Cloud Audit: Multi-Cloud Design
Drop — Multi-Cloud Architecture Design
Date: 2026-02-19
Auditor: solution-arch (CloudForge cloud-audit team)
MC Task: #1443
Executive Summary
Drop is 85% cloud-portable thanks to Docker containerization and PostgreSQL. Main AWS lock-in: App Runner (easily replaceable). Recommendation: stay on AWS, optimize current setup, design Terraform with abstraction for future portability.
1. Provider Comparison Matrix
| Service |
AWS (Current) |
Azure |
GCP |
| Compute |
App Runner ($25-35/mo) |
Container Apps ($20-30/mo) |
Cloud Run ($15-25/mo) |
| Database |
RDS PostgreSQL ($15-18/mo) |
Azure DB for PG ($15-20/mo) |
Cloud SQL ($12-18/mo) |
| Registry |
ECR ($1-2/mo) |
ACR ($5/mo) |
Artifact Registry ($1-2/mo) |
| Secrets |
Secrets Manager ($0.40/secret) |
Key Vault ($0.03/10k ops) |
Secret Manager ($0.06/10k ops) |
| CDN |
CloudFront ($0-5/mo) |
Front Door ($35+/mo) |
Cloud CDN ($0-5/mo) |
| WAF |
AWS WAF ($5+/mo) |
Azure WAF ($20+/mo) |
Cloud Armor ($5+/mo) |
| Monitoring |
CloudWatch ($3-10/mo) |
Azure Monitor ($5-15/mo) |
Cloud Monitoring ($0-8/mo) |
| Total estimate |
$50-75/mo |
$100-130/mo |
$35-60/mo |
2. Portable Architecture
Cloudflare (DNS + CDN + WAF) ← Cloud-agnostic edge
|
| HTTPS
v
┌──────────────────┐
│ CaaS Platform │ ← App Runner / Container Apps / Cloud Run
│ ┌──────────┐ │
│ │ Docker │ │ ← Identical image everywhere
│ │ Next.js │ │
│ │ :3000 │ │
│ └──────────┘ │
└────────┬────────┘
│ DATABASE_URL
┌────────┴────────┐
│ Managed PG │ ← RDS / Azure DB / Cloud SQL
└─────────────────┘
Abstraction Strategy
| Layer |
Approach |
| Compute |
Docker image to any CaaS. No platform SDK |
| Database |
Standard PostgreSQL via DATABASE_URL |
| Secrets |
Terraform abstracts provider. App reads env vars |
| DNS/CDN/WAF |
Cloudflare (cloud-agnostic, free tier) |
| Monitoring |
Sentry (errors) + structured logs to any aggregator |
| CI/CD |
GitHub Actions (already cloud-agnostic) |
3. Migration Paths
AWS to Azure (3-5 days)
- Push image to ACR
- Create Azure DB for PostgreSQL Flexible Server
- pg_dump/pg_restore data migration
- Deploy to Azure Container Apps
- Update Cloudflare DNS
- Write Azure Terraform modules
AWS to GCP (2-3 days)
- Push image to Artifact Registry
- Create Cloud SQL PostgreSQL
- pg_dump/pg_restore
- Deploy to Cloud Run (most similar to App Runner)
- Update Cloudflare DNS
- Write GCP Terraform modules
Lock-In Assessment
| Component |
Lock-In |
Notes |
| App Runner |
LOW |
Standard Docker, replaceable |
| RDS PostgreSQL |
LOW |
Standard PG, any managed PG works |
| ECR |
LOW |
Standard OCI registry |
| VPC Connector |
MEDIUM |
AWS-specific networking |
| IAM Roles |
MEDIUM |
AWS-specific auth model |
| Secrets Manager |
LOW |
App reads env vars regardless |
4. Recommendation: Stay AWS, Optimize
Rationale:
- $50-75/mo already low
- No business need to migrate
- 85% portable — migration possible in 2-5 days if needed
- Azure costs MORE (~$100-130/mo)
- GCP saves ~$15/mo but not worth effort now
- Security fixes (encrypt RDS, restrict SG, use Secrets Manager)
- Add Cloudflare free tier (DNS, CDN, WAF — cloud-agnostic)
- Terraform all resources (reproducibility)
- Add CloudWatch basic alarms ($3-5/mo)
Future Migration Triggers
- AWS cost > $200/mo → evaluate GCP Cloud Run
- EU data sovereignty requirement → Azure Norway East
- Multi-region needed → Cloudflare Workers + D1
- Kubernetes requirement → EKS or GKE
5. 12-Month Cost Projection
| Scenario |
Monthly |
Annual |
| Current (no changes) |
$50-75 |
$600-900 |
| Optimized AWS |
$55-80 |
$660-960 |
| AWS + Cloudflare |
$55-80 |
$660-960 |
| Azure equivalent |
$100-130 |
$1,200-1,560 |
| GCP equivalent |
$35-60 |
$420-720 |
No comments to display
No comments to display