Module 6: Core Compute, Networking, and Storage Services

Step 1 – How Compute, Networking, and Storage Fit Together

In AWS, most real workloads are built from three core building blocks:

• Compute: where your code runs (EC2, Lambda, containers)
• Networking: how resources connect securely (VPC, subnets, security groups, load balancers, CloudFront)
• Storage: where your data lives (S3, EBS, EFS)

For the CLF‑C02 exam (current as of early 2026), you don’t need deep configuration skills, but you must recognize:

• When to choose EC2 vs Lambda vs containers in simple scenarios
• What a VPC, subnet, and security group do conceptually
• When to choose S3 vs EBS vs EFS based on access pattern and persistence

Keep this mental model:

> Compute = brains, Storage = memory, Networking = nerves connecting everything safely.

We’ll walk through each area with short examples and exam-style checks.

Step 2 – EC2: Virtual Servers in the Cloud

Amazon EC2 (Elastic Compute Cloud) provides virtual machines (instances) you can start, stop, and configure.

Key ideas:

• You choose OS (Linux/Windows), instance type (CPU/RAM), and storage (EBS volume)
• You control patching, runtime, scaling, and security hardening (ties back to the Shared Responsibility Model from Module 4)
• Good for long-running, customizable workloads

Common use cases:

• Traditional web servers or application servers
• Databases you manage yourself (e.g., self‑hosted MySQL on EC2)
• Legacy apps that need full OS control or special networking/agents

Exam-style clues that point to EC2:

• Needs full control of the OS or custom drivers
• Application runs 24/7 with predictable load
• Needs persistent server state or long-lived processes

Visual description:

> Imagine a rack of servers in a data center. EC2 is like renting specific servers on demand, choosing their size and OS, but AWS still owns the physical hardware.

Step 3 – Lambda and Containers: Modern Compute Choices

AWS Lambda – Serverless Functions

AWS Lambda lets you run code without managing servers.

• You upload code (e.g., Python, Node.js, Java)
• Lambda runs it on demand in response to events (API calls, S3 uploads, etc.)
• You pay for compute time used, not idle time
• AWS handles scaling and infrastructure

Best when:

• Workload is event‑driven or sporadic
• You want minimal ops overhead
• Execution time is short‑lived (Lambda has a max duration per invocation – currently up to 15 minutes)

Exam clues for Lambda:

• "Run code only when files are uploaded to S3"
• "Need to process messages from a queue with automatic scaling"
• "Want to avoid managing servers or OS patches"

---

Containers (ECS/EKS) – Packaged Applications

Containers package your app and its dependencies into a portable unit.

• Amazon ECS (Elastic Container Service): AWS-managed container orchestration
• Amazon EKS (Elastic Kubernetes Service): Managed Kubernetes control plane

Conceptually (for CLF‑C02 level):

• More control than Lambda, less OS management than raw EC2
• Good for microservices, API backends, and portable deployments
• Scale by changing number of containers instead of full servers

Exam clues for containers:

• "Already using Docker" or "wants Kubernetes"
• Needs long‑running services but wants easier scaling than plain EC2
• Wants to standardize deployments across environments

Quick comparison:

| Option | Control Level | Billing Model | Best For |

|----------|--------------|--------------------|-----------------------------------|

| EC2 | Highest | Per instance time | Custom/legacy, full OS control |

| Lambda | Lowest | Per invocation/ms | Event-driven, bursty workloads |

| Containers (ECS/EKS) | Medium | Per underlying compute | Microservices, portable apps |

Step 4 – Choose the Right Compute (Thought Exercise)

For each scenario, pause and decide: EC2, Lambda, or Containers? Then check the suggested answer.

1. Scenario A: A photo-sharing app needs to resize images automatically when users upload them to S3. Traffic is spiky.

• Your pick? (Think before reading)
• Suggested: Lambda – event-driven (S3 upload), auto-scales, only runs when needed.

1. Scenario B: A company wants to migrate a legacy Windows application that requires custom drivers and runs 24/7.

• Your pick?
• Suggested: EC2 – full OS control, supports custom drivers and always-on workloads.

1. Scenario C: A startup is building a microservices-based API with multiple services, already packaged as Docker containers, needing rolling updates.

• Your pick?
• Suggested: Containers (ECS/EKS) – designed for microservices and containerized workloads.

1. Scenario D: A simple function that runs once a night to summarize log files and write a report to S3.

• Your pick?
• Suggested: Lambda – scheduled event (via EventBridge/CloudWatch Events), short‑lived batch processing.

If you can justify your choice using control level and usage pattern, you’re thinking like the exam expects.

Step 5 – VPC, Subnets, and Security Groups: Your Private Network

A VPC (Virtual Private Cloud) is your isolated virtual network inside AWS.

• You define your own IP address ranges (CIDR blocks)
• You create subnets (smaller network segments) within the VPC
• You use route tables, Internet Gateways, and NAT Gateways to control connectivity

Subnets (Public vs Private)

• Public subnet: has a route to an Internet Gateway → resources can reach the internet (and be reached, if security rules allow)
• Private subnet: no direct internet route → used for internal resources like databases

Visual description:

> Picture a building (VPC) with multiple floors (subnets). Some floors have doors to the street (public), others only connect through internal hallways (private).

Security Groups

Security groups are virtual firewalls attached to ENIs (Elastic Network Interfaces) of resources like EC2 instances.

• They control inbound and outbound traffic
• They are stateful: if traffic is allowed in, the response is automatically allowed out
• Rules are based on protocol, port, and source/destination (IP or another security group)

Key exam points:

• VPC = isolation and basic network design
• Subnets = segmenting resources (e.g., web tier vs database tier)
• Security groups = instance-level network security

This connects back to Shared Responsibility: AWS secures the underlying network, you configure VPC, subnets, and security groups correctly.

Step 6 – Load Balancing and CloudFront at a High Level

Elastic Load Balancing (ELB)

Elastic Load Balancing distributes incoming traffic across multiple targets (EC2 instances, containers, IP addresses, or Lambda functions).

Common type for CLF‑C02:

• Application Load Balancer (ALB) – works at Layer 7 (HTTP/HTTPS), supports path-based routing, host-based routing, and integration with containers and Lambda.

Why use a load balancer?

• High availability: traffic spreads across multiple instances in multiple AZs
• Scalability: add/remove targets without changing the endpoint
• Security: can centralize TLS termination and integrate with security features

Exam clue: "Distribute incoming web traffic across multiple EC2 instances" → think ALB.

---

Amazon CloudFront – Content Delivery Network (CDN)

CloudFront is AWS’s global CDN.

• Caches content (e.g., images, videos, static files) at edge locations around the world
• Reduces latency for users far from your origin (e.g., S3 bucket, ALB, or custom origin)
• Can protect origins with features like Origin Access Control (OAC) to restrict direct S3 access

Visual description:

> Instead of every user hitting your origin server in one region, CloudFront places copies of your content in many "mini data centers" (edge locations) closer to users.

Exam clue: "Improve global performance and reduce latency for static website content" → answer is usually CloudFront in front of S3 or an ALB.

Step 7 – Storage Basics: S3, EBS, and EFS

These three storage options appear frequently on CLF‑C02 questions.

Amazon S3 – Object Storage

• Stores objects (files + metadata) in buckets
• Designed for durability and scalability
• Accessed over HTTP/HTTPS (not mounted like a disk)
• Great for backups, static website assets, logs, big data

Think: "Store and retrieve any amount of data from anywhere".

---

Amazon EBS – Block Storage for EC2

• Block-level storage volumes that attach to EC2 instances
• Behaves like a virtual hard drive for a single instance at a time (with some advanced multi-attach exceptions not needed for CLF‑C02)
• Used for OS disks, databases, or applications requiring low-latency, consistent performance

Key: EBS volumes live in one Availability Zone and are tied to EC2.

---

Amazon EFS – Managed Network File System

• File storage that can be mounted by multiple EC2 instances across multiple AZs in a region
• Supports standard NFS protocols
• Good for shared file storage, web content, or home directories

Quick comparison:

| Service | Type | Access Pattern | Typical Use Case |

|---------|--------|---------------------------|------------------------------------------|

| S3 | Object | HTTP/HTTPS (API calls) | Backups, static files, logs, media |

| EBS | Block | Attached to one EC2 | OS disk, databases, app data |

| EFS | File | Mounted by many EC2 (NFS) | Shared web content, shared file storage |

Exam tip: Focus on how it’s accessed and who needs to share it.

Step 8 – Putting It Together: Simple Web App Architecture

Imagine a basic 3‑tier web application on AWS:

1. Web Tier (Frontend)

• Compute: EC2 instances in an Auto Scaling group across multiple AZs
• Networking: Placed in public subnets inside a VPC
• Security groups: Allow inbound HTTP/HTTPS from the internet, and outbound to the app tier
• Load Balancing: An Application Load Balancer in front of the EC2 instances

1. Application Tier (Backend)

• Compute: Could be EC2 or containers (ECS/EKS) in private subnets
• Security groups: Only allow traffic from the web tier security group

1. Data Tier

• Storage:
• A managed database (e.g., RDS) in private subnets (conceptual for this module)
• EBS volumes attached to EC2 if running your own DB
• S3 for storing static content (e.g., images, backups)

1. Global Performance

• CloudFront in front of S3 and/or the ALB to cache static content at edge locations

This example ties together:

• Compute: EC2 (and possibly containers)
• Networking: VPC, subnets (public/private), security groups, ALB
• Storage: EBS for EC2, S3 for static files, possibly EFS for shared content

When you see diagrams or scenario questions, try to map each component back to these building blocks.

Step 9 – Quick Check: Compute and Networking

Answer this exam-style question.

Step 10 – Quick Check: Storage Choice

Now test your understanding of S3 vs EBS vs EFS.

Step 11 – Key Term Flashcards

Use these flashcards to reinforce the core concepts from this module.

Step 12 – Mini Design Challenge

Design a simple solution using what you’ve learned.

Scenario:

A small e‑learning site wants to host:

• Static course videos and PDFs
• A dynamic web app for user logins and progress tracking
• They expect mostly local traffic in one region, but occasionally global users
• They want to minimize operational overhead where possible

Your task (mentally or in notes):

1. Pick a compute option for the dynamic web app (EC2, Lambda, or containers) and justify it in one sentence.
2. Choose where to store:

• Videos and PDFs
• Application data that needs fast, low-latency access from the app server

1. Decide whether to use CloudFront and explain why or why not.
2. Sketch (mentally) the networking layout:

• Which components go in public vs private subnets?
• Where do security groups apply?

Sample high-level answer (compare after you think):

• Compute: Lambda + API Gateway (or containers/EC2 if they need long-lived sessions) to reduce ops overhead.
• Storage: S3 for videos/PDFs; EBS (or a managed database) for app data.
• CloudFront: Yes, in front of S3 (and possibly the API) to improve performance for global users.
• Networking: ALB/API Gateway in public subnets; app compute and DB in private subnets; security groups restricting DB access to the app tier only.

If your design uses the right service categories for the right access patterns, you’re on track for CLF‑C02 questions.