50+ AWS Interview Questions

by anupmaurya
0 comment
50+ AWS Interview Questions 2022

In order to get your AWS career started, you need to set up some AWS interviews and ace them. In the spirit of doing that, here are some AWS interview questions and answers that will help you with the interview process.

Table of Contents

What is AWS?

AWS stands for Amazon Web Service; it is a collection of remote computing services also known as a cloud computing platform.  This new realm of cloud computing is also known as IaaS or Infrastructure as a Service.

What the key components of AWS are?

The key components of AWS are

  • Route 53: A DNS web service
  • Simple E-mail Service: It allows sending e-mail using RESTFUL API call or via regular SMTP
  • Identity and Access Management: It provides enhanced security and identity management for your AWS account
  • Simple Storage Device or (S3): It is a storage device and the most widely used AWS service
  • Elastic Compute Cloud (EC2): It provides on-demand computing resources for hosting applications. It is handy in case of unpredictable workloads
  • Elastic Block Store (EBS): It offers persistent storage volumes that attach to EC2 to allow you to persist data past the lifespan of a single Amazon EC2 instance
  • CloudWatch: To monitor AWS resources, It allows administrators to view and collect keys. Also, one can set a notification alarm in case of trouble.

What is EC2?

EC2, a Virtual Machine in the cloud on which you have OS-level control. You can run this cloud server whenever you want and can be used when you need to deploy your own servers in the cloud, similar to your on-premises servers, and when you want to have full control over the choice of hardware and the updates on the machine.

What is SnowBall?

SnowBall is a small application that enables you to transfer terabytes of data inside and outside of the AWS environment.

What is CloudWatch?

CloudWatch helps you to monitor AWS environments like EC2, RDS Instances, and CPU utilization. It also triggers alarms depending on various metrics.

What are the different types of cloud services ?

Various types of cloud services are:

  • Software as a Service (SaaS),
  • Data as a Service (DaaS)
  • Platform as a Service (PaaS)
  • Infrastructure as a Service (IaaS).

What is AWS Lambda?

AWS Lambda is a compute service that runs your code without managing servers. Lambda function runs your code whenever needed. You need to pay only when your code is running.

What do you understand by VPC?

VPC stands for Virtual Private Cloud. It allows you to customize your networking configuration. VPC is a network that is logically isolated from other networks in the cloud. It allows you to have your private IP Address range, internet gateways, subnets, and security groups.

Explain what do you understand by S3 in AWS?

S3 stands for Simple Storage Service. You can use the S3 interface to store and retrieve any amount of data, at any time and from anywhere on the web. For S3, the payment model is “pay as you go”.

What is Elastic Transcoder?

Elastic Transcoder is an AWS Service Tool that helps you in changing a video’s format and resolution to support various devices like tablets, smartphones, and laptops of different resolutions.

DNS and Load Balancer Services come under which type of Cloud Service?

DNS and Load Balancer are a part of IaaS-Storage Cloud Service.

What are the Storage Classes available in Amazon S3?

Storage Classes available with Amazon S3 are:

  • Amazon S3 Standard
  • Amazon S3 Standard-Infrequent Access
  • Amazon S3 Reduced Redundancy Storage
  • Amazon Glacier

What is AMI?

AMI stands for Amazon Machine Image. It is a virtual image used to create a virtual machine within an EC2 instance.

State the difference between An Instance  and AMI

AMI is a template consisting of the software configuration part. For example Operating systems, applications, application servers if you start an instance, a duplicate of the AMI in a row as an attendant in the cloud.

What are the different types of Load Balancers in AWS services?

Two types of Load balancers are:

  1. Application Load Balancer
  2. Classic Load Balancer

In which situation you will select provisioned IOPS over Standard RDS storage?

You should select provisioned IOPS storage over standard RDS storage if you want to perform batch-related workloads.

Important features of the Amazon cloud are:

  • Boolean searches
  • Prefix Searches
  • Range searches
  • Entire text search
  • AutoComplete advice

Can vertically scaling is allowed in  Amazon Instance?

Yes, you can vertically estimate one Amazon instance.

How many buckets can be created in S3?

By default, you can create up to 100 buckets.

What is the use of lifecycle hooks in Autoscaling?

Lifecycle hooks are used for autoscaling to put an additional wait time to a scale in or scale out event.

What are the various layers of Cloud Architecture explained in AWS training?

Different layers of cloud architecture are:

  • Cloud controller
  • Cluster controller
  • Storage Controller
  • Node Controller

How can you send a request to Amazon S3?

Amazon S3 is a REST Service, and you can send a request by using the REST API or the AWS SDK wrapper libraries that wrap the underlying Amazon S3 REST API.

What does AMI include?

An AMI includes the following things:

  • A template for the root volume for the instance.
  • Launch permissions to decide which AWS accounts can avail the AMI to launch instances.
  • A block device mapping that determines the volumes to attach to the instance when it is launched.

What are the different types of Instances?

Following are the types of instances:

  • Compute Optimized
  • Memory-Optimized
  • Storage Optimized
  • Accelerated Computing
  • General Purpose

What is the relation between the Availability Zone and Region?

An AWS Availability Zone is a physical location where an Amazon data center is located. On the other hand, an AWS Region is a collection or group of Availability Zones or Data Centers. 

This setup helps your services to be more available as you can place your VMs in different data centers within an AWS Region. If one of the data centers fails in a Region, the client requests still get served from the other data centers located in the same Region. This arrangement, thus, helps your service to be available even if a Data Center goes down.

How do you monitor Amazon VPC?

You can monitor Amazon VPC using:

  • CloudWatch
  • VPC Flow Logs

What are the different types of EC2 instances based on their costs?

The three types of EC2 instances based on the costs are:

On-Demand Instance – These instances are prepared as and when needed. Whenever you feel the need for a new EC2 instance, you can go ahead and create an on-demand instance. It is cheap for the short-time but not when taken for the long term.

Spot Instance – These types of instances can be bought through the bidding model. These are comparatively cheaper than On-Demand Instances.

Reserved Instance – On AWS, you can create instances that you can reserve for a year or so. These types of instances are especially useful when you know in advance that you will be needing an instance for the long term. In such cases, you can create a reserved instance and save heavily on costs.

What do you understand by stopping and terminating an EC2 Instance?

Stopping an EC2 instance means to shut it down as you would normally do on your Personal Computer. This will not delete any volumes attached to the instance and the instance can be started again when needed.

On the other hand, terminating an instance is equivalent to deleting an instance. All the volumes attached to the instance get deleted and it is not possible to restart the instance if needed at a later point in time.

What are the storage class available in Amazon s3?

Storage classes available with Amazon s3 are:

  • Amazon S3 standard
  • Amazon S3 standard-infrequent Access
  • Amazon S3 Reduced Redundancy Storage
  • Amazon Glacier

What are the edge locations?

Edge location is the area where the contents will be cached. So, when a user is trying to access any content, the content will automatically be searched in the edge location.

What is Amazon EMR?

EMR is a survived cluster stage which helps you to interpret the working of data structures before the intimation.  Apache Hadoop and Apache Spark on the Amazon Web Services help you to investigate a large amount of data. You can prepare data for the analytics goals and marketing intellect workloads using Apache Hive and using other relevant open-source designs.

What is the boot time taken for the instance stored backed AMI?

The boot time for an Amazon instance store-backend AMI is less than 5 minutes.

Do you need an internet gateway to use peering connections?

Yes, the Internet gateway is needed to use VPC (virtual private cloud peering) connections.

How to connect EBS volume to multiple instances?

We can’t be able to connect EBS volume to multiple instances.  However, you can connect various EBS Volumes to a single instance.

How many Subnets can you have per VPC?

You can have 200 Subnets per VPC.

How do you upgrade or downgrade a system with near-zero downtime?

You can upgrade or downgrade a system with near-zero downtime using the following steps of migration:

  • Open EC2 console
  • Choose Operating System AMI
  • Launch an instance with the new instance type
  • Install all the updates
  • Install applications
  • Test the instance to see if it’s working
  • If working, deploy the new instance and replace the older instance
  • Once it’s deployed, you can upgrade or downgrade the system with near-zero downtime.

Name some of the DB engines which can be used in AWS RDS

  1. MS-SQL DB
  2. MariaDB
  3. MYSQL DB
  4. OracleDB
  5. PostgreDB

Explain what T2 instances are?

T2 Instances are designed to provide moderate baseline performance and the capability to burst to higher performance as required by the workload.

What are the tools and techniques that you can use in AWS to identify if you are paying more than you should be, and how to correct it?

You can know that you are paying the correct amount for the resources that you are using by employing the following resources:

  • Check the Top Services Table
    It is a dashboard in the cost management console that shows you the top five most used services. This will let you know how much money you are spending on the resources in question.
  • Cost ExplorerThere are cost explorer services available that will help you to view and analyze your usage costs for the last 13 months. You can also get a cost forecast for the upcoming three months.
  • AWS BudgetsThis allows you to plan a budget for the services. Also, it will enable you to check if the current plan meets your budget and the details of how you use the services.
  • Cost Allocation TagsThis helps in identifying the resource that has cost more in a particular month. It lets you organize your resources and cost allocation tags to keep track of your AWS costs.

Is there any other alternative tool to log into the cloud environment other than console?

The that can help you log into the AWS resources are

  • Putty
  • AWS CLI for Linux
  • AWS CLI for Windows
  • AWS CLI for Windows CMD
  • AWS SDK
  • Eclipse

How does Amazon Route 53 provide high availability and low latency?

Amazon Route 53 uses the following to provide high availability and low latency:

  • Globally Distributed Servers – Amazon is a global service and consequently has DNS Servers globally. Any customer creating a query from any part of the world gets to reach a DNS Server local to them that provides low latency.
  • Dependency – Route 53 provides a high level of dependability required by critical applications.
  • Optimal Locations – Route 53 serves the requests from the nearest data center to the client sending the request. AWS has data-centers across the world. The data can be cached on different data-centers located in different regions of the world depending on the requirements and the configuration chosen. Route 53 enables any server in any data-center which has the required data to respond. This way, it enables the nearest server to serve the client request, thus reducing the time taken to serve.

What are the consistency models for modern DBs offered by AWS?

Eventual Consistency – It means that the data will be consistent eventually, but may not be immediate. This will serve the client requests faster, but chances are that some of the initial read requests may read the stale data. This type of consistency is preferred in systems where data need not be real-time. For example, if you don’t see the recent tweets on Twitter or recent posts on Facebook for a couple of seconds, it is acceptable.

Strong Consistency – It provides an immediate consistency where the data will be consistent across all the DB Servers immediately. Accordingly. This model may take some time to make the data consistent and subsequently start serving the requests again. However, in this model, it is guaranteed that all the responses will always have consistent data.

What is Geo-Targeting in CloudFront?

Geo-Targeting enables the creation of customized content based on the geographic location of the user. This allows you to serve the content which is more relevant to a user. For example, using Geo-Targeting, you can show the news related to local body elections to a user sitting in India, which you may not want to show to a user sitting in the US. Similarly, the news related to Baseball Tournament can be more relevant to a user sitting in the US, and not so relevant for a user sitting in India.

What are the advantages of AWS IAM?

AWS IAM enables an administrator to provide granular level access to different users and groups. Different users and user groups may need different levels of access to different resources created. With IAM, you can create roles with specific access-levels and assign the roles to the users. 

It also allows you to provide access to the resources to users and applications without creating the IAM Roles, which is known as Federated Access.

What do you understand by a Security Group?

When you create an instance in AWS, you may or may not want that instance to be accessible from the public network. Moreover, you may want that instance to be accessible from some networks and not from others.

Security Groups are a type of rule-based Virtual Firewall using which you can control access to your instances. You can create rules defining the Port Numbers, Networks, or protocols from which you want to allow access or deny access.

What are Spot Instances and On-Demand Instances?

When AWS creates EC2 instances, there are some blocks of computing capacity and processing power left unused. AWS releases these blocks as Spot Instances. Spot Instances run whenever capacity is available. These are a good option if you are flexible about when your applications can run and if your applications can be interrupted.

On the other hand, On-Demand Instances can be created as and when needed. The prices of such instances are static. Such instances will always be available unless you explicitly terminate them.

Explain Connection Draining.

Connection Draining is a feature provided by AWS which enables your servers which are either going to be updated or removed, to serve the current requests. 

If Connection Draining is enabled, the Load Balancer will allow an outgoing instance to complete the current requests for a specific period but will not send any new request to it. Without Connection Draining, an outgoing instance will immediately go off and the requests pending on that instance will error out.

What is a Stateful and a Stateless Firewall?

A Stateful Firewall is the one that maintains the state of the rules defined. It requires you to define only inbound rules. Based on the inbound rules defined, it automatically allows the outbound traffic to flow. 

On the other hand, a Stateless Firewall requires you to explicitly define rules for inbound as well as outbound traffic. 

For example, if you allow inbound traffic from Port 80, a Stateful Firewall will allow outbound traffic to Port 80, but a Stateless Firewall will not do so.

What is a Power User Access in AWS?

An Administrator User will be similar to the owner of the AWS Resources. He can create, delete, modify or view the resources and also grant permissions to other users for the AWS Resources.

A Power User Access provides Administrator Access without the capability to manage the users and permissions. In other words, a user with Power User Access can create, delete, modify or see the resources, but he cannot grant permissions to other users.

What is an Instance Store Volume and an EBS Volume?

An Instance Store Volume is temporary storage that is used to store the temporary data required by an instance to function. The data is available as long as the instance is running. As soon as the instance is turned off, the Instance Store Volume gets removed and the data gets deleted.

On the other hand, an EBS Volume represents a persistent storage disk. The data stored in an EBS Volume will be available even after the instance is turned off.

What are Recovery Time Objective and Recovery Point Objective in AWS?

Recovery Time Objective – It is the maximum acceptable delay between the interruption of service and restoration of service. This translates to an acceptable time window when the service can be unavailable.

Recover Point Objective – It is the maximum acceptable amount of time since the last data restore point. It translates to the acceptable amount of data loss which lies between the last recovery point and the interruption of service.

Is there a way to upload a file that is greater than 100 Megabytes in Amazon S3?

Yes, it is possible by using the Multipart Upload Utility from AWS. With the Multipart Upload Utility, larger files can be uploaded in multiple parts that are uploaded independently. You can also decrease upload time by uploading these parts in parallel. After the upload is done, the parts are merged into a single object or file to create the original file from which the parts were created.

Can you change the Private IP Address of an EC2 instance while it is running or in a stopped state?

No, a Private IP Address of an EC2 instance cannot be changed. When an EC2 instance is launched, a private IP Address is assigned to that instance at the boot time. This private IP Address is attached to the instance for its entire lifetime and can never be changed.

What is the use of lifecycle hooks is Autoscaling?

Lifecycle hooks are used for Auto-scaling to put an additional wait time to a scale-in or a scale-out event.

What are the policies that you can set for your user’s passwords?

Following are the policies that can be set for user’s passwords:

  • You can set a minimum length of the password.
  • You can ask the users to add at least one number or special character to the password.
  • Assigning the requirements of particular character types, including uppercase letters, lowercase letters, numbers, and non-alphanumeric characters.
  • You can enforce automatic password expiration, prevent the reuse of old passwords, and request for a password reset upon their next AWS sign-in.
  • You can have the AWS users contact an account administrator when the user has allowed the password to expire.

Differences between Security group and Network access control list?

Security GroupNACL (Network Access Control List)
It supports only allow rules, and by default, all the rules are denied. You cannot deny the rule for establishing a connection.It supports both allow and deny rules, and by default, all the rules are denied. You need to add the rule which you can either allow or deny it.
It is a stateful means that any changes made in the inbound rule will be automatically reflected in the outbound rule. For example, If you are allowing an incoming port 80, then you also have to add the outbound rule explicitly.It is a stateless means that any changes made in the inbound rule will not reflect the outbound rule, i.e., you need to add the outbound rule separately. For example, if you add an inbound rule port number 80, then you also have to explicitly add the outbound rule.
It is associated with an EC2 instance.It is associated with a subnet.
All the rules are evaluated before deciding whether to allow the traffic.Rules are evaluated in order, starting from the lowest number.
Security Group is applied to an instance only when you specify a security group while launching an instance.NACL has applied automatically to all the instances which are associated with an instance.
It is the first layer of defense.It is the second layer of defense.

You may also like