elastic Beanstalk,

CloudFormation, CloudFront,

APIs on API Gateway

Alibaba Cloud CDN, Anti-

DDoS Pro, WAF, and Server

Load Balancer

Automatic Deployment Supported Supported

Management

Management console, ACM

API, SDK, CLI

Console

Product Comparison Alibaba Cloud for AWS Professionals

security protection, and threat intelligence.

4.1 Risk detection

Risk detection is implemented by uploading an APK package to scan for malicious codes and

vulnerabilities. The scan result includes details of vulnerabilities, such as vulnerability quantity, names,

types, and repair suggestions.

4.2 Security protection

Security protection is meant to harden apps and connect security components. Apps are hardened to

provide SO shelling, and DEX files are shelled to prevent against different types of analysis tools. This

feature adds security components and applies ongoing components to newly uploaded apps to

prevent attacks, client information leakage, and forged requests.

4.3 Threat intelligence

Threat intelligence detects forgery and risks of network-wide apps based on big data, and keeps an

eye on network disks of forums to implement multidimensional forgery detection.

4.4 Pricing

Alibaba Cloud Mobile Security Service is available in two versions: Basic Edition (Free Trial) and

Professional Edition (Paid Version). For Professional Edition, Mobile Security service fee is based on

two types of services: Vulnerability Scan and Application Hardening.

5. Server guard

At present, AWS has not launched a security product that covers host security. Alibaba Cloud’s

Server Guard is a lightweight agent installed on a server. Server Guard associates with cloud threat

intelligence to implement vulnerability management, baseline detection, exception detection, and

asset management, thereby creating an in-depth defense system.

5.1 Vulnerability management

Detect system software CVE vulnerabilities, Windows vulnerabilities, Web-CMS vulnerabilities and

other high-risk vulnerabilities.

5.2 Baseline detection

Baseline detection checks for account security, weak passwords, and configuration risks.

Product Comparison Alibaba Cloud for AWS Professionals

5.3 Intrusion detection

By analysis of user behavior, intrusion detection detects off-site login and transaction information,

brute force password cracking, and website backdoors.

5.4 Pricing

The basic version of Server Guard is currently available free of charge. When you purchase an ECS

instance, you simply need to agree to our license agreement, before logging in to the Server Security

Management Console. The advanced version of Server Guard, which offers additional features for

enterprises, will be available in mid-2018 and will be a paid service.

Migration Service

Alibaba Cloud provides cloud migration and implementation services for enterprise customers.

Alibaba Cloud migration services include “Application Migration,” “Data Migration” and “Big

Data Implementation.”

Apply Now

Our current services as are listed as below.

Application Migration

Through the Alibaba Cloud migration tool, you can migrate physical or virtual servers to Alibaba

Could. The Alibaba Cloud Migration Tool is applicable to the following scenarios:

Migrate physical servers to Alibaba Cloud ECS console

Migrate virtual machines to Alibaba Cloud ECS console

Migrate from another cloud platform, such as Amazon Web Services (AWS), Microsoft Azure,

Tencent Cloud, or Huawei Cloud to the Alibaba Cloud ECS console.

Data Migration

Migrate your relation database to Alibaba Cloud RDS (Source: Oracle, PG, DB2, SQL Server,

MySQL, Target: RDS\DRDS). Includes full migration and incremental migration.

Migrate your FTP, File Server, AWS S3 to Alibaba Cloud OSS Storage.

Big Data Implementation

Product Comparison Alibaba Cloud for AWS Professionals

Support for the Big Data structure conversion to Alibaba Cloud MaxCompute.

Support for relational database (including Oracle, DB2, PG, SQL Server, MySQL, RDS, DRDS)

migration to MaxCompute.

Support for the implementation of Big Data Warehouse Solution. Includes: data warehouse

modeling, data incremental synchronization management, and incremental data

consolidation program implementation.

Product Comparison Alibaba Cloud for AWS Professionals