All Posts

AWS Lambda vs EC2: Compared on Performance, Cost, Security, and More

AWS Lambda has gained good traction for building applications on AWS. But, is it really the best fit for all use cases? 

Since its introduction in 2014, Lambda has seen enthusiastic adoption – by startups and enterprises alike. There is no doubt that it marks a significant evolution in cloud computing, leveraging the possibilities of the cloud to offer distinct advantages over a more traditional model such as EC2.  

In this comparison between AWS EC2 and Lambda, we will cover various aspects of cloud native features. Let’s begin with a quick reminder of what these two services offer, and how they differ.

In this article:

AWS Lambda vs EC2: Which One Should You Choose?

Monitor your entire AWS serverless environment from a single view. Learn more

What is AWS EC2?

Amazon Web Services’ Elastic Compute Cloud (EC2) service was introduced to ease the provision of computing resources for developers. Its primary job is to provide self-service, on-demand, and resilient infrastructure.

  • It reduces the time required to spin up a new server to minutes from days or weeks of work it might have taken in the on-premise world.
  • It can scale up and down instantly based on the computing requirement.
  • It provides an interface to configure capacity with minimal effort.
  • It allows complete admin access to the servers, making infrastructure management straightforward.
  • It also enables monitoring, security, and support for multiple instance types (wide variety of Operating Systems, Memory, and CPUs).

E-Book – The Definitive Guide to Serverless cost

What is AWS Lambda?

AWS Lambda was launched to eliminate infrastructure management of computing. It enables developers to concentrate on writing the function code without having to worry about provisioning infrastructure. We don’t need to do any forecasting of the resources (CPU, Memory, Storage, etc.). It can scale resources up and down automatically. It is the epitome of Serverless Architecture.

Before we start comparing the different features of both of these services, let’s understand a few key things about Lambda:

  • Lambda was designed to be an event-based service that gets triggered by events like a new file being added to an S3 bucket, a new record added in a DynamoDB table, and so on. However, it can also be invoked through API Gateway to expose the function code as a REST API.
  • It was introduced to reduce the idle time of computing resources when the application is not being used.
  • Lambda logs can be monitored the same way as EC2, through CloudWatch.
  • Lambda local development is generally done using AWS SAM or Serverless Framework. They use CloudFormation for deployment.
  • Unlike EC2, it is charged based on the execution time and memory used.

When Should You Use Amazon EC2? 

Here are a few use cases in which EC2 beats Lambda hands-off.

Stateful workloads

If you need to set up a database like Couchbase or MongoDB, you have to go with EC2. Another example would be a hosting environment for backup and disaster recovery – again, EC2 would be the only choice.

High-Performance Computing (HPC) applications

Although Lambda claims that it can perform real-time stream processing, if these processes need high compute, it cannot handle it. Remember, Lambda has only 3 GB of memory. And it may cause you high execution time, leading to either timeout issues or a higher bill. EC2 has no such restriction and is an ideal fit for these kinds of requirements.

 Security sensitive applications

AWS claims that it takes care of Lambda security very well. But remember that Lambda functions are running in a shared VPC that may be shared with other customers in a multi-tenancy setup. So, if an application has highly sensitive data, and security is your primary concern, Lambda functions should be running under a dedicated VPC or use EC2 only. And don’t forget, running the Lambda under VPC has its own challenges like increased cold start time, limited concurrent executions, etc.

 DevOps and local testing

DevOps has been developed for EC2 for years and has reached a good level of maturity, but Lambda is still going through that journey. AWS SAM and Serverless Framework are addressing those concerns. Local testing is another aspect you need to consider while using Lambda as it has few important limitations.

When Should You Use AWS Lambda?

Here are the key use cases Lambda was built for.

Event-driven applications

Lambda has been primarily designed for handling event-based functions and it does that best. So if a new record is added to DynamoDB or a new file added to an S3 bucket needs processing, Lambda is the best fit. It’s very easy to set up and saves cost as well.

Infrequently-accessed Applications or scheduled jobs

If an application is used rarely or should be invoked based on schedule, Lambda is the right fit for it. It will save money as there is no need to run the server all the time.

Now, let’s take a deeper look at the key differences between Lambda and EC2.

AWS Lambda vs. EC2: Setup & Management

Amazon EC2: For setting up a simple application on EC2, first, we need to forecast how much capacity the application would need. Then, we have to configure it to spin up the Virtual Machine.

After that, one needs to set up a bastion server to securely SSH to the VM and install the required software, web server, and so on. You’ll need to manage the scaling as well by setting up an Auto Scaling group. And that’s not all. ALB also needs to be set up to do the load balancing in case multiple instances of applications are installed using multiple EC2 instances.

AWS Lambda: In the case of Lambda, you won’t need to worry about the provisioning of VMs, software, scaling, or load balancing. It is all handled by the Lambda service. We just need to compile the code and deploy it to Lambda service. Scaling is automated. We just need to configure how many max concurrent executions we want to allow for a function. Load balancing will be handled by Lambda itself.

And the winner is: Lambda is a clear winner with significantly easier setup and management.

AWS Lambda vs. EC2: On-Demand vs. Always On

Amazon EC2: For EC2, we essentially have to pay for the amount of time EC2 instances are up and running.

AWs Lambda: For Lambda, you are billed according to the amount of time functions are up and running. The reason is that Lambda is brought up and spun down automatically based on event sources and triggers. This is something we don’t get out of the box while using EC2.

And the winner is: While an EC2 container is always available, Lambda is available based on the request invocation. Lambda functions are the winner, since they do not require you to pay for the idle time between invocations, which can save a lot of money in the long run.

Free E-Book - Check out our head-to-head between AWS Lambda and EC2

AWS Lambda vs EC2: Performance

There are various aspects to cover when we take performance into consideration. Let’s discuss them one by one.

Concurrency and Scaling

Amazon EC2: With EC2, we have full control in implementing the concurrency and scaling. We can use EC2 Auto Scaling groups to define the policies for scaling up and down. These policies involve defining conditions (avg. threshold limits) and actions (# of instances to be added or deleted). However, it requires a lot of effort to identify the threshold limits and accurately forecast the # of instances required. It can only be done by carefully monitoring the metrics (CloudWatch, NewRelic, etc.).

AWS Lambda: With Lambda, concurrency and scaling are handled as a built-in feature. We simply have to define the maximum number of concurrent executions we want a function to be restricted to. There are a few limitations though:

  • Lambda can have a maximum 3 GB memory. So if a program needs to scale vertically for memory, it can’t do that more than 3 GB.
  • For horizontal scaling, the maximum limit is 1,000 concurrent executions. If your Lambda is deployed in a VPC, then it is even further restricted based on the number of IP addresses available for the subnets allocated.

And the winner is: EC2 gives you more flexibility but requires manual configuration and forecasting. Lambda is designed to do all of that by itself but has a few limitations. So each one has a relative advantage.

Dependencies

Amazon EC2: It is inevitable that applications will have dependencies on external libraries. When we use EC2, there is no constraint to limit the number of dependencies for an application. However, the more dependencies an application has, the more time it will take to start. It will add a burden to the CPU as well.

AWS Lambda: With Lambda, there are constraints in terms of the maximum size of a package – 50 MB (zipped, for direct upload) and 250 MB (unzipped, including layers). Sometimes, these sizes are not sufficient, especially for ML programs where we need a lot of third-party libraries.

AWS recommends using /tmp directory to install and download the dependencies during function runtime. However, it can take significant time to download all the dependencies from scratch when a new container is being created. So, this option is good when your lambda container is up most of the time, otherwise, it may cause a long cold start time for each invocation. Also, /tmp folder can hold a maximum of 512MB only. So, it is again restricted for limited use only.

And the winner is: EC2 is a clear winner with its unlimited support for dependencies.

Latency

Comparing latency between EC2 and Lambda depends on your use case. Let’s look at two examples.

Related content: Read our detailed guide to lambda performance

Example 1: Application Used a Few Times a Day Within 2-3 Hours

Amazon EC2: With EC2, the application will run for the whole day, latency for the first request will be high but for all subsequent requests will be comparatively low. The reason is, when the EC2 instance is provisioned, all the scripts are run to set up the OS, software, EBS and other things.

AWS Lambda: if we use Lambda, the application doesn’t need to be running for a whole day. Lambda containers can be spun up based on each request. However, it will involve cold start time, which is not significant compared to the EC2 instance setup time.

Who wins out? For this use case, Lambda will have better latency per request than EC2 but significantly less than the EC2’s first request. To reduce this time, you can assign Provisioned Concurrency, which means keeping a certain number of function containers ready for invocations. However, you are charged for Provisioned Concurrency, so you need to keep a balance.

Example 2: Application that Needs to Scales Up and Down Frequently

Amazon EC2: In this case, EC2 will need to scale up to handle the increased volume of requests. This will impact the latency of the requests.

AWS Lambda: Scaling will be comparatively fast, with lower latency.

Who wins out: For this use case, Lambda wins out overall for latency.

So, latency will ultimately depend on the use cases and other local factors (cold start time for Lambda and resources setup time for EC2).

Timeout

Amazon EC2: EC2 doesn’t have any restriction on running time – you can run an EC2 instance indefinitely. However, there are two reasons in which an EC2 instance would time out:

  • The downstream system’s application integration could cause timeouts in an application running on EC2
  • If you don’t configure security groups appropriately, it may also cause timeout errors.

AWS Lambda: Lambda has significant timeout constraints (read our guide to AWS Lambda timeout). If you have long-running workloads, Lambda may not be the right choice as it has a hard timeout limit of 15 minutes. Also, if you have a Lambda function exposed as REST API through API Gateway, it has a timeout limit of 29 seconds at the gateway.

AWS has introduced Step Functions to overcome the Lambda timeout constraint (learn more in our guide to AWS Step Functions).

And the winner is: Amazon EC2 has less restrictive timeout functionality.

Video – Take a deeper dive into serverless troubleshooting with Yan Cui

AWS Lambda vs EC2: Cost

To understand how EC2 and Lambda services compare on cost, let’s run through a couple of examples.

Related content: Read our guide to AWS Lambda cost

  1. Let’s assume an application has 5,000 hits per day with each execution taking 100 ms with 512MB. So the cost for the Lambda function will be $0.16.

To get the same hardware resources, you can use a t2.nano EC2 instance. If we look at the cost for this instance, it will be $4.25.

Who wins out? The cost of AWS Lambda in this case ($0.16) is just ~4% of the EC2 price ($4.25).

  1. Let’s take the second scenario where an application has a lot of hits, say 5 million per month, and each execution takes 200 ms with 1GB Memory. If we use Lambda, it will cost us $17.67.

If we use EC2, t3.micro instances should be able to handle this load, and it will cost only $7.62.

Who wins out? In this case, EC2 is a cheaper solution than Lambda due to the high number of requests, execution time and memory requirements.

  1. Take an example where multiple EC2 instances are needed to handle the requests. In that case, EC2 would be costlier for two reasons:
  • You’ll need an Application Load Balancer (ALB), which adds to the cost.
  • The EC2 instance overhead will eat up some memory being allocated, and traffic will not always be evenly distributed, so you would need more EC2 instances than anticipated.

Who wins out: In this case Lambda can handle the load balancing internally so no extra cost is added, and there is no infrastructure overhead, so Lambda will be cheaper.

New call-to-action

AWS Lambda vs EC2: Security

Amazon EC2: For EC2, you have full control over system-level security. However, because you need to configure the security groups, Network ACLs, and VPC subnet route tables to control traffic in and out of the instance, it can take time to ensure the system is fully secure. Security groups can grow in number and become overlapping and confusing over time.

AWS Lambda: With Lambda, most of the onus is on the AWS side which includes OS patching, upgrades, and other infrastructure-level security concerns. In addition, many cyber threats, the sit idle on a server for a long time until attackers take action. This is not possible in Lambda as it is stateless in nature.

And the winner is: Lambda is more secure out of the box, while EC2 provides more control over security (at the expense of more administrative overhead).

AWS Lambda vs EC2: Monitoring

Amazon EC2: When running EC2 instances, you need to closely track several metrics:

  • Availability – To avoid an outage in production, you need to know if each of the EC2 instances running an application is healthy or not. EC2 provides an “Instance State” which can be used to track it.
  • Status checks – AWS performs status checks on all the running EC2 servers. System status checks monitor conditions like loss of network connectivity and hardware issues (which requires AWS involvement to fix). Instance status checks conditions like exhausting memory and corrupt file systems.
  • System errors – system errors can be found in the system log file like /var/log/syslog. You can aggregate these logs to Amazon CloudWatch by installing the agent, or use syslog to forward the logs to another tool like Splunk or ELK.
  • Activity auditing – EC2 needs a lot of manual configuration and sometimes it may go wrong. You can track all activity performed on an EC2 instance using CloudTrail audit logs.
  • Performance metrics – you can monitor CPU usage and disk usage via CloudWatch logs. However, to get application performance metrics, you would need to use APM tools.
  • Cost monitoring – EC2 instances count, EBS volume usage, and network usage are very important to monitor as auto-scaling can significantly affect AWS billing. CloudWatch provides some information about the network usage for an instance but doesn’t give overall information of how many instances are being used, or how much storage and network bandwidth is used at the account level.

To summarize, most metrics can be tracked using CloudWatch and CloudTrail, but there are a few gaps to be filled. AWS Lambda: Cloudwatch provides all the basic telemetry about the health of the Lambda function out of the box:

  • Invocation Count
  • Execution Duration
  • Error Count
  • Throttled Count

In addition to these built-in metrics, you can also record custom metrics and publish them to CloudWatch Metrics.

However, there are a few limitations to these metrics:

  • No concurrency metrics – CloudWatch does not provide concurrent execution metrics, which is the most common feature of Lambda.
  • Cold start and downstream integration metrics – for these metrics you have to rely on Amazon X-Ray (read our guide to Amazon X-Ray).
  • Memory usage – there are also no built-in metrics for memory usage, but you can add them using custom metrics.

And the winner is: Amazon EC2 clearly provides a richer ecosystem for monitoring relevant operational metrics.

Lambda monitoring with Lumigo: Lumigo is a free tool that can help you identify and resolve critical issues in your AWS Lambda environment. It lets you:

  • Get missing metrics – Lumigo gives you critical operational metrics like concurrency, cold starts, memory usage, and behavior of downstream integrations that affect your Lambda functions.
  • Monitor all AWS Lambda functions on a single pane of glass – get a complete overview of the health of your AWS Lambda functions at a glance. Lumigo’s Lambda monitoring lets you view trends over time and know which Lambda functions are failing most often.
  • Learn about issues before they affect your users – receive smart alerts via slack or email and instantly drill down to see all the information you need to fix the problem quickly.
  • Visualize your entire serverless environment – get an auto-generated system map based on real-time execution to monitor and debug AWS Lambda functions and related services.

Learn more about Lumigo and get a free acount

AWS Lambda vs EC2: Which One Should You Choose?

It’s clear that if a team doesn’t want to deal with infrastructure, then Lambda is probably the right choice. However, it comes with limitations in terms of the use cases it’s best suited to. Also, constant monitoring is a must to ensure there is a good balance between the ease it provides and the cost.

EC2 has established itself as the standard choice for hosting any application and gives us full flexibility to configure our infrastructure. However, it is not best suited to all needs, and that’s what Lambda comes into the picture.

Keep using both services based on the considerations I have shared and do let me know your feedback.

Run serverless with confidence! Start monitoring with Lumigo today - try it free

This may also interest you