Module Objectives:
By the end of this module, learners will be able to:
- Compare AWS compute services from a developer’s perspective
- Choose the right compute option for different application patterns
- Deploy applications using EC2, Lambda, and Containers
- Understand scaling, availability, and pricing implications
- Apply IAM roles to compute services securely
1. Overview of AWS Compute Options
Why Multiple Compute Options?
AWS provides multiple compute services to support:
- Different levels of abstraction
- Different operational responsibilities
- Different cost and scaling models
Compute Spectrum
On-Prem → EC2 → Containers → Lambda
More Control ←────────────→ Less Control
More Ops ←────────────→ Less Ops
2. Amazon EC2 (Elastic Compute Cloud)
What is EC2?
- Virtual servers in the cloud
- Full OS-level control
- Developer manages OS, runtime, scaling
Key EC2 Concepts
- Instance types (general, compute, memory optimized)
- AMI (Amazon Machine Image)
- Security Groups
- Key pairs
- User Data
Developer Use Cases
- Legacy applications
- Custom runtimes
- Long-running services
- Lift-and-shift workloads
EC2 Scaling & Availability
- Manual scaling
- Auto Scaling Groups (ASG)
- Multi-AZ deployments
🔑 EC2 does not scale automatically unless ASG is configured.
3. Hands-On Lab 1: Launch EC2 Application
Objective
Deploy a simple web application on EC2.
Steps
- Launch EC2 instance (Amazon Linux)
- Attach IAM role (S3 read-only)
- Configure Security Group (HTTP + SSH)
- Use User Data:
!/bin/bash
yum install -y httpd
systemctl start httpd
echo "Hello from EC2" > /var/www/html/index.html
- Access via public IP
Validation
- Web page loads
- No credentials configured on instance
4. AWS Lambda (Serverless Compute)
What is Lambda?
- Event-driven, serverless compute
- No server management
- Automatic scaling
Key Lambda Concepts
- Function
- Handler
- Runtime
- Execution role
- Timeout & memory
Supported Triggers
API Gateway
- S3
- DynamoDB
- EventBridge etc
Lambda Execution Model
- Stateless
- Short-lived
- Pay per execution
🔑 Lambda has 15-minute max execution time. For longer execution needs, use Lambda durable functions.
5. Hands-On Lab 2: Build a Lambda Function
Objective
Create a Lambda function triggered by API Gateway.
Steps
- Create IAM role for Lambda
AWSLambdaBasicExecutionRole
- Create Lambda function (Python)
Add code:
def lambda_handler(event, context):
return {
'statusCode': 200,
'body': 'Hello from Lambda'
}
- Configure API Gateway trigger
- Test endpoint
Validation
- HTTP endpoint returns response
- Logs visible in CloudWatch
6. Containers on AWS (ECS & EKS – Developer View)
Why Containers?
- Portable runtime
- Consistent environments
- Faster deployments
Amazon ECS (Elastic Container Service)
- AWS-managed container orchestration
- Easier than Kubernetes
- Integrates deeply with IAM
Launch Types:
- EC2
- Fargate (serverless containers)
Amazon EKS (Brief)
- Managed Kubernetes
- More control, more complexity
7. Hands-On Lab 3: Run Container on ECS Fargate
Objective
Deploy a containerized application without managing servers.
Steps
- Create ECS cluster (Fargate)
- Create task definition
- Public sample image
- Assign IAM task role
- Run service
- Access application via ALB
- Validation
- Container running
- Logs in CloudWatch
- No EC2 instances created
8. Choosing the Right Compute Option
Decision Table
Requirement Best Choice
Full OS control EC2
Event-driven, short tasks Lambda
Containerized app ECS
No server management Lambda / Fargate
Long-running job EC2 / ECS
9. IAM Integration with Compute
IAM Roles by Compute Type
EC2 → Instance Profile
Lambda → Execution Role
ECS → Task Role
🔑 Never use access keys in compute services.
10. Pricing Model Comparison
Service Pricing Model
EC2 Per second/hour
Lambda Per invocation + duration
ECS (EC2) Underlying EC2
Fargate vCPU + memory
11. Amazon VPC Overview
Introduction
Amazon Virtual Private Cloud (VPC) provides network isolation and control for AWS resources. While developers do not design full network topologies, basic VPC knowledge is essential for application deployment, connectivity, and troubleshooting in the DVA-C02 exam.
Key Concepts
VPC
A logically isolated virtual network within an AWS Region
Defined by an IPv4/IPv6 CIDR block
Every AWS account has a default VPC per Region
Subnets
Subnets are created within a single AZ
Public subnet:
Has route to an Internet Gateway
Used for ALB, bastion hosts
Private subnet:
No direct internet access
Used for application servers, Lambda (VPC-enabled), databases
Internet Gateway (IGW)
Enables communication between VPC resources and the internet
Required for public subnets
Route Tables
Control traffic routing for subnets
Determine whether traffic stays internal or goes to IGW / NAT
NAT Gateway
Allows outbound internet access for resources in private subnets
Common for patching, external API calls
Security Groups vs NACLs (Exam Focus)
Security Groups
Stateful
Attached to resources (EC2, ALB, Lambda ENIs)
Network ACLs
Stateless
Applied at subnet level
Developer-Relevant Scenarios
Lambda accessing RDS in a private subnet
EC2 instances behind an ALB
Troubleshooting connectivity (timeouts vs permission errors)
Next
Top comments (0)