Here are AWS Cloud interview questions and answers for fresher as well as experienced candidates to get the dream job.
The three basic types of cloud services are:
Here are some of the AWS products that are built based on the three cloud service types:
Computing – These include EC2, Elastic Beanstalk, Lambda, Auto-Scaling, and Lightsat.
Storage – These include S3, Glacier, Elastic Block Storage, Elastic File System.
Networking – These include VPC, Amazon CloudFront, Route53.
In simple words, the key components of AWS are
AWS regions are separate geographical areas, like the US-West 1 (North California) and Asia South (Mumbai). On the other hand, availability zones are the areas that are present inside the regions. These are generally isolated zones that can replicate themselves whenever required.
Auto-scaling is a function that allows you to provision and launch new instances whenever there is a demand. It allows you to automatically increase or decrease resource capacity in relation to the demand.
The following are the advantages of autoscaling
Yes, we can vertically scale on the Amazon instance. For that
Geo-Targeting is a concept where businesses can show personalized content to their audience based on their geographic location without changing the URL. This helps you create customized content for the audience of a specific geographical area, keeping their needs in the forefront.
Here are the steps involved in a CloudFormation solution:
You can upgrade or downgrade a system with near-zero downtime using the following steps of migration:
You can know that you are paying the correct amount for the resources that you are using by employing the following resources:
The that can help you log into the AWS resources are:
The essential services that you can use are Amazon CloudWatch Logs, store them in Amazon S3, and then use Amazon Elastic Search to visualize them. You can use Amazon Kinesis Firehose to move the data from Amazon S3 to Amazon ElasticSearch.
Most of the AWS services have their logging options. Also, some of them have an account level logging, like in AWS CloudTrail, AWS Config, and others. Let’s take a look at two services in specific:
This is a service that provides a history of the AWS API calls for every account. It lets you perform security analysis, resource change tracking, and compliance auditing of your AWS environment as well. The best part about this service is that it enables you to configure it to send notifications via AWS SNS when new logs are delivered.
This helps you understand the configuration changes that happen in your environment. This service provides an AWS inventory that includes configuration history, configuration change notifications, and relationships between AWS resources. It can also be configured to send information via AWS SNS when new logs are delivered.
DDoS is a cyber-attack in which the perpetrator accesses a website and creates multiple sessions so that the other legitimate users cannot access the service. The native tools that can help you deny the DDoS attacks on your AWS services are:
Not all Amazon AWS services are available in all regions. When Amazon initially launches a new service, it doesn’t get immediately published in all the regions. They start small and then slowly expand to other regions. So, if you don’t see a specific service in your region, chances are the service hasn’t been published in your region yet. However, if you want to get the service that is not available, you can switch to the nearest region that provides the services.
Amazon CloudWatch helps you to monitor the application status of various AWS services and custom events. It helps you to monitor:
The three major types of virtualization in AWS are:
AWS services that are not region-specific are:
While both NAT Gateways and NAT Instances serve the same function, they still have some key differences.
The Amazon CloudWatch has the following features:
To support multiple devices with various resolutions like laptops, tablets, and smartphones, we need to change the resolution and format of the video. This can be done easily by an AWS Service tool called the Elastic Transcoder, which is a media transcoding in the cloud that exactly lets us do the needful. It is easy to use, cost-effective, and highly scalable for businesses and developers.
While you may think that both stopping and terminating are the same, there is a difference. When you stop an EC2 instance, it performs a normal shutdown on the instance and moves to a stopped state. However, when you terminate the instance, it is transferred to a stopped state, and the EBS volumes attached to it are deleted and can never be recovered.
The three types of EC2 instances are:
Here’s how you accomplish this:
Solaris is an operating system that uses SPARC processor architecture, which is not supported by the public cloud currently.
AIX is an operating system that runs only on Power CPU and not on Intel, which means that you cannot create AIX instances in EC2.
Since both operating systems have their limitations, they are not currently available with AWS.
Here’s how you can configure them:
There are many types of AMIs, but some of the common AMIs are:
Key-pairs are secure login information for your virtual machines. To connect to the instances, you can use key-pairs which contain a public-key and private-key.
Follow the steps provided below to recover an EC2 instance if you have lost the key:
Here are some differences between AWS S3 and EBS
You need to follow the four steps provided below to allow access. They are:
Follow the flow diagram provided below to monitor S3 cross-region replication:
To transfer terabytes of data outside and inside of the AWS environment, a small application called SnowBall is used.
Data transferring using SnowBall is done in the following ways:
The Storage Classes that are available in the Amazon S3 are the following:
To fix this problem, you need to enable the DNS hostname resolution, so that the problem resolves itself.
If you have multiple VPN connections, you can provide secure communication between sites using the AWS VPN CloudHub. Here’s a diagram that will show you how to connect various sites to a VPC:
Here is a selection of security products and features:
You can monitor VPC by using:
We can have up to 200 Subnets per Amazon Virtual Private Cloud (VPC).
Here’s how you can add an existing instance to a new Auto Scaling group:
Here are the factors to consider during AWS migration:
RTO or Recovery Time Objective is the maximum time your business or organization is willing to wait for a recovery to complete in the wake of an outage. On the other hand, RPO or Recovery Point Objective is the maximum amount of data loss your company is willing to accept as measured in time.
AWS Snowball is basically a data transport solution for moving high volumes of data into and out of a specified AWS region. On the other hand, AWS Snowball Edge adds additional computing functions apart from providing a data transport solution. The snowmobile is an exabyte-scale migration service that allows you to transfer data up to 100 PB.
The T2 Instances are intended to give the ability to burst to a higher performance whenever the workload demands it and also provide a moderate baseline performance to the CPU.
The T2 instances are General Purpose instance types and are low in cost as well. They are usually used wherever workloads do not consistently or often use the CPU.
AWS IAM allows an administrator to provide multiple users and groups with granular access. Various user groups and users may require varying levels of access to the various resources that have been developed. We may assign roles to users and create roles with defined access levels using IAM.
It further gives us Federated Access, which allows us to grant applications and users access to resources without having to create IAM Roles.
Connection Draining is an AWS service that allows us to serve current requests on the servers that are either being decommissioned or updated.
By enabling this Connection Draining, we let the Load Balancer make an outgoing instance finish its existing requests for a set length of time before sending it any new requests. A departing instance will immediately go off if Connection Draining is not enabled, and all pending requests will fail.
The AWS Resources owner is identical to an Administrator User. The Administrator User can build, change, delete, and inspect resources, as well as grant permissions to other AWS users.Administrator Access without the ability to control users and permissions is provided to a Power User. A Power User Access user cannot provide permissions to other users but has the ability to modify, remove, view, and create resources.
Here are some differences between AWS CloudFormation and AWS Elastic Beanstalk:
AWS CloudFormation templates are YAML or JSON formatted text files that are comprised of five essential elements, they are:
If the resource in the stack cannot be created, then the CloudFormation automatically rolls back and terminates all the resources that were created in the CloudFormation template. This is a handy feature when you accidentally exceed your limit of Elastic IP addresses or don’t have access to an EC2 AMI.
Use the following steps in order to automate EC2 backup using EBS:
EBS is a kind of permanent storage in which the data can be restored at a later point. When you save data in the EBS, it stays even after the lifetime of the EC2 instance. On the other hand, Instance Store is temporary storage that is physically attached to a host machine. With an Instance Store, you cannot detach one instance and attach it to another. Unlike in EBS, data in an Instance Store is lost if any instance is stopped or terminated.
Yes, you can use the EFS-to-EFS backup solution to recover from unintended changes or deletion in Amazon EFS. Follow these steps:
Here’s the procedure for auto-deleting old snapshots:
There are three types of load balancers that are supported by Elastic Load Balancing:
Used if you need flexible application management and TLS termination.
Used if you require extreme performance and static IPs for your applications.
Used if your application is built within the EC2 Classic network
AWS WAF or AWS Web Application Firewall protects your web applications from web exploitations. It helps you control the traffic flow to your applications. With WAF, you can also create custom rules that block common attack patterns. It can be used for three cases: allow all requests, prevent all requests, and count all requests for a new policy.
Using AWS IAM, you can do the following:
Here are some of the policies that you can set:
The two key differences between the IAM role and IAM user are:
There are two types of managed policies; one that is managed by you and one that is managed by AWS. They are IAM resources that express permissions using IAM policy language. You can create, edit, and manage them separately from the IAM users, groups, and roles to which they are attached.
Here’s an example of an IAM policy to grant access to add, update, and delete objects from a specific folder.
Here’s an example of a policy summary:
IAM enables to:
The Geo Based DNS routing takes decisions based on the geographic location of the request. Whereas, the Latency Based Routing utilizes latency measurements between networks and AWS data centers. Latency Based Routing is used when you want to give your customers the lowest latency possible. On the other hand, Geo Based routing is used when you want to direct the customer to different websites based on the country or region they are browsing from.
A domain is a collection of data describing a self-contained administrative and technical unit.
A hosted zone is a container that holds information about how you want to route traffic on the internet for a specific domain.
Here’s how Amazon Route 53 provides the resources in question:
Amazon is a global service and consequently has DNS services globally. Any customer creating a query from any part of the world gets to reach a DNS server local to them that provides low latency.
Route 53 provides a high level of dependability required by critical applications
Route 53 uses a global anycast network to answer queries from the optimal position automatically.
AWS CloudTrail records user API activity on your account and allows you to access information about the activity. Using CloudTrail, you can get full details about API actions such as the identity of the caller, time of the call, request parameters, and response elements. On the other hand, AWS Config records point-in-time configuration details for your AWS resources as Configuration Items (CIs).
You can use a CI to ascertain what your AWS resource looks like at any given point in time. Whereas, by using CloudTrail, you can quickly answer who made an API call to modify the resource. You can also use Cloud Trail to detect if a security group was incorrectly configured.
Yes, you can set up AWS Config to deliver configuration updates from different accounts to one S3 bucket, once the appropriate IAM policies are applied to the S3 bucket.
Reserved instances and on-demand instances are the same when it comes to function. They only differ in how they are billed.
Reserved instances are purchased as one-year or three-year reservations, and in return, you get very low hourly based pricing when compared to the on-demand cases that are billed on an hourly basis.
There are two types of scaling – vertical scaling and horizontal scaling. Vertical scaling lets you vertically scale up your master database with the press of a button. A database can only be scaled vertically, and there are 18 different instances in which you can resize the RDS. On the other hand, horizontal scaling is good for replicas. These are read-only replicas that can only be done through Amazon Aurora.
RDS maintenance window lets you decide when DB instance modifications, database engine version upgrades, and software patching have to occur. The automatic scheduling is done only for patches that are related to security and durability. By default, there is a 30-minute value assigned as the maintenance window and the DB instance will still be available during these events though you might observe a minimal effect on performance.
There are two consistency models In DynamoDB. First, there is the Eventual Consistency Model, which maximizes your read throughput. However, it might not reflect the results of a recently completed write. Fortunately, all the copies of data usually reach consistency within a second. The second model is called the Strong Consistency Model. This model has a delay in writing the data, but it guarantees that you will always see the updated data every time you read it.
DynamoDB supports GET/PUT operations by using a user-defined primary key. It provides flexible querying by letting you query on non-primary vital attributes using global secondary indexes and local secondary indexes.
Amazon DynamoDB
Amazon CloudWatch
Amazon Cognito
AWS Macie
AWS IAM
Amazon VPC
Amazon Relational Database Service
Amazon Mechanical Turk
Amazon Elastic Container Service
AWS Lambda
Amazon Simple Queue Service
Amazon Chime
AWS Batch
S3 stands for Simple Storage Service. You can use the S3 interface to store and retrieve any amount of data, at any time and from anywhere on the web. For S3, the payment model is “pay as you go”
AMI stands for Amazon Machine Image. It’s a template that provides the information (an operating system, an application server, and applications) required to launch an instance, which is a copy of the AMI running as a virtual server in the cloud. You can launch instances from as many different AMIs as you need.
Amazon S3 is a REST service, and you can send a request by using the REST API or the AWS SDK wrapper libraries that wrap the underlying Amazon S3 REST API.
The difference between EC2 and Amazon S3 is that
EC2 | S3 |
It is a cloud web service used for hosting your application | It is a data storage system where any amount of data can be stored |
It is like a huge computer machine which can run either Linux or Windows and can handle applications like PHP, Python, Apache, or any databases | It has a REST interface and uses secure HMAC-SHA1 authentication keys |
By default, you can create up to 100 buckets in each of your AWS accounts.
VPC stands for Virtual Private Cloud. It allows you to customize your networking configuration. It is a network which is logically isolated from another network in the cloud. It allows you to have your IP address range, internet gateways, subnet, and security groups.
With private and public subnets in VPC, database servers should ideally launch into private subnets.
For secure Amazon EC2 best practices, follow the following steps
The buffer is used to make the system more robust to manage traffic or load by synchronizing different components. Usually, components receive and process the requests in an unbalanced way. With the help of a buffer, the components will be balanced and will work at the same speed to provide faster services.
The possible connection errors one might encounter while connecting instances are
Redshift is a big data warehouse product. It is a fast and powerful, fully managed data warehouse service in the cloud.
A large section of IP Addresses divided into chunks is known as subnets.
Simple Queue Service is also known as SQS. It is distributed queuing service which acts as a mediator for two controllers.
You can have 200 subnets per VPC.
Lambda is an Amazon compute service which allows you to run code in the AWS Cloud without managing servers.
Various types of cloud services are:
Different layers of cloud architecture are: