AWS Interview Question part 1

What is AWS?

AWS stands for Amazon Web Services. It is a service which is provided by the Amazon that uses distributed IT infrastructure to provide different IT resources on demand. It provides different services such as an infrastructure as a service, platform as a service, and software as a service.

Define and explain the three basic types of cloud services and the AWS products that are built based on them?

The three basic types of cloud services are:

  • Computing
  • Storage
  • Networking

Here are some of the AWS products that are built based on the three cloud service types:

Computing – These include EC2, Elastic Beanstalk, Lambda, Auto-Scaling, and Light sat.

Storage – These include S3, Glacier, Elastic Block Storage, Elastic File System.

Networking – These include VPC, Amazon Cloud Front, Route53

How do you upgrade or downgrade a system with near-zero downtime?

You can upgrade or downgrade a system with near-zero downtime using the following steps of migration:

  • Open EC2 console
  • Choose Operating System AMI
  • Launch an instance with the new instance type
  • Install all the updates
  • Install applications
  • Test the instance to see if it’s working
  • If working, deploy the new instance and replace the older instance
  • Once it’s deployed, you can upgrade or downgrade the system with near-zero downtime.

AWS Interview Question

What are the tools and techniques that you can use in AWS to identify if you are paying more than you should be, and how to correct it?

You can know that you are paying the correct amount for the resources that you are using by employing the following resources:

  • Check the Top Services Table
    It is a dashboard in the cost management console that shows you the top five most used services. This will let you know how much money you are spending on the resources in question.
  • Cost Explorer There are cost explorer services available that will help you to view and analyze your usage costs for the last 13 months. You can also get a cost forecast for the upcoming three months.
  • AWS Budgets This allows you to plan a budget for the services. Also, it will enable you to check if the current plan meets your budget and the details of how you use the services.
  • Cost Allocation Tags This helps in identifying the resource that has cost more in a particular month. It lets you organize your resources and cost allocation tags to keep track of your AWS costs.

Is there any other alternative tool to log into the cloud environment other than console?

The that can help you log into the AWS resources are:

  • Putty
  • AWS CLI for Linux
  • AWS CLI for Windows
  • AWS CLI for Windows CMD
  • Eclipse

What services can be used to create a centralized logging solution?

The essential services that you can use are Amazon Cloud Watch Logs, store them in Amazon S3, and then use Amazon Elastic Search to visualize them. You can use Amazon Kinesis Firehose to move the data from Amazon S3 to Amazon Elastic Search.

Advance AWS Interview Question

What are the native AWS Security logging capabilities?

Most of the AWS services have their logging options. Also, some of them have an account level logging, like in AWS Cloud Trail, AWS Config, and others. Let’s take a look at two services in specific:

AWS Cloud Trail

This is a service that provides a history of the AWS API calls for every account. It lets you perform security analysis, resource change tracking, and compliance auditing of your AWS environment as well. The best part about this service is that it enables you to configure it to send notifications via AWS SNS when new logs are delivered.

AWS Config 

This helps you understand the configuration changes that happen in your environment. This service provides an AWS inventory that includes configuration history, configuration change notification, and relationships between AWS resources. It can also be configured to send information via AWS SNS when new logs are delivered.

You are trying to provide a service in a particular region, but you do not see the service in that region. Why is this happening, and how do you fix it?

Not all Amazon AWS services are available in all regions. When Amazon initially launches a new service, it doesn’t get immediately published in all the regions. They start small and then slowly expand to other regions. So, if you don’t see a specific service in your region, chances are the service hasn’t been published in your region yet. However, if you want to get the service that is not available, you can switch to the nearest region that provides the services.

How do you set up a system to monitor website metrics in real-time in AWS?

Amazon Cloud Watch helps you to monitor the application status of various AWS services and custom events. It helps you to monitor:

  • State changes in Amazon EC2
  • Auto-scaling lifecycle events
  • Scheduled events
  • AWS API calls
  • Console sign-in events

AWS Interview Question

What are the different types of virtualization in AWS, and what are the differences between them?

The three major types of virtualization in AWS are: 

  • Hardware Virtual Machine (HVM) It is a fully virtualized hardware, where all the virtual machines act separate from each other. These virtual machines boot by executing a master boot record in the root block device of your image.
  • Paravirtualization (PV) Paravirtualization-GRUB is the bootloader that boots the PV AMIs. The PV-GRUB chain loads the kernel specified in the menu.
  • Paravirtualization on HVM PV on HVM helps operating systems take advantage of storage and network I/O available through the host.

Name some of the AWS services that are not region-specific

AWS services that are not region-specific are:

  • IAM
  • Route 53
  • Web Application Firewall 
  • Cloud Front

What are the differences between NAT Gateways and NAT Instances?

While both NAT Gateways and NAT Instances serve the same function, they still have some key differences.


Advance AWS Interview Question

What is the difference between stopping and terminating an EC2 instance? 

While you may think that both stopping and terminating are the same, there is a difference. When you stop an EC2 instance, it performs a normal shutdown on the instance and moves to a stopped state. However, when you terminate the instance, it is transferred to a stopped state, and the EBS volumes attached to it are deleted and can never be recovered. 

What are the different types of EC2 instances based on their costs?

The three types of EC2 instances are:

  • On-demand Instance It is cheap for a short time but not when taken for the long term
  • Spot Instance It is less expensive than the on-demand instance and can be bought through bidding. 
  • Reserved Instance If you are planning to use an instance for a year or more, then this is the right one for you.

How do you set up SSH agent forwarding so that you do not have to copy the key every time you log in?

Here’s how you accomplish this:

  1. Go to your Putty Configuration
  2. Go to the category SSH -> AUTH
  3. Enable SSH agent forwarding to your instance
Putty configuration

AWS Interview Question

What are Solaris and AIX operating systems? Are they available with AWS?

Solaris is an operating system that uses SPARC processor architecture, which is not supported by the public cloud currently. 

AIX is an operating system that runs only on Power CPU and not on Intel, which means that you cannot create AIX instances in EC2.

Since both the operating systems have their limitations, they are not currently available with AWS.

How do you configure Cloud Watch to recover an EC2 instance?

Here’s how you can configure them:

  • Create an Alarm using Amazon Cloud Watch
  • In the Alarm, go to Define Alarm -> Actions tab
  • Choose Recover this instance option

What are the common types of AMI designs?

There are many types of AMIs, but some of the common AMIs are:

  • Fully Baked AMI
  • Just Enough Baked AMI (JEOS AMI)
  • Hybrid AMI

Advance AWS Interview Question

How can you recover/login to an EC2 instance for which you have lost the key?

Follow the steps provided below to recover an EC2 instance if you have lost the key:

  1. Verify that the EC2Config service is running
  2. Detach the root volume for the instance
  3. Attach the volume to a temporary instance
  4. Modify the configuration file
  5. Restart the original instance

What are some critical differences between AWS S3 and EBS?

Here are some differences between AWS S3 and EBS

feature differences

How do you allow a user to gain access to a specific bucket?

You need to follow the four steps provided below to allow access. They are:

  1. Categorize your instances
  2. Define how authorized users can manage specific servers.
  3. Lockdown your tags
  4. Attach your policies to IAM users

AWS Interview Question

How can you monitor S3 cross-region replication to ensure consistency without actually checking the bucket?

Follow the flow diagram provided below to monitor S3 cross-region replication:

S3 cross region

VPC is not resolving the server through DNS. What might be the issue, and how can you fix it?

To fix this problem, you need to enable the DNS hostname resolution, so that the problem resolves itself.

How do you connect multiple sites to a VPC?

If you have multiple VPN connections, you can provide secure communication between sites using the AWS VPN CloudHub. Here’s a diagram that will show you how to connect various sites to a VPC:

customer gateway

Advance AWS Interview Question

Name and explain some security products and features available in VPC?

Here is a selection of security products and features:

  • Security groups – This acts as a firewall for the EC2 instances, controlling inbound and outbound traffic at the instance level.
  • Network access control lists – It acts as a firewall for the subnets, controlling inbound and outbound traffic at the subnet level.
  • Flow logs – These capture the inbound and outbound traffic from the network interfaces in your VPC.

How do you monitor Amazon VPC?

You can monitor VPC by using:

  • Cloud Watch and Cloud Watch logs
  • VPC Flow Logs

How can you add an existing instance to a new Auto Scaling group?

Here’s how you can add an existing instance to a new Auto Scaling group:

  • Open EC2 console
  • Select your instance under Instances
  • Choose Actions -> Instance Settings -> Attach to Auto Scaling Group
  • Select a new Auto Scaling group
  • Attach this group to the Instance
  • Edit the Instance if needed
  • Once done, you can successfully add the instance to a new Auto Scaling group

AWS Interview Question

What are the factors to consider while migrating to Amazon Web Services?

Here are the factors to consider during AWS migration:

  • Operational Costs – These include the cost of infrastructure, ability to match demand and supply, transparency, and others.
  • Workforce Productivity 
  • Cost avoidance
  • Operational resilience
  • Business agility

What is RTO and RPO in AWS?

RTO or Recovery Time Objective is the maximum time your business or organization is willing to wait for a recovery to complete in the wake of an outage. On the other hand, RPO or Recovery Point Objective is the maximum amount of data loss your company is willing to accept as measured in time.

If you would like to transfer vast amounts of data, which is the best option among Snowball, Snowball Edge, and Snowmobile?

AWS Snowball is basically a data transport solution for moving high volumes of data into and out of a specified AWS region. On the other hand, AWS Snowball Edge adds additional computing functions apart from providing a data transport solution. The snowmobile is an exabyte-scale migration service that allows you to transfer data up to 100 PB.

Advance AWS Interview Question

How is AWS Cloud Formation different from AWS Elastic Beanstalk?

Here are some differences between AWS Cloud Formation and AWS Elastic Beanstalk:

  • AWS Cloud Formation helps you provision and describe all of the infrastructure resources that are present in your cloud environment. On the other hand, AWS Elastic Beanstalk provides an environment that makes it easy to deploy and run applications in the cloud.
  • AWS Cloud Formation supports the infrastructure needs of various types of applications, like legacy applications and existing enterprise applications. On the other hand, AWS Elastic Beanstalk is combined with the developer tools to help you manage the lifecycle of your applications.

What are the elements of an AWS Cloud Formation template?

AWS Cloud Formation templates are YAML or JSON formatted text files that are comprised of five essential elements, they are:

  • Template parameters
  • Output values
  • Data tables
  • Resources
  • File format version

What happens when one of the resources in a stack cannot be created successfully?

If the resource in the stack cannot be created, then the Cloud Formation automatically rolls back and terminates all the resources that were created in the Cloud Formation template. This is a handy feature when you accidentally exceed your limit of Elastic IP addresses or don’t have access to an EC2 AMI.

AWS cloud formation

AWS Interview Question

How can you automate EC2 backup using EBS?

Use the following steps in order to automate EC2 backup using EBS:

  1. Get the list of instances and connect to AWS through API to list the Amazon EBS volumes that are attached locally to the instance.
  2. List the snapshots of each volume, and assign a retention period of the snapshot. Later on, create a snapshot of each volume.
  3. Make sure to remove the snapshot if it is older than the retention period.

What is the difference between EBS and Instance Store?

EBS is a kind of permanent storage in which the data can be restored at a later point. When you save data in the EBS, it stays even after the lifetime of the EC2 instance. On the other hand, Instance Store is temporary storage that is physically attached to a host machine. With an Instance Store, you cannot detach one instance and attach it to another. Unlike in EBS, data in an Instance Store is lost if any instance is stopped or terminated.

Can you take a backup of EFS like EBS, and if yes, how?

Yes, you can use the EFS-to-EFS backup solution to recover from unintended changes or deletion in Amazon EFS. Follow these steps:

  1. Sign in to the AWS Management Console
  2. Click the launch EFS-to-EFS-restore button
  3. Use the region selector in the console navigation bar to select region
  4. Verify if you have chosen the right template on the Select Template page
  5. Assign a name to your solution stack
  6. Review the parameters for the template and modify them if necessary

Advance AWS Interview Question

How do you auto-delete old snapshots?

Here’s the procedure for auto-deleting old snapshots:

  • As per procedure and best practices, take snapshots of the EBS volumes on Amazon S3.
  • Use AWS Ops Automator to handle all the snapshots automatically.
  • This allows you to create, copy, and delete Amazon EBS snapshots.

What are the different types of load balancers in AWS?

There are three types of load balancers that are supported by Elastic Load Balancing:

  1. Application Load Balancer
  2. Network Load Balancer
  3. Classic Load Balancer

What are the different uses of the various load balancers in AWS Elastic Load Balancing?

Application Load Balancer

Used if you need flexible application management and TLS termination.

Network Load Balancer

Used if you require extreme performance and static IPs for your applications.

Classic Load Balancer

Used if your application is built within the EC2 Classic network

AWS Interview Question

How can you use AWS WAF in monitoring your AWS applications?

AWS WAF or AWS Web Application Firewall protects your web applications from web exploitations. It helps you control the traffic flow to your applications. With WAF, you can also create custom rules that block common attack patterns. It can be used for three cases: allow all requests, prevent all requests, and count all requests for a new policy.

What are the different AWS IAM categories that you can control?

Using AWS IAM, you can do the following:

  • Create and manage IAM users
  • Create and manage IAM groups
  • Manage the security credentials of the users
  • Create and manage policies to grant access to AWS services and resources

What are the policies that you can set for your users’ passwords?

Here are some of the policies that you can set:

  • You can set a minimum length of the password, or you can ask the users to add at least one number or special characters in it.
  • You can assign requirements of particular character types, including uppercase letters, lowercase letters, numbers, and non-alphanumeric characters.
  • You can enforce automatic password expiration, prevent reuse of old passwords, and request for a password reset upon their next AWS sign in.
  • You can have the AWS users contact an account administrator when the user has allowed the password to expire. 

Advance AWS Interview Question

What is the difference between an IAM role and an IAM user?

The two key differences between the IAM role and IAM user are:

  • An IAM role is an IAM entity that defines a set of permissions for making AWS service requests, while an IAM user has permanent long-term credentials and is used to interact with the AWS services directly.  
  • In the IAM role, trusted entities, like IAM users, applications, or an AWS service, assume roles whereas the IAM user has full access to all the AWS IAM functionalities.

What are the managed policies in AWS IAM?

There are two types of managed policies; one that is managed by you and one that is managed by AWS. They are IAM resources that express permissions using IAM policy language. You can create, edit, and manage them separately from the IAM users, groups, and roles to which they are attached.

Can you give an example of an IAM policy and a policy summary?

Here’s an example of an IAM policy to grant access to add, update, and delete objects from a specific folder.

IAM policy

Here’s an example of a policy summary:

policy summary

AWS Interview Question

How does AWS IAM help your business?

IAM enables to:

  • Manage IAM users and their access – AWS IAM provides secure resource access to multiple users
  • Manage access for federated users – AWS allows you to provide secure access to resources in your AWS account to your employees and applications without creating IAM roles

What is the difference between Latency Based Routing and Geo DNS?

The Geo Based DNS routing takes decisions based on the geographic location of the request. Whereas, the Latency Based Routing utilizes latency measurements between networks and AWS data centers. Latency Based Routing is used when you want to give your customers the lowest latency possible. On the other hand, Geo Based routing is used when you want to direct the customer to different websites based on the country or region they are browsing from. 

How does Amazon Route 53 provide high availability and low latency?

Here’s how Amazon Route 53 provides the resources in question:

Globally Distributed Servers

Amazon is a global service and consequently has DNS services globally. Any customer creating a query from any part of the world gets to reach a DNS server local to them that provides low latency. 


Route 53 provides a high level of dependability required by critical applications

Optimal Locations

Route 53 uses a global any cast network to answer queries from the optimal position automatically. 

Advance AWS Interview Question

How does AWS config work with AWS Cloud rail?

AWS Cloud Trail records user API activity on your account and allows you to access information about the activity. Using Cloud Trail, you can get full details about API actions such as the identity of the caller, time of the call, request parameters, and response elements. On the other hand, AWS Config records point-in-time configuration details for your AWS resources as Configuration Items (CIs). 

You can use a CI to ascertain what your AWS resource looks like at any given point in time. Whereas, by using Cloud Trail, you can quickly answer who made an API call to modify the resource. You can also use Cloud Trail to detect if a security group was incorrectly configured.

Can AWS Config aggregate data across different AWS accounts?

Yes, you can set up AWS Config to deliver configuration updates from different accounts to one S3 bucket, once the appropriate IAM policies are applied to the S3 bucket.

AWS Part 2AWS Part 3

Leave a Comment

Your email address will not be published. Required fields are marked *

Back to top