AWS is a leading cloud platform which offers cloud computing services like IaaS, PaaS, and SaaS. AWS provides compute, storage, database, devops, machine learning, AI, monitoring and networking services on a subscription or a pay as you go models. We at DotNetTricks are committed to upgrading your skills with the latest industry trends. So, we have a created a list of top 20 AWS interview questions and answers, in order to prepare you for the interview.
We need to deploy an application on the cloud which we are going to commercialize in a later phase. Which cloud provider you think will suit our need and why? Given the fact you don’t know anything about our project.
I will go for AWS due to following reasons :
Oldest cloud provider and range of managed services offered by them are quite large therefore you can build and deploy your diverse applications with ease and less time.
AWS collaboration with Intel, VMWare, Akamai makes them quite strong in terms of providing global, highly available and robust cloud infrastructure.
They are the oldest in the cloud market, hence their use case experience is more comprehensive.
How can I collaborate among my different accounts on AWS?
Using AWS organization service collaboration among different AWS account is easy and seamless.
What are some of the recommended practices by AWS?
Democratize IT services, use managed services as much as you can, attaining expertise in all domains is expensive as well as time-consuming.
Consider your cloud infra resources like cattle, not as pets. You use servers, databases, storage, use them, once they get outdated decommission them and deploy new updated versions.
Security of the cloud is in customers hand, whereas security of the cloud is AWS responsibility.
What is one service which can provide us with an overview of our AWS cloud infrastructure usage in terms of cost, security, availability etc?
Trusted advisor provide you information and can also guide what steps necessarily be taken in order to make your infrastructure efficient.
Instead of going to AWS why can’t I opt for OpenStack cloud? What are the pros and cons?
Everyone is free to choose cloud service provider as per their choice, but the question arises before getting down to actual business in hand how much overhead you want to create. OpenStack is free but at the same time configurations and nitty-gritty details of every service will call for a certain level of expertise and moreover if the infrastructure falls apart, there is no one to take responsibility for or better say lack of directed guidance is missing.
What is meant by Geolocation based routing and latency-based routing, how they are different and which AWS service helps in configuring such routing policy?
Geolocation based routing where routing of traffic can be done on a specific geographic region and can also be restricted to a certain geographic region where we don’t want to show our content/service availability. Latency-based routing is meant to serve the customer from the node which provides content with least latency, suppose we have our web servers deploy over US, Europe and Asia in a Global AWS Infrastructure, we want that customer request from US region should be answered by US region AWS infra and so on. Suppose customer raise request middle or in Africa, his/her request will be served from the node which is Geographically closer to Africa continent. We can configure such routing policies by using AWS managed DNS service Route53, where such routing policies are available.
How should we decide to choose between Reserved, On-demand and spot instances?
Reserved instances have been used for housekeeping functions which will run all the time mostly in 24x7 manner, as you have already made the payment or committed to a certain amount for their 24x7 operation. On-demand instances can be deployed for immediate need where processing of data as well as a transfer of data is also critical, mostly it happens in scenarios like a big-billion-day sale, black Friday or major global event which is unpredictable. Spot instances are instances which are cheapest in nature should be deployed where we are not so much worried about loss or interruption of transactions are not a thing to worry about.
How you create highly available, fault tolerant, low latency and DR compliant global infrastructure in AWS. Only a brief description.
Highly available: Serve traffic from distributed infrastructure in all available Availability Zones.
Fault tolerant: Implementing load-balancing policy along with Autoscaling.
Low-latency: Replicating business-critical web, app and DB servers in all availability zones and serving the traffic by AWS CDN service (Cloud Front) and can also use Elastic Cache service.
DR compliant (Disaster recovery compliant): Keep taking automated backups and put across region replication policy for the stored items in S3. Keep a business-critical DB server in standby in a different region.
Use managed services as much as possible, where the uptime is taken care of by AWS and you need not to worry about them.
What is Infrastructure as a Code mean and which AWS service facilitate that?
Infrastructure as a Code means where you create a template of your entire business infrastructure based on a cloud in a form of Code (JSON/XML or any other simple script). You keep updating this template/code as and when you make any configuration changes or you implement this code template for deploying AWS infra, be it servers, databases, storage resources, deployment policies etc. You can utilize AWS Cloud formation service to facilitate this. There you can find predefined templates from use cases or you can draft your own custom-made code for your AWS Cloud Infra which suits your needs.
Our organization run BI tools on large-scale data, data analytics been run-on third-party web servers, which service would you recommend for this task?
AWS redshift is a proper tool provided by AWS that can exactly answer this need. AWS Redshift is a Data warehouse solution where you can also run your analytics, no need to deploy separate servers.
Difference between vertical and horizontal scaling?
Vertical scaling where you are adding more power/capacity to your resources, whereas horizontal scaling where the number of same resources have been multiplied. Autoscaling policy provides us with a managed service to a horizontal scale of EC2 resources. For vertical scaling of EC2 resources either we can do it manually or we write down an automated script and get it pushed as and some specific event gets triggered.
What are the three important things that AWS going to bill you?
Compute power utilization, storage used and Data transfer.
We need to set cross-region replication of our S3 bucket, but even after setting up cross-region replication a very large amount of our data doesn’t get replicated, what could be the possible reason and how can we overcome this?
When we apply cross-region replication only new data that you store in source bucket will get replicated across the region, data which was existing prior to implementation of Cross-region replication will not get replicated. In order to replicate that data either, we can write a script to copy entire data across a region or we can create a lambda function, or we can do it using S3 bucket dashboard also.
Does the complete CI/CD solution exist on the AWS platform, if yes, please explain?
AWS provides you services like CodeStart, CodeCommit, Cloud9, CodeBuild, CodeDeploy etc. where you can build a custom-made pipeline for the deployment on staging/production server. Moreover, there is a presence of CloudFormation templates where you can store your entire production grade Cloud Infra in form of code which is easy to port and deploy.
You have provisioned a higher configuration instance and you want to host your Database as well as app server on the very same instance. How would you route the traffic on your DB and to your app server?
We can route traffic in a port-specific manner by registering the targets with Application load balancer where we can mention the port number and the target DB or app server.
What are the ways to keep your dev/prod team in a loop in case any issue arise with your web/app server outside business hours?
There are a couple of ways we can do that. We can utilize AWS native Cloudwatch service with SNS (Simple Notification Services) to roll out emails/sms in case of any issue arise with our production web/app servers. We can also configure a third-party monitoring service like Data Dog and PagerDuty with AWS CloudWatch too. We can configure to follow escalation policy in case of major or minor issues or if someone is not available. We can configure the monitoring tools to give an automated call to the responsible teams informing them about any outage or any critical matrices breaching.
If our company already has a system to carry out the identification of the user, how can I use the same system to give AWS account access to my user?
There are basically three possibilities arise :
If your corporate directory agrees with SAML 2.0, you can configure SSO access to your AWS account using your corporate directory.
If the corporate directory is not compatible, then we can use an identity broker.
If your corporate directory is Microsoft’s AD based, you can utilize AWS Directory Service to establish trust between your corporate AD and your AWS account.
If you have lost the .pem file for your running instance how you can recover that instance?
The OS + Stack can be recovered by creating an AMI and then relaunching an AMI using the same if we need to recover data also, then we need to detach volumes and attach them with a new instance.
If you are the AWS admin for your company and someone has recently left the company, how will you ensure the security along with ensuring the smooth flow of tasks that he/she was responsible for?
The main issue will arise if we would have used that personal security key and access id at some place, we can first deactivate his/her id’s and then check whether it has hampered any tasks or not running on AWS platform, if no there is no task gets affected then, we can simply delete the access keys, along with user profile, or if we found some tasks getting affected, we will regenerate a new set of access keys/id’s, feed them on the very same place where the old one is working, then deactivate the old one. Once task execution gets properly checked under the new access keys and ID’s, we can go ahead with deleting the old access keys/id’s.
Given the fact that you need to use only AWS stack to schedule the turn-off and turn-on automation of your staging servers, what all services you will use and how will you plan it?
We will utilize the CloudWatch Events window to schedule the event of specific times at which we want to turn-off or turn-on the staging servers. The event trigger will be two lambda functions which fire-up as per the schedule and the targets of lambda function will be the servers which are grouped under “staging” tag. We can write a script in python or node.js to pull up the list of staging servers and take the action to shut down or start as per the trigger. By using these services we are meeting the mandatory requirement to devise a solution without going outside the AWS stack.