Cloud platform

Amazon Web Services

The cloud you go to when the workload needs something the Microsoft stack doesn't have.

Kootechnikel designs, migrates, and operates AWS workloads for Vancouver businesses that need raw cloud breadth — 240+ services spanning compute, storage, data, AI, and global edge — with disciplined cost governance and security guardrails from day one.

AWS Canada (ca-central-1 Montreal + ca-west-1 Calgary) keeps data in Canada with 400+ global CloudFront edges for low-latency delivery. Eleven nines of durability on S3.

Talk to an engineer Vendor site ›

What it is

Amazon Web Services is the market-leading public cloud — roughly one-third of the global cloud infrastructure market — with 240+ fully featured services across 30+ geographic regions (including ca-central-1 in Montreal and ca-west-1 in Calgary, both relevant for Canadian data residency). AWS's positioning is breadth and maturity — almost anything you can imagine can be built on AWS, and most of the largest internet workloads in the world already are.

For a Kootechnikel client, AWS typically shows up in one of three shapes: (1) the client already has an AWS footprint from a product they built or acquired and needs operational management; (2) a SaaS or web-app workload that needs the developer ecosystem, the database depth (Aurora, DynamoDB, Redshift), or the AI/ML breadth (Bedrock, SageMaker) that AWS leads on; or (3) a cost-sensitive storage or archive workload where Amazon S3, S3 Glacier, and Amazon EFS are the right answer regardless of the rest of the stack.

AWS is run through the AWS Management Console, the AWS CLI, CloudFormation or Terraform for infra-as-code, and IAM for identity — a separate identity model from the Entra ID world, which is an important architectural consideration.

Key capabilities

Amazon EC2
Virtual server instances across hundreds of types: M-series general purpose, C-series compute-optimized, R-series memory-optimized, T-series burstable, and Graviton ARM for better price/performance.
Amazon S3
Object storage with 11 nines of durability, multiple storage classes (Standard, Intelligent-Tiering, Glacier Instant/Flexible/Deep Archive), versioning, and Object Lock for ransomware-resistant backups.
Amazon RDS + Aurora + DynamoDB
Managed relational (MySQL, PostgreSQL, SQL Server, Oracle, MariaDB), AWS-built Aurora for MySQL/PostgreSQL at scale, DynamoDB for serverless NoSQL.
AWS Lambda + ECS + EKS + Fargate
The serverless and container stack: Lambda for event-driven functions, ECS/EKS for container orchestration, Fargate for serverless containers without managing nodes.
VPC + IAM + Organizations
Virtual networking, fine-grained role-based identity and access control, multi-account governance with Service Control Policies.
GuardDuty + Security Hub + Shield + WAF
ML-driven threat detection, unified security posture, DDoS protection, and web-application firewall — plus AWS Backup for centralized backup policy.
CloudFront + Route 53
Global CDN with 400+ edge locations and managed authoritative DNS with health checks and traffic-policy routing.
Well-Architected Framework
The six-pillar review framework (Operational Excellence, Security, Reliability, Performance Efficiency, Cost Optimization, Sustainability) we use on every AWS engagement.

Who it’s for

A Vancouver fintech with a customer-facing web application on EC2 + RDS + CloudFront, needing PCI-DSS-aligned controls and AWS Shield + WAF fronting every public endpoint.
A biotech or media company with 80 TB of archival data that belongs in S3 Glacier Deep Archive at roughly $1/TB/month, with lifecycle policies moving cold data automatically.
A SaaS product team acquired by one of our clients, already running on Lambda + DynamoDB + API Gateway, needing operational ownership, CloudWatch alarms, cost governance, and a Well-Architected Review.

Integrations

AWS IAM Identity Center (formerly AWS SSO) federates to Entra ID or Okta — AWS console and CLI access use the same corporate identity as Microsoft 365. CloudWatch Logs and GuardDuty findings stream into Microsoft Sentinel, Splunk, or native SIEM via EventBridge. Backup partners: Veeam Backup for AWS, Commvault, native AWS Backup. Infra-as-code: Terraform (most common in our practice), CloudFormation, AWS CDK. Connectivity: AWS Direct Connect for private Canadian carrier links, Site-to-Site VPN for simpler cases.

Partner status & certifications

AWS Partner Network (APN) tiering under the AWS Services Path — Select Tier (entry), Advanced Tier, and Premier Tier (top). Tier progression is driven by trained/certified engineers, AWS-launched customer references, and revenue thresholds. AWS Specializations (industry, use-case, and workload validations) sit under the consolidated partner-programs umbrella. Engineer certifications: AWS Certified Cloud Practitioner, Solutions Architect Associate/Professional, SysOps Administrator Associate, Security Specialty, DevOps Engineer Professional.

Pricing model

Consumption-based, billed per-second or per-hour on compute, per-GB-month on storage, per-request on Lambda and S3, per-GB on egress. Commitment discounts via Savings Plans (Compute and EC2 Instance) and Reserved Instances (RDS, ElastiCache, Redshift) — typically 30–60% on 1- or 3-year terms. We monitor monthly spend against tagged cost-centre allocations and send clients a cost-optimization brief rather than letting bills drift.

Why we chose them

AWS is where you go when the workload needs something the Microsoft stack doesn't have — the database depth of Aurora and DynamoDB, the object-storage economics of S3 Glacier, the serverless maturity of Lambda, or a specific AI/ML primitive in Bedrock or SageMaker. We run AWS the way a mature MSP should: IAM Identity Center federated to Entra so there's one source of truth for humans, Terraform for everything that isn't one-off, Well-Architected Reviews on a cadence, and GuardDuty + Security Hub piped into the same SOC pipeline as the Microsoft side.