Forem: Himanshu Rathore

Cloud Providers in 2026: Is it still "Nobody gets fired for buying AWS"?

Himanshu Rathore — Wed, 21 Jan 2026 06:43:12 +0000

It’s 2026. The cloud wars aren't about who has the most services anymore—it’s about who can help you manage the AI-induced chaos without draining your bank account.

If you’re looking at your infra roadmap for the year, the landscape has shifted. We’ve moved past the era of "just put it on EC2" into an era of specialized hardware, sovereign data requirements, and a massive pushback against the hyperscaler tax.

Here’s my take on how the heavy hitters (and one very interesting underdog) stack up this year.

1. AWS: The Default (With a Side of Complexity)

AWS is still the 800lb gorilla. In 2026, they’re leaning heavily into their custom silicon. If you aren't running on Graviton4 for general compute or using Trainium3 (and eyeing the Trainium4 roadmap) for your models, you’re basically leaving money on the table.

The Vibe: Everything but the kitchen sink.

Best for: Massive enterprises that need 200+ services and don't mind hiring three full-time FinOps engineers just to read the bill.

The 2026 Reality: AWS is still the safest bet for job security, but the Developer Experience (DX) feels increasingly bloated. Their new European Sovereign Cloud is a lifesaver for GDPR-heavy projects—but it comes at a premium.

2. Microsoft Azure: The Enterprise AI Powerhouse

If you’re in a corporate environment, Azure isn't just a cloud; it’s an extension of your OS. Their deep-rooted partnership with OpenAI has made them the standard for enterprise-grade agentic AI implementations.

The Vibe: "It just integrates."

Best for: Teams already locked into the Microsoft ecosystem (GitHub, Entra ID, Office 365).

The 2026 Reality: Azure Arc is their MVP this year. It lets you manage resources on AWS or on-prem as if they were native Azure resources. It’s the ultimate Trojan Horse for multi-cloud management.

3. GCP: The Data & Kubernetes Purist

Google Cloud is still the engineer’s cloud. While they’re still #3 in market share, they’ve doubled down on being the best place to run GKE (Kubernetes) and massive data pipelines.

The Vibe: Fast, clean networking and high-performance compute.

Best for: AI startups that need TPUs (Tensor Processing Units) and teams that want the best managed K8s experience on the planet.

The 2026 Reality: Vertex AI has matured into a very slick platform for agent meshes. They’ve finally fixed most of their confusing IAM quirks, making GCP far more approachable than it was three years ago.

4. Civo: The Emerging Simple Alternative

This is where things get interesting. In 2026, we’re seeing a Great Simplification. Many of us are tired of hidden egress fees and 50-page documentation sets from the Big Three. Civo has carved out a serious niche here.

The Vibe: Cloud-native without the headache.

Best for: Developers who want K8s clusters that spin up in under 90 seconds and predictable billing.

The 2026 Reality: Civo is leading the charge in Sovereign AI. With new regions focused on keeping data within borders, they’re becoming the go-to for emerging 2026 data residency laws. Plus, they offer high-end GPU access at a fraction of the hyperscaler markup.

The 2026 Decision Matrix

Feature	AWS	Azure	GCP	Civo
Primary Strength	Service Breadth	Ecosystem Tie-in	Data / AI Speed	Simplicity / Price
K8s Experience	EKS (Solid)	AKS (Good)	GKE (Best)	Managed K8s (Fastest)
Pricing	Complex / Tiered	Good for MS Shops	Per-second / TPU	Flat / Transparent
AI Focus	Custom Hardware	Agentic / Enterprise	Vertex AI / TPUs	Sovereign / GPU-centric

Conclusions

The right cloud in 2026 depends entirely on your architectural philosophy:

Choose AWS if you have a legacy stack, a massive budget, or need a niche service no one else provides. It remains the most robust—and the most exhausting.
Choose Azure if your organization is standardized on Microsoft. The AI integration across their stack is currently unbeatable for productivity.
Choose GCP if you’re building data-heavy systems or want the most mature Kubernetes environment. For training performance-per-dollar, TPUs still reign.
Choose Civo if you’re a startup or developer who values speed and sanity. In an era of rising complexity, their predictable cloud and sovereign AI focus is a breath of fresh air.

In 2026, multi-cloud isn’t a buzzword—it’s a survival strategy. Most of my projects now follow a “Primary + One” approach:

AWS or Azure for boring corporate workloads
GCP or Civo for high-performance, cost-sensitive systems

What are you running on this year?

Let’s fight about it in the comments. 👇

The Infrastructure Blueprint: A Deep Dive into AWS VPC

Himanshu Rathore — Sun, 18 Jan 2026 14:32:52 +0000

If you’ve spent any time in AWS, you’ve probably clicked "Create VPC" more times than you can count. But there’s a massive difference between setting up a VPC that works and designing a VPC that is resilient, secure, and ready for a 2:00 AM traffic spike.

Think of a Virtual Private Cloud (VPC) not just as a "private network," but as the foundational blast radius for your entire cloud footprint. In this deep dive, we’re going to peel back the layers on how networking actually works under the hood at AWS.

1. The Address Space: Why CIDR Choice Still Matters
When you define your VPC CIDR (Classless Inter-Domain Routing), like 10.0.0.0/16, you are making a decision you might have to live with for years.

The Human Reality: Most people default to /16 because 65,536 IPs sound like "enough." But the real danger isn't running out of IPs—it’s overlapping ranges. If you ever want to connect your VPC to an on-premise data center or another VPC via Peering or Transit Gateway, and both use 10.0.0.0/16, you’re in for a world of routing pain.

Pro-tip: Use the secondary CIDR block feature if you get stuck, but try to coordinate your IP plan across your entire organization early. Also, remember that AWS reserves 5 IP addresses in every subnet. If you create a tiny /28 subnet (16 IPs), you only actually get 11.

2. Subnets: Segregation by Design
Subnets are where your resources actually live. The common pattern is Public vs. Private, but let’s look closer:

Public Subnets: These have a route to an Internet Gateway (IGW). This is where your Load Balancers or Bastion hosts live.

Private Subnets: No direct route to the IGW. They use a NAT Gateway (placed in a public subnet) to talk to the outside world.

Isolated Subnets: No IGW, no NAT. Just local VPC traffic. This is the gold standard for your databases (RDS).

The Multi-AZ Rule

Never, ever put all your subnets in one Availability Zone (AZ). If us-east-1a has a bad day, your app shouldn't. A "production-ready" VPC always mirrors its subnet structure across at least two (ideally three) AZs.

3. The Gatekeepers: Security Groups vs. NACLs
This is where most configuration errors happen. People often treat them as the same thing, but they operate on completely different logic.

The "Gotcha": If you use NACLs, you must remember to open Ephemeral Ports (typically 1024-65535). If you allow inbound traffic on port 80 but forget to allow outbound traffic on the ephemeral range, the connection will time out because the NACL is stateless.

4. Connecting the Dots: Peering, Endpoints, and Transit Gateway
As your architecture grows, one VPC isn't enough. How do you link them?

VPC Peering: Great for simple 1-to-1 connections. It’s free to set up, but doesn't support "transitive routing" (VPC A can talk to B, B to C, but A can't talk to C through B).

Transit Gateway (TGW): The "Hub and Spoke" model. If you have 10+ VPCs, TGW is your best friend. It acts as a central router.

VPC Endpoints (PrivateLink): This is the "secret sauce" for security and cost. Normally, if an EC2 instance in a private subnet wants to talk to S3, the traffic goes out the NAT Gateway to the public internet. With an S3 Endpoint, that traffic never leaves the AWS backbone. It’s faster, more secure, and saves you money on NAT Gateway data processing fees.

5. Modern Observability: VPC Flow Logs
You can't fix what you can't see. VPC Flow Logs capture information about the IP traffic going to and from network interfaces.

When a developer says, "I can't reach the database," the Flow Logs will tell you exactly where the REJECT is happening. Is it the Security Group? The NACL? The Flow Logs don't lie.

Final Thoughts: The "Zero Trust" Mindset

In 2026, we don't just rely on the VPC boundary. We use Identity-Based Security (IAM) alongside Network-Based Security (VPC).

A well-designed VPC is invisible when it works, but it’s the first thing people notice when it fails. Start with a clean CIDR plan, stick to a multi-AZ layout, and use Endpoints whenever possible. Your future self (the one not getting paged at 2 AM) will thank you.