AWS Interview Questions and Answers

Q1. Explain Elastic Block Storage?  What type of performance can you expect?  How do you back it up?  How do you improve performance?

EBS is a virtualized SAN or storage area network.  That means it is RAID storage to start with so it’s redundant and fault tolerant.  If disks die in that RAID you don’t lose data.  Great!  It is also virtualized, so you can provision and allocate storage, and attach it to your server with various API calls.  No calling the storage expert and asking him or her to run specialized commands from the hardware vendor.

Performance on EBS can exhibit variability.  That is it can go above the SLA performance level, then drop below it.  The SLA provides you with an average disk I/O rate you can expect.  This can frustrate some folks especially performance experts who expect reliable and consistent disk throughput on a server.  Traditional physically hosted servers behave that way.  Virtual AWS instances do not.

Backup EBS volumes by using the snapshot facility via API call or via a GUI interface like elasticfox.

Improve performance by using Linux software raid and striping across four volumes.

Q2. What is S3?  What is it used for?  Should encryption be used?

S3 stands for Simple Storage Service.  You can think of it like ftp storage, where you can move files to and from there, but not mount it like a filesystem.  AWS automatically puts your snapshots there, as well as AMIs there.  Encryption should be considered for sensitive data, as S3 is a proprietary technology developed by Amazon themselves, and as yet unproven vis-a-vis a security standpoint

Q3. What is an AMI?  How do I build one?

AMI stands for Amazon Machine Image.  It is effectively a snapshot of the root filesystem.  Commodity hardware servers have a bios that points the the master boot record of the first block on a disk.  A disk image though can sit anywhere physically on a disk, so Linux can boot from an arbitrary location on the EBS storage network.

Build a new AMI by first spinning up and instance from a trusted AMI.  Then adding packages and components as required.  Be wary of putting sensitive data onto an AMI.  For instance your access credentials should be added to an instance after spinup.  With a database, mount an outside volume that holds your MySQL data after spinup as well.

Q4. Can I vertically scale an Amazon instance?  How?

Yes.  This is an incredible feature of AWS and cloud virtualization.  Spinup a new larger instance than the one you are currently running.  Pause that instance and detach the root ebs volume from this server and discard.  Then stop your live instance, detach its root volume.  Note the unique device ID and attach that root volume to your new server.   And the start it again.  Voila you have scaled vertically in-place!!

Q5. What is auto-scaling?  How does it work?

Autoscaling is a feature of AWS which allows you to configure and automatically provision and spinup new instances without the need for your intervention.  You do this by setting thresholds and metrics to monitor.  When those thresholds are crossed a new instance of your choosing will be spun up, configured, and rolled into the load balancer pool.  Voila you’ve scaled horizontally without any operator intervention!

Q6. What automation tools can I use to spinup servers?

The most obvious way is to roll-your-own scripts, and use the AWS API tools.  Such scripts could be written in bash, perl or other language or your choice.  Next option is to use a configuration management and provisioning tool like puppet or better it’s successor Opscode Chef.  You might also look towards a tool like Scalr.  Lastly you can go with a managed solution such as Rightscale.

Q7. What is configuration management?  Why would I want to use it with cloud provisioning of resources?

Configuration management has been around for a long time in web operations and systems administration.  Yet the cultural popularity of it has been limited.  Most systems administrators configure machines as software was developed before version control – that is manually making changes on servers.  Each server can then and usually is slightly different.  Troubleshooting though is straightforward as you login to the box and operate on it directly.  Configuration management brings a large automation tool into the picture, managing servers like strings of a puppet.  This forces standardization, best practices, and reproducibility as all configs are versioned and managed.  It also introduces a new way of working which is the biggest hurdle to its adoption.

Enter the cloud, and configuration management becomes even more critical.  That’s because virtual servers such as amazons EC2 instances are much less reliable than physical ones.  You absolutely need a mechanism to rebuild them as-is at any moment.  This pushes best practices like automation, reproducibility and disaster recovery into center stage.

Q8. Explain how you would simulate perimeter security using Amazon Web Services model?

Traditional perimeter security that we’re already familiar with using firewalls and so forth is not supported in the Amazon EC2 world.  AWS supports security groups.  One can create a security group for a jump box with ssh access – only port 22 open.  From there a webserver group and database group are created.  The webserver group allows 80 and 443 from the world, but port 22 *only* from the jump box group.  Further the database group allows port 3306 from the webserver group and port 22 from the jump box group.  Add any machines to the webserver group and they can all hit the database.  No one from the world can, and no one can directly ssh to any of your boxes.

Q9. Types of the cloud?

  • Public Cloud
  • Private Cloud
  • Hybrid Cloud

Q10. Explain What is AWS?
Amazon Web Services (AWS) is a secure cloud services platform, offering computing power, database storage, content delivery and other functionality to help businesses scale and grow. Explore how millions of customers are currently leveraging AWS cloud products and solutions to build sophisticated applications with increased flexibility, scalability and reliability.
Q11. AWS provides which cloud?
AWS basically provide Public Cloud. But it provides a feature to set up Private Cloud and Hybrid Cloud also.
Q12. Explain key components of AWS?

  • Route 53
  • Simple E-mail Service
  • IAM
  • S3
  • EC2
  • EBS
  • CloudWatch

Q13. Benefits of AWS cloud?

  • Easy to use
  • Flexible
  • Cost-Effective
  • Pay Per Use
  • Reliable
  • Elastic and Scalable
  • Secure

Q14. What are service models AWS provide? 
AWS provides a service model

  • IAAS
  • PAAS
  • SAAS

Q15. What is VPC? 

Amazon Virtual Private Cloud (Amazon VPC) enables you to launch AWS resources into a virtual network that you’ve defined. This virtual network closely resembles a traditional network that you’d operate in your own data center, with the benefits of using the scalable infrastructure of AWS.

Q16. What is internet gateway?

An Internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between instances in your VPC and the Internet. It, therefore, imposes no availability risks or bandwidth constraints on your network traffic.
An Internet gateway serves two purposes: to provide a target in your VPC route tables for Internet-routable traffic and to perform network address translation (NAT) for instances that have been assigned public IPv4 addresses.
An Internet gateway supports IPv4 and IPv6 traffic.
Q17. What tools you can use for migration to AWS?

  • Direct Connect
  • SnowBall

Q18. What is the storage options available in AWS?

  • EBS
  • S3
  • Glacier

Q19. What is S3? Can you store static websites in AWS?
Amazon Simple Storage Service is storage for the Internet. It is designed to make web-scale computing easier for developers. Amazon S3 has a simple web services interface that you can use to store and retrieve any amount of data, at any time, from anywhere on the web.
Yes, we can store a static website in S3.
Q20. How much large object you can store in S3?

Amazon S3 objects can range in size from a minimum of 0 bytes to a maximum of 5 TB.
Q21. What is RRS in S3? 
Reduced Redundancy Storage (RRS) is an Amazon S3 storage option that enables customers to store noncritical, reproducible data at lower levels of redundancy than Amazon S3’s standard storage. It provides a highly available solution for distributing or sharing content that is durably stored elsewhere, or for storing thumbnails, transcoded media, or other processed data that can be easily reproduced. The RRS option stores object on multiple devices across multiple facilities, providing 400 times the durability of a typical disk drive, but does not replicate objects as many times as standard Amazon S3 storage.

Q22. What is IAM? How it works?
AWS Identity and Access Management (IAM) enables you to manage access to AWS services and resources securely. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources.
Q23. What is AWS KMS system?
AWS Key Management Service (AWS KMS) is a managed service that makes it easy for you to create and control the encryption keys used to encrypt your data. Enable and disable master keys. Set and retrieve master key usage policies (access control)
Q24. What is hosted zone in Route53
A hosted zone is analogous to a traditional DNS zone file; it represents a collection of records that can be managed together, belonging to a single parent domain name. All resource record sets within a hosted zone must have the hosted zone’s domain name as a suffix.

Q25. How you can setup primary, secondary failover in route53?
https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-configuring.html
Q26. How you can setup weighted policy in route53?

https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy.html
Q27. Explain the functionality of AMI? how it works?

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIs.html
Q28. What is the relation between AMI and Instance?
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instances-and-amis.html
Q29. What are backup strategies available in AWS?

  • AMI
  • Snapshots
  • EBS snapshots

Q30. How you can take backup of instances?

  • Manual EC2 Instance Backup by an EBS Snapshot
  • Manual Backup Using AMI
  • Automating the EC2 Backup using CLI

Automating Instance Backup Using CPM

Q31. What is EC2? Can you launch an instance in your dedicated network?

Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides secure, resizable compute capacity in the cloud. It is designed to make web-scale cloud computing easier for developers.
Yes, we can launch an instance in our dedicated network in aws.
Q32. Explain T2 and C4 instances?
https://aws.amazon.com/ec2/instance-types/
Q33. How to setup EC2 for ping response?
Allow Inbound ICMP protocol in Security Group.
https://www.serverkaka.com/2018/03/ping-aws-ec2-instance.html
Q34. What is Security Group in AWS?
A security group acts as a virtual firewall that controls the traffic for one or more instances. When you launch an instance, you associate one or more security groups with the instance. You add rules to each security group that allows traffic to or from its associated instances.

Q35. What is dynamo DB? how it differs from RDS?
https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Introduction.html
Q36. What is an elastic cache?
Amazon ElastiCache is a web service that makes it easy to deploy, operate, and scale an in-memory data store or cache in the cloud. ElastiCache for Redis is fully managed, scalable, and secure – making it an ideal candidate to power high-performance use cases such as Web, Mobile Apps, Gaming, Ad-Tech, and IoT.
Q37. Explain CloudFront and it functions?
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Introduction.html
Q38. Explain Regions and availability zones in AWS?
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html
Q39. What is a direct connect?
AWS Direct Connect makes it easy to establish a dedicated network connection from your premises to AWS. Using AWS Direct Connect, you can establish private connectivity between AWS and your datacenter, office, or colocation environment, which in many cases can reduce your network costs, increase bandwidth throughput, and provide a more consistent network experience than Internet-based connections.
Q40. Where are the backup snapshots get a store in AWS?
Backup snapshots stored in S3.
Q41. What is the support options available in AWS?
AWS provides 4 support options:

  • Basic
  • Developer
  • Business
  • Enterprise

Q42. How you will setup VPN for AWS VPC?
https://aws.amazon.com/premiumsupport/knowledge-center/create-connection-vpc/

Q43. Difference between Elastic Beanstalk and Cloud Formation?
They’re actually pretty different. Elastic Beanstalk is intended to make developers’ lives easier. CloudFormation is intended to make systems engineers’ lives easier.
Q44.Describe the steps to set up a VPC?
https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/getting-started-ipv4.html

Q45. What is MFA in AWS? how it works?
Multi Factor Authentication (MFA) provides additional security by authenticating the users to enter a unique authentication code from an approved authentication device or SMS text message when they access AWS websites or services. If the MFA code is correct, then only the user can access AWS services or else not

Q46. Compare AWS and OpenStack

Criteria AWS OpenStack
License Amazon proprietary Open Source
Operating System Whatever cloud administrator provides Whatever AMIs provided by AWS
Performing repeatable operations Through templates Through text files

Q47. What is the importance of buffer in Amazon Web Services?

A buffer will synchronize different components and makes the arrangement additional elastic to a burst of load or traffic. The components are prone to work in an unstable way of receiving and processing the requests. The buffer creates the equilibrium linking various apparatus and crafts them effort at the identical rate to supply more rapid services.

Q48. What is the way to secure data for carrying in the cloud?

One thing must be ensured that no one should seize the information in the cloud while data is moving from point one to another and also there should not be any leakage with the security key from several storerooms in the cloud. Segregation of information from additional companies’ information and then encrypting it by means of approved methods is one of the options.

Q49. Distinguish between scalability and flexibility

The aptitude of any scheme to enhance the tasks on hand on its present hardware resources to grip inconsistency in command is known as scalability. The capability of a scheme to augment the tasks on hand on its present and supplementary hardware property is recognized as flexibility, hence enabling the industry to convene command devoid of putting in the infrastructure at all.

Q50. Name the various layers of the cloud architecture

There are 5 layers and are listed below

  • CC- Cluster Controller
  • SC- Storage Controller
  • CLC- Cloud Controller
  • Walrus
  • NC- Node Controller

Q51. Define auto-scaling.

Auto- scaling is one of the remarkable features of AWS where it permits you to arrange and robotically stipulation and spin up fresh examples without the requirement for your involvement. This can be achieved by setting brinks and metrics to watch. If those entrances are overcome, a fresh example of your selection will be configured, spun up and copied into the weight planner collection.

Q52. Which automation gears can help with spinup services?

The API tools can be used for spinup services and also for the written scripts. Those scripts could be coded in Perl, bash or other languages of your preference. There is one more option that is patterned administration and stipulating tools such as a dummy or improved descendant. A tool called Scalr can also be used and finally we can go with a controlled explanation like a Rightscale.

Q53. How the processes start, stop and terminate works? How?

Starting and stopping of an instance: If an instance gets stopped or ended, the instance functions a usual power cut and then change over to a clogged position. You can establish the case afterward since all the EBS volumes of Amazon remain attached. If an instance is in stopping state, then you will not get charged for additional instance.

Finishing the instance: If an instance gets terminated it tends to perform a typical blackout, so the EBS volumes which are attached will get removed except the volume’s deleteOnTermination characteristic is set to zero. In such cases, the instance will get removed and cannot set it up afterward.

Q54. What is the relation between an instance and AMI?

AMI can be elaborated as Amazon Machine Image, basically, a template consisting software configuration part. For example an OS, applications, application server. If you start an instance, a duplicate of the AMI in a row as an unspoken attendant in the cloud.

Q55.  Mention what are the key components of AWS?

The key components of AWS are

  • Route 53:A DNS web service
  • Simple E-mail Service:It allows sending e-mail using RESTFUL API call or via regular SMTP
  • Identity and Access Management:It provides enhanced security and identity management for your AWS account
  • Simple Storage Device or (S3):It is a storage device and the most widely used AWS service
  • Elastic Compute Cloud (EC2): It provides on-demand computing resources for hosting applications. It is very useful in case of unpredictable workloads
  • Elastic Block Store (EBS):It provides persistent storage volumes that attach to EC2 to allow you to persist data past the lifespan of a single EC2
  • CloudWatch: To monitor AWS resources, It allows administrators to view and collect key Also, one can set a notification alarm in case of trouble.

Q56. What kind of network performance parameters can you expect when you launch instances in cluster placement group?

The network performance depends on the instance type and network performance specification, if launched in a placement group you can expect up to

  • 10 Gbps in a single-flow,
  • 20 Gbps in multiflow i.e full duplex
  • Network traffic outside the placement group will be limited to 5 Gbps(full duplex).

Q57. What are the best practices for Security in Amazon EC2?

There are several best practices to secure Amazon EC2. A few of them are given below:

  • Use AWS Identity and Access Management (IAM) to control access to your AWS resources.
  • Restrict access by only allowing trusted hosts or networks to access ports on your instance.
  • Review the rules in your security groups regularly, and ensure that you apply the principle of least
  • Privilege – only open up permissions that you require.
  • Disable password-based logins for instances launched from your AMI. Passwords can be found or cracked, and are a security risk.

Q58. How can you speed up data transfer in Snowball?

The data transfer can be increased in the following way:

  • By performing multiple copy operations at one time i.e. if the workstation is powerful enough, you can initiate multiple cp commands each from different terminals, on the same Snowball device.
  • Copying from multiple workstations to the same snowball.
  • Transferring large files or by creating a batch of small file, this will reduce the encryption overhead.
  • Eliminating unnecessary hops i.e. make a setup where the source machine(s) and the snowball are the only machines active on the switch being used, this can hugely improve performance.

Q59. If I’m using Amazon CloudFront, can I use Direct Connect to transfer objects from my own data center?

Yes. Amazon CloudFront supports custom origins including origins from outside of AWS. With AWS Direct Connect, you will be charged with the respective data transfer rates.

Q60. How is Amazon RDS, DynamoDB and Redshift different?

  • Amazon RDS is a database management service for relational databases,  it manages patching, upgrading, backing up of data etc. of databases for you without your intervention. RDS  is a Db management service for structured data only.
  • DynamoDB, on the other hand, is a NoSQL database service, NoSQL deals with unstructured data.
  • Redshift, is an entirely different service, it is a data warehouse product and is used in data analysis.

Q61. Can I retrieve only a specific element of the data, if I have a nested JSON data in DynamoDB?

Yes. When using the GetItem, BatchGetItem, Query or Scan APIs, you can define a Projection Expression to determine which attributes should be retrieved from the table. Those attributes can include scalars, sets, or elements of a JSON document.

Q62.What is the difference between Scalability and Elasticity?

Scalability is the ability of a system to increase its hardware resources to handle the increase in demand. It can be done by increasing the hardware specifications or increasing the processing nodes.

Elasticity is the ability of a system to handle increase in the workload by adding additional hardware resources when the demand increases(same as scaling) but also rolling back the scaled resources, when the resources are no longer needed. This is particularly helpful in Cloud environments, where a pay per use model is followed.

Q63. How is AWS Elastic Beanstalk different than AWS OpsWorks?

AWS Elastic Beanstalk is an application management platform while OpsWorks is a configuration management platform. BeanStalk is an easy to use service which is used for deploying and scaling web applications developed with Java, .Net, PHP, Node.js, Python, Ruby, Go and Docker. Customers upload their code and Elastic Beanstalk automatically handles the deployment. The application will be ready to use without any infrastructure or resource configuration.

In contrast, AWS Opsworks is an integrated configuration management platform for IT administrators or DevOps engineers who want a high degree of customization and control over operations.

Q64. What happens if my application stops responding to requests in beanstalk?

AWS Beanstalk applications have a system in place for avoiding failures in the underlying infrastructure. If an Amazon EC2 instance fails for any reason, Beanstalk will use Auto Scaling to automatically launch a new instance. Beanstalk can also detect if your application is not responding on the custom link, even though the infrastructure appears healthy, it will be logged as an environmental event( e.g a bad version was deployed) so you can take an appropriate action.

AWS Interview Questions Overall rating: ★★★★☆ 4.4 based on 427 reviews
5 1

aws interview questions