Compute options for Developers

Module Objectives:

By the end of this module, learners will be able to:

• Compare AWS compute services from a developer’s perspective
• Choose the right compute option for different application patterns
• Deploy applications using EC2, Lambda, and Containers
• Understand scaling, availability, and pricing implications
• Apply IAM roles to compute services securely

1. Overview of AWS Compute Options

Why Multiple Compute Options?

AWS provides multiple compute services to support:

• Different levels of abstraction
• Different operational responsibilities
• Different cost and scaling models

Compute Spectrum
On-Prem → EC2 → Containers → Lambda
More Control ←────────────→ Less Control
More Ops ←────────────→ Less Ops

2. Amazon EC2 (Elastic Compute Cloud)

What is EC2?

• Virtual servers in the cloud
• Full OS-level control
• Developer manages OS, runtime, scaling

Key EC2 Concepts

• Instance types (general, compute, memory optimized)
• AMI (Amazon Machine Image)
• Security Groups
• Key pairs
• User Data

EC2 instance pricing

On-demand:

• Low cost and flexibility of EC2 without any up-front payment or long term commitment
• Applications with short term, spiky, or unpredictable workloads that cannot be interrupted

Reserved:

• Applications with steady state or predictable usage
• Users can make up-front payments to reduce their total computing costs even further
• Standard Reserved Instances (RIs) provide up to 75% off on-demand price

Spot:

• Applications that can be interrupted or only feasible at very low compute prices
• Users with an urgent need for a large amount of additional compute capacity
• If Amazon terminate your instances you do not pay, if you terminate you pay for the hour

Dedicated hosts:

• Useful for regulatory requirements that may not support multi-tenant virtualization
• Can be purchased on-demand (hourly) or Reserved for up to 70% off the on-demand price

Developer Use Cases

• Legacy applications
• Custom runtimes
• Long-running services
• Lift-and-shift workloads

EC2 Scaling & Availability

• Manual scaling
• Auto Scaling Groups (ASG)
• Multi-AZ deployments

🔑 EC2 does not scale automatically unless ASG is configured.

3. Hands-On Lab 1: Launch EC2 Application

Objective
Deploy a simple web application on EC2.

Steps

• Launch EC2 instance (Amazon Linux)
• Attach IAM role (S3 read-only)
• Configure Security Group (HTTP + SSH)
• Use User Data:

!/bin/bash

yum install -y httpd
systemctl start httpd
echo "Hello from EC2" > /var/www/html/index.html

• Access via public IP

Validation

• Web page loads
• No credentials configured on instance

4. AWS Lambda (Serverless Compute)

What is Lambda?

• Event-driven, serverless compute
• No server management
• Automatic scaling

Key Lambda Concepts

• Function
• Handler
• Runtime
• Execution role
• Timeout & memory

Supported Triggers

API Gateway

• S3
• DynamoDB
• EventBridge etc

Lambda Execution Model

• Stateless
• Short-lived
• Pay per execution

🔑 Lambda has 15-minute max execution time. For longer execution needs, use Lambda durable functions.

5. Hands-On Lab 2: Build a Lambda Function

Objective

Create a Lambda function triggered by API Gateway.

Steps

• Create IAM role for Lambda

AWSLambdaBasicExecutionRole

• Create Lambda function (Python)

Add code:

def lambda_handler(event, context):
return {
'statusCode': 200,
'body': 'Hello from Lambda'
}

• Configure API Gateway trigger
• Test endpoint

Validation

• HTTP endpoint returns response
• Logs visible in CloudWatch

6. Containers on AWS (ECS & EKS – Developer View)

Why Containers?

• Portable runtime
• Consistent environments
• Faster deployments

Amazon ECS (Elastic Container Service)

• AWS-managed container orchestration
• Easier than Kubernetes
• Integrates deeply with IAM

Launch Types:

• EC2
• Fargate (serverless containers)

Amazon EKS (Brief)

• Managed Kubernetes
• More control, more complexity

7. Hands-On Lab 3: Run Container on ECS Fargate

Objective

Deploy a containerized application without managing servers.

Steps

• Create ECS cluster (Fargate)
• Create task definition
• Public sample image
• Assign IAM task role
• Run service
• Access application via ALB
• Validation
• Container running
• Logs in CloudWatch
• No EC2 instances created

8. Choosing the Right Compute Option

Decision Table

Requirement ====> Best Choice
Full OS control ====> EC2
Event-driven, short tasks ====> Lambda
Containerized app ====> ECS
No server management ====> Lambda / Fargate
Long-running job ====> EC2 / ECS

9. IAM Integration with Compute

IAM Roles by Compute Type

EC2 → Instance Profile

Lambda → Execution Role

ECS → Task Role

🔑 Never use access keys in compute services.

10. Pricing Model Comparison

Service Pricing Model
EC2 Per second/hour
Lambda Per invocation + duration
ECS (EC2) Underlying EC2
Fargate vCPU + memory

11. AWS Load balancer

A load balancer distributes incoming application traffic across multiple EC2 instances in multiple Availability Zones. This increases the fault tolerance of your applications.

Load balancer serves as a single point of contact for clients.

• Elastic Load Balancing detects unhealthy instances and routes traffic only to healthy instances.
• This increases the availability of your application.
• Add/remove instances from load balancer as needs change, without disrupting the
• overall flow of requests to your application.
• Elastic Load Balancing scales your load balancer as traffic to your application changes over time.

12. Amazon VPC Overview

Introduction

Amazon Virtual Private Cloud (VPC) provides network isolation and control for AWS resources. While developers do not design full network topologies, basic VPC knowledge is essential for application deployment, connectivity, and troubleshooting in the DVA-C02 exam.

Key Concepts

VPC

A logically isolated virtual network within an AWS Region

Defined by an IPv4/IPv6 CIDR block

Every AWS account has a default VPC per Region

Subnets

Subnets are created within a single AZ

Public subnet:

Has route to an Internet Gateway

Used for ALB, bastion hosts

Private subnet:

No direct internet access

Used for application servers, Lambda (VPC-enabled), databases
Internet Gateway (IGW)

Enables communication between VPC resources and the internet

Required for public subnets

Route Tables

Control traffic routing for subnets

Determine whether traffic stays internal or goes to IGW / NAT

NAT Gateway

Allows outbound internet access for resources in private subnets

Common for patching, external API calls
Security Groups vs NACLs (Exam Focus)

Security Groups

Stateful

Attached to resources (EC2, ALB, Lambda ENIs)

Network ACLs

Stateless

Applied at subnet level

Developer-Relevant Scenarios

Lambda accessing RDS in a private subnet

EC2 instances behind an ALB

Troubleshooting connectivity (timeouts vs permission errors)

Next

Storage for Developers

Dipali Kulshrestha ・ Jan 10

#architecture #aws #developer #learning