Every time somebody questions why you might "trust" AWS (or Azure or GCP or whatever), or why you'd pay this premium, I realize they are not accustomed to working in enterprise environments.
In my case, I work at a large enterprise with strict data governance built into customer contracts, and (partly related, partly not) our own governance concerns. Using vendors where you not only have infosec permission, but they are also listed as data processors in our contracts with our customers is the way not to get fired and sued.
If I'm playing around at home, with my own code and data, I can do whatever I want. But with my employer and customer? Absolutely not. It's the same reason we don't use whatever is the flavor of the month frontier model is.
Side hustles and startups just have an entirely different set of constraints and considerations.
Have you considered checking the actual AWS contract and the limited liability they explicitly stipulate in contracts and even linked docs from marketing materials?
If you read the fine print, you'll notice something funny. You are largely responsible for data loss, SLA claims require you to present concrete evidence, and the remediation you accepted is usually credits for future spend on specifically the same product you lost your data on.
And AWS fine print is actually quite reasonable compared with, say, GCP, where the SLA seems mostly useful so the enterprise acquisition team can say "they have SLA, I can't get fired for choosing them since I did my due diligence!", while GCP can say "you already accepted the proposed remedy when signing the contract, sue us and we'll just point you to it. Thanks for your trust.". [0]
^ Standard multi-region or dual-region storage has a 99.95% availability SLA, regional Standard has 99.9%, and regional Nearline, Coldline, or Archive can be as low as 99.0%. The credits are 10%, 25%, or 50% of the monthly bill for the affected service tier, with 50% as the aggregate monthly cap, applied to future use. Google also says the customer must request the credit within 30 days or forfeit it.
They didn't mention anything about SLAs. This is about all the time, effort, paperwork and risk it takes to add yet another vendor. Having fewer vendors does actually reduce risk, as long as your chosen vendors are reasonably good. Though the bigger reason is certainly avoiding the additional bureaucracy, which is partly self-inflicted in larger companies but also not without merit.
Yeah, I understood the original point. And I'm tired of it.
I'm just tired of the 'everyone follows their immediate incentives while the system stays incoherent' as the de facto reality. I think shedding some light over the actual mechanics would maybe make someone consider 'perhaps we shouldn't allow our acquisition team just turn off their brain and choose the default to cover their bottoms; maybe vendors are worth more decision investment via actual thinking instead of performatively ending up on the default choice after a little ritualistic game of "eeny, meeny, miny, AWS"'.
I think it's worth pointing out that Jeff Bezos would fight this tooth and nail from happening in his companies. He popularised 'process as proxy'. Yet AWS as sold to external enterprises is the exact proxy Bezos warned against internally. Do what Bezos does, and even what Bezos preaches, just don't do by default what Bezos sells.
Which vendor would you rather use in this context, with your sensitive customer data?
-vendor A's list of sub-processors is a mile long and includes providers of questionable repute;
-vendor B's list is short and includes AWS and GCP
I think he's arguing about OpenAI vendoring specifically, where OpenAI has a lot of subprocessors, but AWS doesn't and there's not really a 3rd camp to choose from, yet. But even there you can't just choose AWS as I tried to illustrate in uncle comment.
The politics of multimillion dollar contracts for public clouds go far, far, far beyond the preferences of an acquisition team, or what the engineers may think.
They're motivated not by the actual loss, but the checkmark of having attestation for a compliance framework.
So the fact that Microsoft let remote hands-on-keyboards in the PRC fix problems on GCC-High Azure nodes used by DoD contractors doesn't matter, since they're too big to censure in any meaningful way without impacting tens of thousands of businesses that rely on them to get a letter that satisfies a compliance assessor.
Actually knowing what you're doing, or being able to critically assess the risks of using a specific provider, doesn't matter.
Nobody ever got fired for buying I̵B̵M̵ AWS. Most corporations already use AWS, used to its legal terms and accepted the risk. Any new provider will be scrutinised by legal more than an existing one.
Models on Bedrock can have different and additional terms and conditions, there's even variety within the same provider for some of them. The Anthropic ones certainly have their own EULA. It's a bit frustrating because ideally it should be a known legal status, but in fact it still needs legal review if you're doing anything interesting.
this..it doesnt really matter whats on the contract they all sell same things. in enterprise things just should not get u sacked :p then it workks perfectly.
Our corporate lawyers have all reviewed these things. And like others mentioned, the SLAs are not the concern, its related to data security and someone to blame if things go boom.
On top of this, there's a vast difference between "what do you mean that team spent $1000 on AI in their expense report, what did we get for that?" vs. "oh, the company-wide AWS bill went up by a few percent, let's look into that when we have time." The latter makes projects far more viable.
OTOH, the other form is that instead of generic AI spend going up it is total spending for a particular AWS account within the umbrella of the firms AWS organization, so that the spending is attributed to a specific project whose use case, other costs, and (presumably) benefit and/or revenue can be considered.
Of course, if your AWS stuff is just one undifferentiated bucket, that’s a problem, but AFAICT AWS (like GCP) is much better set up for tracking use and costs by project than OpenAI (or Anthropic), because its an enterprise cloud provider where fitting into how large organizations track things at multiple levels is as much a core competency as any technical feature, whereas OpenAI and Anthropic are AI technology providers that are much less mature as enterprise vendors.
The security posture at AWS is different. AI startups are going to get hacked and leak data etc. All the startup webapp builder tools, vscode plugin players etc.
AWS could still be hacked, but they've taken some care to make it a bit less likely, a bit easier to track which customers affected etc. If you dig into AWS logging for example, there is a TON if you turn it on, you can really go back and see who did what to the permissions / environment etc. I imagine they've got pretty good logging of their staffs access to things as well. I had to jump through some hoops once to have their staff on my account.
What GP meant is that the CTO of a $1b company wold absolutely not fire someone for going Azure because at those scale it's very likely they have a set of customers that exclusively want to work on Azure, so that choice makes sense.
It's easy to do blanket statements like "never choose azure", "avoid GCP at all cost" or "never again on AWS". Until real world comes your way and you are forced to deal with it.
That being said: I'd fire anyone choosing to deploy a workload on GCP.
Another reality is that at that scale you need to diversify your vendor portfolio so you never get stuck in a single-vendor scenario (for contracts, liability or scale). Many companies half this size have infrastructure across all three - AWS, Azure and GCP. The primary reason is redundancy, but that also gives them potential leverage for contract negotiation.
I have just moved from a free environment in which I was able to use any AI harnesses or models to a strict enterprise environment.
I was shocked to realize how difficult it has been to have a GitHub CoPilot license on Azure. I mean, they're both Microsoft products. But no, the IT now has to figure out how to set up a GitHub enterprise, link to Azure subscription, and all that.
and set reasonable global and user token limits to avoid burning a year's IT spend cause Dave in Legal went ham on tokenmaxxing by uploading his entire legal case history.
in a company of 12 you can do that by saying 'we're all generalists, just don't be an idiot'. In a company of 10,000, you hired Dave cause he's good at legal merger mumbo jumbo not because he's an IT generalist.
Yeah, cloud agents come with nice things like being able to filter content, implement guardrails like preventing PII or prompt injection from taking place. even if they sucked, at least liability wise you're set. I don't know how someone could even come close to this capability by doing it on their own. If anyone does, please share what tools, platforms and projects you're using.
The agreements that Anthropic/OpenAI are pretty general and there’s a lot of use cases they don’t meet.
The list of compliance standards that AWS meets is so big they have a separate product just to deliver the compliance documents. They basically do everything imaginable.
It’s not just that. Oftentimes contracts stipulate that the client’s data can’t be transferred across certain boundaries. If you have signed such an agreement, even sending the data to a service on the same cloud provider but in a different region could be a huge compliance violation.
If you've used AI coding models in a large corporate setting, you'll know that a lot of big corporate deployments basically require using AWS Bedrock for two simple reasons:
1. Large companies tend to already have an existing relationship with AWS, which makes things way easier to go through vs. setting up a new vendor relationship
2. Large companies tend to have strong internal requirements about making sure that internal data stays under company control. With AWS Bedrock, you can be a lot more confident that what you're feeding into the models is not going to end up in someone's training set somewhere. For where I work, this requirement is a dealbreaker for going directly through OpenAI's API instead of going through AWS Bedrock.
To go a step further, the reason it's often impossible to add a new vendor if that you've signed a bunch of contracts with your customers saying you're not going to send their data to other vendors in all sorts of various flavors.
3. from my opportunity - For many (not all) LLMs, Bedrock gives you control over which country the data stays in. You have no control over that with the Claude API, for example. We do not work in the US and have strong requirements for the data to stay in our country, which Bedrock gives us control over.
> We do not work in the US and have strong requirements for the data to stay in our country, which Bedrock gives us control over.
It doesn't actually. The US can request data from whatever country US companies store it, and companies must comply.
So if you have strong requirements for data to stay in your country, using a US provider, whatever it is, is out of question no matter what the company's marketing claims (they are not maintaining these claims under oath for what it's worth: https://www.senat.fr/compte-rendu-commissions/20250609/ce_co... )
4. AWS billing is already cross-charged to different departments per account. Copilot/Claude/Codex would need that setting up all over again, and is (probably) all coming out of a central bucket right now. Switching to Bedrock APIs is really easy, and solves a problem for people high enough up in the organisation that they can insist on it.
Curious to understand how AI will continue to grow if this is the trend. Assuming most valuable data is behind such firewalls. And whatever is public has been harvested, trained on top of whatever has been acquired illegally (this is a grey area).
Will it become a closed ecosystem without outside input?!
The pace of data creation is only increasing, and our capabilities of sharing and storing it is growing as well. Lots of this is out in the open, ready for anyone to crawl and scrape.
There probably is a point of “peak data” where the amount of new data will start decreasing, but that’s likely a 22nd or 24rd century problem.
Pace of data creation ignores the fact that the majority of the big gains in LLM “intelligence” has come from scraping and feeding in the huge amount of public data that already exists.
Unless we’re producing data on the order of an entire new internet every couple of years, then it’s hard to see how LLMs can achieve further huge leaps in capability compared to training on effectively 0% of the internet vs 100% of the internet.
That is without going into fact that many already use AI to type out and write stuff. I have a customer in Far East that routinely uses it even for simple emails, he is not so familiar with English.
The majority of the gains come from the size of the supercomputers used to train them on. That's still growing. The algorithms used, and how the data is annotated is also some secret sauce.
If anything, trend will go towards sharing data less. It will become more important to keep the knowhow and data to yourself so the companies will do that.
And individuals will loose motivation to share, because it wont be that pro-social activity anymore anyway.
What other people are saying, but also because Amazon does not want to fuck around in this space. They don't want the legal fight or the reputational damage that would come with it.
To take an easy example that has actually had lawsuits I can link to, you must be unfamiliar with the lawsuits against Amazon for misusing sellers' data in order to undercut them with their own products... https://www.reuters.com/sustainability/13-bln-uk-lawsuit-acc...
There's zero reason to "trust" Amazon about anything. (And yes, I know the retail and AWS sides of the company are different, but it's still the same company. The same rot is always there, just shuffled around.)
this is not related to AWS, but merely to amazon's retail business and their sellers know and sign up for the deal when they sell via amazon.
every single retail company does this, they allow suppliers to sell the product using retails's infrastructure, and then retailer turns around and create private label products using sales data (Costco's Kirkland Signature, Walmart's Great Value, are just some examples)
Yes, but Kirkland's signature comes from the same factory. If I'm the factory owner and Costco vis going to guarantee me sales albeit at a slightly lower margin, so long as I slap a different sticker on it, that's different than from Amazon finding out which of my products sells best and then gets someone else to rip it off so I don't get paid anything.
That’s not the case at all. Kirkland just ditched Huggies making their diapers. They just introduced a breaded chicken tender nug to compete with one on the shelf.
They absolutely go out and find who can make the product and the quality and price they want. It’s not always an identical product to the brand name on the same shelf. Sometimes it displaces the brand name.
First of all, we don't know which factory kirkland's products are coming from. Even if they are coming from the same factory, who guarantees the same ingredients and quality control was used???
everything from amazon is coming from China, I dont understand why does a random person who resells stuff from Chinese factories via Amazon FBA feels entitled for exclusivity arrangement with Amazon?
Was such exclusivity encoded in some form of legally enforceable agreement ?
In contrast to Microsoft, OpenAI, and Anthropic, AWS has never done anything close to sneaking in unwanted training opt-outs after the fact.
They are the only ones I trust not to do that so far. And their terms are extremely clear on that, no fuzzy language. Exactly what we want to see. So we use Bedrock.
Laws and rules don’t hold anyone accountable. Anyone can say anything and then break that trust the next second.
Instead you trust your best friend because you have known them for 15 years and seen them in enough situations. It’s long term observation and predictability they ultimately gives trust.
AWS has been around 20 years and has never once shown a sign that that they would sell customer data. Could they still try? Sure, in the same way they my friend who hates seafood his entire life could suddenly flip 180 and love it. Yeah I guess it’s possible.
Actually yes, when it’s other huge corporations holding them accountable. It’s only when politicians who are much more cheaply bought get involved that creates problems. When the other side has a significant war chest to combat you with, suddenly behavior improves
You really don't understand what AWS offers if you think this is what is getting them workloads (including competitors and highly sensitive govt workloads).
Having worked with lots of companies, I can say that trust is there. But true test is competitors of Amazon. Does Walmart use them? Ebay? Although not in exact same business.
Contractual obligation, external third party audits, and above all, AWS’s reputation.
AWS isn’t going to risk their reputation, and thus huge chunks of their business, just so a few AI labs can get some extra training data. That’s an insane risk with zero upside for AWS. AWS knows full well they will make insane quantities of cash without breaking legal contracts with companies who pay them billions each year for infra.
they’re crap on a lot dimensions of how they treat customers but data privacy/security is one thats taken pretty seriously at AWS, perhaps owing to the massive reputational damage that would result if they played loose with it.
If you are wondering why anyone would spend more money to use these APIs through AWS instead of going direct: In some companies it’s nearly impossible to get new vendors approved. If the company has an AWS contract then you have to use what AWS offers.
AWS Bedrock is other companies’ models running on separate dedicated AWS hardware, metered through AWS billing. AWS owns and operates all of the infrastructure and the client interface; the model provider basically hands over the model and weights to AWS and AWS Bedrock take it from there.
So, as an example, if you use Codex through Bedrock, that’s a totally separate instance of Codex from anything you would be interfacing with if you directly used OpenAI’s API; if you use Codex via Bedrock, OpenAI never sees your data or prompts because they stay sandboxed in an ephemeral Bedrock instance. For many large enterprise deployments this hard boundary is a big big deal.
Over the past year, Claude being available via Bedrock and ChatGPT/Codex not being available via Bedrock has been a huge competitive advantage for Anthropic in the enterprise space.
Even if you can get it approved you are adding surface area to your annual security audits, adding another vendor that needs to be disclosed on security assessments, spreading your data to yet another processor, and adding another invoice and budget discussion. Depending on your customer contracts you may need to notify them of a new vendor. This might trigger a new security review. Oh it’s just another model on Bedrock? Bliss.
Every CEO, board, and middle manager in the world is AI buzzword-obsessed now. Surely asking to sign a contract with the frontier labs directly would not get held up?
If you're an engineer in the trenches of the company, good luck convincing the people above to sign that contract. You'll waste thousands of hours just trying.
Absolutely huge news for OpenAI. Unimaginable amount of enterprises picked up Claude just because it was available in AWS, and now there's serious competition.
Anthropic better get that IPO out soon. Their incredible revenue run-up was basically a result of botched Gemini releases and OpenAI having their hands-tied behind their Azure backs.
Anthropic models were quite literally the only viable serverless API (i.e. Bedrock) models on AWS. They didn't even bother releasing the recent Qwen 3.5/3.6 series. Combined with the token efficiency/ROI focus, I would really like to see how Antrhopic ends Q3.
This is a great move for OpenAI and one that should worry Anthropic. Bedrock was the only way I could use foundation models for a while given AWS lock-in and security requirements.
Claude is already available as both a pass-through to Anthropic's servers from AWS and in Bedrock. https://aws.amazon.com/claude-platform/ I imagine they're not thrilled that their first mover advantage has gone now, but they'll have seen it coming a mile off.
Claude Code keeps omitting new features from people using it through Amazon Bedrock (e.g. auto mode, ultra plan, Claude for Chrome). Hopefully some more competition can get them to rethink their strategy.
It's so odd, because Claude models on Amazon Bedrock do support all those features.
For awhile now, I've had a api.anthropic.com emulator that "secretly" forwards requests to Amazon Bedrock. Works great and now I get all the nice first-party only features right away.
Sucks for Azure. They were the chosen one but couldn’t keep up with demand. Once OpenAI got out of that exclusivity deal saying Azure wasn’t reliable I knew AWS was where they were headed.
Frontier labs provide “frozen” builds of their models that hyperscalers just serve without collecting data. This is a prerequisite from most of the companies that store sensitive data and still want to use frontier LLMS.
This is great news. I wish they were keeping their other models updated. With Gemma 4 and Qwen 3.7 already available on OpenRouter, bedrock is just not keeping up at all.
was only a matter of time. enterprise teams on aws werent going to rearchitect their stack just for model access, easier to bring the models to where the workloads already are
It's fascinating that cloud providers like AWS/GCP/Azure are now immovable "enterprise" technologies, in the way that IBM, Oracle, SAP, etc. were 15 years ago (and still are!).
Fond memories when only startups used S3 and EC2....
It's both an incredible triumph and tremendously sad that cloud providers are now the dinosaurs. So many companies are locked in, just as they were before. It's only going to get worse.
But their contract with Microslop prevents this?!?!? They specifically said like a month ago that they wouldn’t sell API access on AWS, they would only release specific products.
The AWS pricing page says 10% more than OpenAI, which is probably because they’re forcing all inference through the US and data residency is at a 10% premium from the model vendors for whatever reason (because you’ll pay for it).
If they put in a global endpoint like with Claude (or OpenAI directly) then it’ll probably match the direct pricing, if the pattern holds.