Optimized for your workload and budget. Not hosting provider profits.
We compare pricing across AWS, GCP, Azure, Hetzner, and UpCloud -- then migrate your workloads with minimal downtime and without changing your application code.
Get a cost assessmentYour cloud bill grows. Nobody can explain why.
instance types per provider. No team has time to compare them all. Most pick what they know -- and overpay by 5-24x.
of cloud spend is waste. Non-production environments run 24/7 for teams that work 8 hours a day. Nobody owns the bill.
hours spent on optimization. Teams evaluate providers but forget to right-size instances, schedule non-prod, or compare pricing tiers. The savings are there -- unclaimed.
4 dedicated vCPUs, EUR/month excl. VAT. Actual provider pricing, updated weekly.
| Provider | Instance | Type | EUR/mo | vs cheapest |
|---|---|---|---|---|
| Hetzner | cax21 |
ARM dedicated | 6 | 1x |
| Hetzner | ccx23 |
AMD dedicated | 24 | 4x |
| UpCloud | 4xCPU-8GB |
Dedicated | 65 | 11x |
| AWS | m7g.xlarge |
ARM dedicated | 117 | 20x |
| Azure | D4s v4 |
Intel | 137 | 23x |
| GCP | n2-standard-4 |
Intel | 144 | 24x |
Hetzner includes 20 TB egress and local SSD. The hyperscalers charge extra for both. Pricing from January 2026.
We inventory your current infrastructure -- every deployment, database, storage volume, cron job, and ingress route. You receive a cost breakdown showing exactly where your money goes.
Your workload priced across five providers. Managed services vs. self-hosted. Instance types matched to actual usage. You receive a side-by-side comparison with a recommendation.
Infrastructure-as-code, DNS cutover plan, data migration runbooks, and verification checklists. You receive production-ready code and sprint plan. You own everything.
Every migration is validated against the cloud provider's own reference architecture. We close the gaps before you go live.
Your target infrastructure compared against Microsoft's AKS Baseline, AWS Well-Architected, or GCP best practices. Gaps documented with risk ratings.
Entra ID or IAM integration, RBAC, local accounts disabled, managed identities. No shared credentials.
Inbound and outbound firewall rules, private endpoints for databases and secrets, deny-all-else baseline.
Key Vault or Secrets Manager with private endpoint, CSI driver integration, RBAC-scoped access per workload.
Pod security standards, resource limits, HTTPS-only ingress, namespace restrictions. Audit mode first, then enforced.
Metric alerts for API server, database CPU, storage, and connection limits. You know when something breaks before users do.
Case study: Healthcare SaaS
A Finnish healthcare application running Ruby on Rails on Kubernetes. 30 deployments, 15 CronJobs, 7 persistent volumes, HL7 integrations with national health registries, mTLS to government endpoints. EU data residency required by regulation.
We inventoried three environments across two providers, compared five cloud platforms, and chose Azure AKS in Sweden Central. The migration plan: 9 sprints, 18 tasks -- each with cost tables, verification checklists, and rollback procedures. Infrastructure delivered as Terraform, validated against the AKS baseline reference architecture.
Ordered by impact. The first three require cross-provider expertise -- the rest are operational discipline.
The same workload costs EUR 6/mo on Hetzner and EUR 144/mo on GCP. Most teams never compare. We price your workload across five providers and recommend the best fit.
A managed PostgreSQL on Azure costs EUR 100/mo. Self-hosted on the same VM: EUR 0 extra. We evaluate the tradeoff for every service -- database, cache, message queue, monitoring.
Most workloads run on 2-4x the resources they need. We measure actual utilization and match instance types to real demand -- including processor architecture (ARM vs. AMD vs. Intel).
Automated stop/start for dev, staging, and training environments. 220 billable hours instead of 730. Infrastructure-as-code makes this reliable, not manual.
Savings Plans first (flexible), Reserved Instances once your fleet stabilizes. Applied after the architecture is optimized -- not before.
In Europe, AWS customers pay an estimated 80x Amazon's actual bandwidth costs for data transfer out. A CDN in front of your services caches static assets and API responses at the edge -- origin egress drops by 80-90%. Some CDNs offer unlimited bandwidth on their free tier.
Standard SSD for most workloads, lifecycle policies for cold data, self-hosted logging instead of pay-per-GB ingestion.
Every layer of your infrastructure, from compute to compliance.
Kubernetes node pools, VM sizing, processor architecture (ARM/AMD/Intel), autoscaling, stop/start automation for non-production environments.
PostgreSQL, Redis, RabbitMQ. Managed service vs. self-hosted cost comparison. Backup retention, SSL enforcement, private endpoints.
VNet design, DNS migration, load balancers, ingress controllers, VPN tunnels for private connectivity, egress cost analysis.
Persistent volumes (block, file, object), storage class selection, data migration with integrity verification, lifecycle policies for cold data.
Entra ID or IAM integration, RBAC, managed identities, Key Vault or Secrets Manager, certificate rotation, workload identity federation.
Metric alerts for infrastructure health, log aggregation, diagnostic settings, action groups for incident notification. Self-hosted options to avoid per-GB costs.
Firewall rules (inbound + outbound), network policies, pod security standards, resource limits, HTTPS enforcement, namespace restrictions.
EU data residency with specific region selection, healthcare protocols (HL7, FHIR, mTLS), GDPR alignment, audit logging, encryption at rest.
Terraform with provider-specific best practices, reference architecture validation, variable-driven configuration, production-ready from day one.
Every migration plan includes rollback procedures at each step. Your current infrastructure stays live until the new environment is verified.
Old and new infrastructure run side by side. Traffic switches only after the new environment passes verification checklists. Nothing is torn down until you confirm.
Traffic moves by changing a DNS record. If anything is wrong, revert the record and you're back on the old environment in minutes. No data loss, no partial state.
Migration is broken into small, verifiable steps -- not a single big-bang weekend. Each sprint has its own checklist and can be paused or rolled back independently.
Database migration with verification checksums. Storage volumes copied and validated before cutover. No blind trust -- every byte is accounted for.
Do we need to change our application code?
No. The application runs unchanged. We adapt the infrastructure around it -- Kubernetes manifests, ingress configuration, storage classes, environment variables. Your developers don't need to be involved.
What if we need to roll back?
Your current infrastructure stays live throughout the migration. Rollback is a DNS change -- revert the A record and traffic goes back to the old environment. Every sprint includes a documented rollback procedure.
Do you handle the migration or just plan it?
Both. The assessment delivers a plan with cost comparisons and recommendations. If you proceed, we deliver production-ready Terraform code, migration runbooks, and can execute the migration alongside your team.
What happens after migration?
You own everything -- Terraform code, runbooks, documentation. Your team operates the infrastructure independently. We're available for ongoing optimization if you want it, but there's no lock-in.
We have compliance requirements (healthcare, GDPR, EU data residency). Can you handle that?
Yes. We select regions that meet your data residency requirements, configure encryption at rest, set up audit logging, and handle protocol-specific needs like HL7, FHIR, and mTLS to government endpoints.
Send us whatever you have -- K8s manifests, a cloud console export, a list of VMs, or just your monthly bill. We'll return a cost comparison across five providers with a concrete migration roadmap.
No commitment. No sales deck. Just numbers.
Request assessmentOr email christian@aktagon.com