AWS is a leading cloud platform which offers cloud computing services like IaaS, PaaS, and SaaS. AWS provides compute, storage, database, DevOps, machine learning, AI, monitoring and networking services on subscription or pay as you go models. We at DotNetTricks are committed to upgrading your skills with the latest industry trends. So, we have created a list of the top 20 AWS interview questions and answers, in order to prepare you for the interview.
Want to become a Certified AWS Solution Architect? Visit here to AWS Online Certification Training
We need to deploy an application on the cloud which we are going to commercialize in a later phase. Which cloud provider you think will suit our need and why? Given the fact, you don’t know anything about our project.
I will go for AWS due to following reasons :
The oldest cloud provider and range of managed services offered by them are quite large therefore you can build and deploy your diverse applications with ease and less time.
AWS is not competing with most of its clients on similar services, whereas Microsoft and Google already have a variety of products in the direct competition if your product falls under their category.
AWS collaboration with Intel, VMWare, Akamai makes them quite strong in terms of providing global, highly available and robust cloud infrastructure.
They are the oldest in the cloud market, hence their use case experience is more comprehensive.
How can I collaborate among my different accounts on AWS?
Using AWS organization service collaboration among different AWS account is easy and seamless.
What are some of the recommended practices by AWS?
Democratize IT services, use managed services as much as you can, attaining expertise in all domains is expensive as well as time-consuming.
Consider your cloud infra resources like cattle, not as pets. You use servers, databases, storage, use them, once they get outdated decommission them and deploy new updated versions.
Security of the cloud is in the customer's hand, whereas the security of the cloud is AWS responsibility.
What is one service which can provide us with an overview of our AWS cloud infrastructure usage in terms of cost, security, availability, etc?
Trusted advisor provide you with information and can also guide what steps necessarily be taken in order to make your infrastructure efficient.
Instead of going to AWS why can’t I opt for OpenStack cloud? What are the pros and cons?
Everyone is free to choose a cloud service provider as per their choice, but the question arises before getting down to actual business in hand how much overhead you want to create. OpenStack is free but at the same time configurations and nitty-gritty details of every service will call for a certain level of expertise and moreover if the infrastructure falls apart, there is no one to take responsibility for or better say lack of directed guidance is missing.
What is meant by Geolocation based routing and latency-based routing, how they are different and which AWS service helps in configuring such routing policy?
Geolocation based routing where routing of traffic can be done on a specific geographic region and can also be restricted to a certain geographic region where we don’t want to show our content/service availability. Latency-based routing is meant to serve the customer from the node which provides content with least latency, suppose we have our web servers deploy over US, Europe, and Asia in a Global AWS Infrastructure, we want that customer request from US region should be answered by US region AWS infra and so on. Suppose customer raise request middle or in Africa, his/her request will be served from the node which is Geographically closer to Africa continent. We can configure such routing policies by using AWS managed DNS service Route53, where such routing policies are available.
How should we decide to choose between Reserved, On-demand and spot instances?
Reserved instances have been used for housekeeping functions which will run all the time mostly in 24x7 manner, as you have already made the payment or committed to a certain amount for their 24x7 operation. On-demand instances can be deployed for immediate need where the processing of data as well as a transfer of data is also critical, mostly it happens in scenarios like a big-billion-day sale, black Friday or major global event which is unpredictable. Spot instances are instances which are cheapest in nature should be deployed where we are not so much worried about loss or interruption of transactions are not a thing to worry about.
How you create highly available, fault-tolerant, low latency and DR compliant global infrastructure in AWS. Only a brief description.
Highly available: Serve traffic from distributed infrastructure in all available Availability Zones.
Fault-tolerant: Implementing load-balancing policy along with Autoscaling.
Low-latency: Replicating business-critical web, app and DB servers in all availability zones and serving the traffic by AWS CDN service (Cloud Front) and can also use Elastic Cache service.
DR compliant (Disaster recovery compliant): Keep taking automated backups and put across region replication policy for the stored items in S3. Keep a business-critical DB server in standby in a different region.
Use managed services as much as possible, where the uptime is taken care of by AWS and you need not worry about them.
What is Infrastructure as a Code mean and which AWS service facilitate that?
Infrastructure as a Code means where you create a template of your entire business infrastructure based on a cloud in a form of Code (JSON/XML or any other simple script). You keep updating this template/code as and when you make any configuration changes or you implement this code template for deploying AWS infra, be it servers, databases, storage resources, deployment policies, etc. You can utilize the AWS Cloud formation service to facilitate this. There you can find predefined templates from use cases or you can draft your own custom-made code for your AWS Cloud Infra which suits your needs.
Our organization run BI tools on large-scale data, data analytics been run-on third-party web servers, which service would you recommend for this task?
AWS redshift is a proper tool provided by AWS that can exactly answer this need. AWS Redshift is a Data warehouse solution where you can also run your analytics, no need to deploy separate servers.
Difference between vertical and horizontal scaling?
Vertical scaling where you are adding more power/capacity to your resources, whereas horizontal scaling where the number of same resources has been multiplied. Autoscaling policy provides us with a managed service to a horizontal scale of EC2 resources. For vertical scaling of EC2 resources either we can do it manually or we write down an automated script and get it pushed as and some specific event gets triggered.
What are the three important things that AWS going to bill you?
Compute power utilization, storage used and Data transfer.
We need to set cross-region replication of our S3 bucket, but even after setting up cross-region replication a very large amount of our data doesn’t get replicated, what could be the possible reason and how can we overcome this?
When we apply cross-region replication only new data that you store in the source bucket will get replicated across the region, data which was existing prior to the implementation of Cross-region replication will not get replicated. In order to replicate that data either, we can write a script to copy the entire data across a region or we can create a lambda function, or we can do it using the S3 bucket dashboard also.
Does the complete CI/CD solution exist on the AWS platform, if yes, please explain?
AWS provides you services like CodeStart, CodeCommit, Cloud9, CodeBuild, CodeDeploy, etc. where you can build a custom-made pipeline for the deployment on staging/production server. Moreover, there is a presence of CloudFormation templates where you can store your entire production-grade Cloud Infra in form of code which is easy to port and deploys.
You have provisioned a higher configuration instance and you want to host your Database as well as app server on the very same instance. How would you route the traffic on your DB and to your app server?
We can route traffic in a port-specific manner by registering the targets with the Application load balancer where we can mention the port number and the target DB or app server.
What are the ways to keep your dev/prod team in a loop in case any issue arise with your web/app server outside business hours?
There are a couple of ways we can do that. We can utilize AWS native Cloudwatch service with SNS (Simple Notification Services) to roll out emails/SMS in case of any issue arise with our production web/app servers. We can also configure a third-party monitoring service like Data Dog and PagerDuty with AWS CloudWatch too. We can configure to follow escalation policy in case of major or minor issues or if someone is not available. We can configure the monitoring tools to give an automated call to the responsible teams informing them about any outage or any critical matrices breaching.
If our company already has a system to carry out the identification of the user, how can I use the same system to give AWS account access to my user?
There are basically three possibilities that arise :
If your corporate directory agrees with SAML 2.0, you can configure SSO access to your AWS account using your corporate directory.
If the corporate directory is not compatible, then we can use an identity broker.
If your corporate directory is Microsoft’s AD-based, you can utilize AWS Directory Service to establish trust between your corporate AD and your AWS account.
If you have lost the .pem file for your running instance how you can recover that instance?
The OS + Stack can be recovered by creating an AMI and then relaunching an AMI using the same if we need to recover data also, then we need to detach volumes and attach them with a new instance.
If you are the AWS admin for your company and someone has recently left the company, how will you ensure security along with ensuring the smooth flow of tasks that he/she was responsible for?
The main issue will arise if we would have used that personal security key and access id at someplace, we can first deactivate his/her id’s and then check whether it has hampered any tasks or not running on the AWS platform, if no there is no task gets affected then, we can simply delete the access keys, along with user profile, or if we found some tasks getting affected, we will regenerate a new set of access keys/id’s, feed them on the very same place where the old one is working, then deactivate the old one. Once task execution gets properly checked under the new access keys and ID’s, we can go ahead with deleting the old access keys/id’s.
Given the fact that you need to use only AWS stack to schedule the turn-off and turn-on automation of your staging servers, what all services you will use and how will you plan it?
We will utilize the CloudWatch Events window to schedule the event of specific times at which we want to turn off or turn on the staging servers. The event trigger will be two lambda functions which fire-up as per the schedule and the targets of the lambda function will be the servers which are grouped under “staging” tag. We can write a script in python or node.js to pull up the list of staging servers and take the action to shut down or start as per the trigger. By using these services we are meeting the mandatory requirement to devise a solution without going outside the AWS stack.
How Amazon Route 53 can offer high availability and low latency?
Amazon Route 53 utilizes the below ways to provide high availability and low latency:
Globally Distributed Servers:
Since Amazon is a global service, it has DNS Servers worldwide. Any customer who creates a query from anywhere can access a DNS Server local to them which offers low latency.
Route 53 offers superior dependability demanded by critical applications.
Route 53 is known to serve the requests from the closest data center to the client delivering the request. Moreover, Route 53 allows any server in a data center that has the required data to react.
How Region and Availability Zone are linked?
An Amazon data center is located in AWS Availability Zone which is a physical location. But AWS Region is an assortment or cluster of Availability Zones or Data Centers. The same assists your services to be more accessible while you place your VMs in various data centers in an AWS Region. In case any of the data centers fails in a Region then the client requests would still be served but from other data centers positioned in the same Region. It is important to know these terms in your AWS Training.
Explain Spot Instances and On-Demand Instances?
Whenever AWS creates EC2 instances, certain blocks of processing power and computing capacity are rendered unused. AWS gives away such blocks as Spot Instances. Moreover, Spot Instances execute when capacity is available. They prove useful if you are flexible regarding when your application could run and if your applications can be blocked.
You can create On-Demand Instances whenever required. Their prices are static. They are always available unless you explicitly end them.
Mention the steps associated with a CloudFormation Solution?
Below are the steps included in a CloudFormation solution:
Step-1: Create or use any previously created CloudFormation template through JSON or YAML format.
Step-2: Now save the code in an S3 bucket. The S3 bucket works as a repository for the code.
Step-3: Use AWS CloudFormation for calling the bucket and creating a stack on your template.
Step-4: CloudFormation will read the file and comprehend those services which are called. Also, it understands their sequence, the affiliation between the services, and the provisions of the services in sequence.
What is a DDoS attack? How to minimize a DDoS attack?
DDoS is basically a cyber-attack wherein the perpetrator retrieves a website and makes multiple sessions. Consequently, the other valid users could not access the service. The AWS learning path highlights an overview of a DDoS attack.
Below is the list of the native tools that assist you to minimize the DDoS attacks on your AWS services:
- AWS WAF
- AWS Shield
- Amazon Route53
- Amazon CloudFront
How to set up a system for real-time monitoring website metrics in AWS?
Amazon CloudWatch lets you monitor the application status of diverse AWS services as well as custom events. It is possible to monitor:
- Auto-scaling lifecycle events
- State changes in Amazon EC2
- Scheduled events
- Console sign-in events
- AWS API calls
What aspects do you need to consider when migrating to Amazon Web Services?
Below is the list of aspects to be considered for AWS migration:
- Workforce Productivity
- Business agility
- Cost avoidance
- Operational resilience
- Operational Costs - Includes the expense of infrastructure, capability to match demand and supply, transparency, and others.
-When preparing for AWS Interview Questions and Answers, it is better if you know what AWS migration depends on.
What does it mean by policies in AWS? What are the various types of policies?
Policy is an object that is linked with a resource that defines the permissions. AWS analyzes such policies whenever user makes a request. The permissions in the policy decide whether to allow or reject action. It is important to note that policies are saved as JSON documents.
6 types of policies supported in AWS are:
- Resource-based policies
- Identity-based policies
- Permissions boundaries
- Access Control Lists
- Organizations SCPs
- Session policies
- When you enroll for AWS training in Hyderabad, you will be made familiar with all such aspects of AWS.
How to control the security to your VPC?
You can follow any of the below ways:
i. Security Groups: It works as a virtual firewall for associated EC2 instances which control inbound as well as outbound traffic at the instance level.
ii. Network access control lists (NACL): It works as a firewall for connected subnets which control inbound as well as outbound traffic at the subnet level.
Mention the relationship between an instance and AMI is?
From an AMI, it is allowed to launch various types of instances. An instance type describes the hardware of the host computer utilized for your instance. Every instance type offers various computer and memory abilities. After an instance is launched, it appears like a traditional host. Furthermore, you can interact with it just like any computer.