Cloud service models comparison
IaaS vs PaaS vs SaaS
The three foundational cloud computing service models. Every technical conversation about cloud strategy touches these acronyms — understanding them precisely, and knowing the English vocabulary engineers use around them, is essential for any developer working with cloud infrastructure.
TL;DR
- IaaS (Infrastructure as a Service) — raw virtual machines, storage, and networking. You manage the OS and everything above it. Maximum control, maximum responsibility. Examples: AWS EC2, Google Compute Engine.
- PaaS (Platform as a Service) — managed runtime. You deploy code; the platform manages OS, scaling, and patching. Less control, less operational work. Examples: Heroku, Google App Engine, Fly.io.
- SaaS (Software as a Service) — fully managed software accessed via browser or API. You manage nothing except your data and configuration. Examples: GitHub, Slack, Stripe, Jira.
Three-way comparison
| Aspect | IaaS | PaaS | SaaS |
|---|---|---|---|
| You manage | OS, runtime, middleware, app, data | App code, data, configuration | Data, user access |
| Provider manages | Physical hardware, hypervisor, networking | Hardware, OS, runtime, scaling | Everything |
| Control level | High — full OS access | Medium — app-level only | Low — vendor configuration only |
| Maintenance burden | High — OS patches, security, capacity | Low — platform handles infrastructure | None |
| Scaling | Manual or auto (you configure) | Automatic (platform handles) | Transparent to user |
| Examples | AWS EC2, GCE, Azure VMs, Hetzner Cloud | Heroku, App Engine, Fly.io, Railway, Beanstalk | GitHub, Slack, Salesforce, Stripe, Jira |
| Target user | DevOps / platform engineers, large teams | Developers wanting to focus on code | Business users, end consumers |
| Customisation | Full — install anything on the VM | Within platform constraints | Config options only |
| Cost model | Pay per VM-hour + storage + bandwidth | Pay per dyno/instance + platform premium | Per-seat or usage subscription |
Deployment experience side-by-side
Deploying a Node.js web app in each model:
IaaS (EC2 — you do everything)
# 1. Provision a VM
aws ec2 run-instances --image-id ami-xxx --instance-type t3.small
# 2. SSH in and install Node.js
ssh ec2-user@1.2.3.4
sudo dnf install nodejs -y
# 3. Copy code, install deps
git clone https://github.com/you/app
cd app && npm install
# 4. Run with process manager
npm install -g pm2
pm2 start server.js --name app
pm2 startup # survive reboots
# 5. Set up Nginx, SSL, firewall...
# (you manage all of this) PaaS (Heroku — platform does it)
# 1. Create the app
heroku create my-app
# 2. Deploy (platform detects Node.js,
# installs deps, sets up HTTPS)
git push heroku main
# 3. Scale if needed
heroku ps:scale web=2
# That's it. No SSH, no Nginx,
# no SSL certificates, no process
# manager — Heroku handles all of it. When to choose IaaS
- You need full control. Custom OS configuration, specific kernel parameters, installing proprietary software — IaaS is the only option that gives you root access.
- Large-scale cost optimisation. At significant scale, the platform premium of PaaS adds up. IaaS lets you right-size instances, use spot/preemptible VMs, and optimise aggressively.
- Kubernetes and container orchestration. Running your own Kubernetes cluster (or managed like EKS/GKE) gives you portability and control that PaaS abstracts away.
- Regulatory requirements. Some compliance frameworks require specific OS hardening, audit logging, or data residency that PaaS cannot guarantee.
When to choose PaaS
- Small team, move fast. With PaaS you deploy in seconds and spend zero time on server operations — ideal for startups and prototypes.
- Developer productivity over cost. The platform premium buys engineering time — no DevOps hire needed for basic deployments.
- Standard web application stacks. If your app runs on a common stack (Node, Python, Ruby, Go, Java), PaaS supports it natively without configuration.
- Auto-scaling without expertise. Traffic spikes handled automatically — you configure a scale policy, the platform executes it.
When to use SaaS
- Commodity tools. Email (Gmail), project management (Jira), source control (GitHub), communication (Slack) — no team should build or self-host these.
- Specialist functionality. Payment processing (Stripe), transactional email (SendGrid), authentication (Auth0) — decades of expertise embedded in an API.
- Zero operational overhead. The vendor handles uptime, security patches, backups, and compliance certifications.
English phrases engineers use
IaaS conversations
- "We spun up an EC2 instance and set up the stack manually."
- "I need to patch the OS — there's a critical CVE."
- "We use Terraform to provision infrastructure as code."
- "The AMI has our base configuration baked in."
- "We're on spot instances to cut costs by 70%."
PaaS conversations
- "Just push to Heroku — it deploys automatically."
- "The platform handles SSL termination — we don't touch certs."
- "Scale the web dyno to 3 instances for the launch."
- "Add a Heroku add-on for Redis — one command."
- "PaaS is great until you hit the platform ceiling."
SaaS conversations
- "We integrated with Stripe for payments — no card data touches our servers."
- "Auth0 handles our identity provider — SSO, MFA, social login."
- "The vendor is SOC 2 certified — satisfies our compliance requirements."
- "We use the SaaS vendor's API to pull data into our dashboard."
- "The per-seat pricing gets expensive at 500 users — evaluate self-hosting."
Quick decision tree
- Need root OS access or custom kernel config → IaaS
- Small team, just want to deploy code → PaaS
- Need email, project management, chat, source control → SaaS
- Running Kubernetes cluster → IaaS (or managed K8s)
- Startup MVP, no DevOps engineer → PaaS
- Payment processing, auth, transactional email → SaaS
- Cost-sensitive at scale, optimisation needed → IaaS
- Standard web app, auto-scaling desired → PaaS
Frequently asked questions
What is IaaS in plain English?
Infrastructure as a Service gives you raw computing infrastructure over the internet: virtual machines, storage, networking, and load balancers. You control the operating system, runtime, middleware, and everything above it. You are responsible for patching, scaling, and securing the OS. Examples: AWS EC2, Google Compute Engine, Azure VMs, DigitalOcean Droplets.
What is PaaS?
Platform as a Service gives you a managed runtime environment. You provide your application code; the platform handles the OS, runtime versions, auto-scaling, load balancing, and patching. You focus on writing code, not operating servers. Examples: Heroku, Google App Engine, AWS Elastic Beanstalk, Fly.io, Railway.
What is SaaS?
Software as a Service is fully managed, ready-to-use software accessed over the internet. You do not install, maintain, or operate anything — you just use the product through a browser or API. Examples: GitHub, Slack, Salesforce, Google Workspace, Jira, Stripe.
Which model gives you the most control?
IaaS gives the most control — you manage the full stack above the hypervisor. PaaS abstracts the OS and runtime, trading control for convenience. SaaS gives the least control — you can only configure what the vendor exposes.
Which model is cheapest?
It depends on scale and workload. SaaS has predictable subscription costs but can become expensive per-seat at scale. PaaS is convenient but adds a platform premium over raw compute. IaaS has the lowest per-compute-unit cost but requires engineering time to operate. Organisations typically use all three layers simultaneously.
Where does serverless (Lambda, Cloud Functions) fit?
Serverless functions (FaaS — Function as a Service) sit between PaaS and SaaS. You provide function code; the cloud provider handles servers, scaling, and billing per invocation. It is sometimes called "serverless PaaS". The distinction matters less than understanding that you are responsible only for your code logic, not for the infrastructure beneath it.
What is the "shared responsibility model"?
The shared responsibility model defines what the cloud provider manages versus what you manage. In IaaS: provider handles physical hardware and hypervisor; you handle OS upwards. In PaaS: provider handles OS and runtime; you handle application code. In SaaS: provider handles everything; you handle your data and user access configuration.