AWS Interview Question Part 2

How are reserved instances different from on-demand DB instances?

Reserved instances and on-demand instances are the same when it comes to function. They only differ in how they are billed.

Reserved instances are purchased as one-year or three-year reservations, and in return, you get very low hourly based pricing when compared to the on-demand cases that are billed on an hourly basis.

Which type of scaling would you recommend for RDS and why?

There are two types of scaling – vertical scaling and horizontal scaling. Vertical scaling lets you vertically scale up your master database with the press of a button. A database can only be scaled vertically, and there are 18 different instances in which you can resize the RDS. On the other hand, horizontal scaling is good for replicas. These are read-only replicas that can only be done through Amazon Aurora.

What is a maintenance window in Amazon RDS? Will your DB instance be available during maintenance events?

RDS maintenance window lets you decide when DB instance modifications, database engine version upgrades, and software patching have to occur. The automatic scheduling is done only for patches that are related to security and durability. By default, there is a 30-minute value assigned as the maintenance window and the DB instance will still be available during these events though you might observe a minimal effect on performance.

AWS Interview Question

What are the consistency models in DynamoDB?

There are two consistency models In DynamoDB. First, there is the Eventual Consistency Model, which maximizes your read throughput. However, it might not reflect the results of a recently completed write. Fortunately, all the copies of data usually reach consistency within a second. The second model is called the Strong Consistency Model. This model has a delay in writing the data, but it guarantees that you will always see the updated data every time you read it. 

What type of query functionality does DynamoDB support?

DynamoDB supports GET/PUT operations by using a user-defined primary key. It provides flexible querying by letting you query on non-primary vital attributes using global secondary indexes and local secondary indexes.

What is EC2?

EC2, a Virtual Machine in the cloud on which you have OS-level control. You can run this cloud server whenever you want and can be used when you need to deploy your own servers in the cloud, similar to your on-premises servers, and when you want to have full control over the choice of hardware and the updates on the machine.

Advance AWS Interview Question

What is Elastic Transcoder?

Elastic Transcoder is an AWS Service Tool that helps you in changing a video’s format and resolution to support various devices like tablets, smartphones, and laptops of different resolutions.

What do you understand by VPC?

VPC stands for Virtual Private Cloud. It allows you to customize your networking configuration. VPC is a network that is logically isolated from other networks in the cloud. It allows you to have your private IP Address range, internet gateways, subnets, and security groups.

DNS and Load Balancer Services come under which type of Cloud Service?

DNS and Load Balancer are a part of IaaS-Storage Cloud Service.

AWS Interview Question

What are the Storage Classes available in Amazon S3?

Storage Classes available with Amazon S3 are:

• Amazon S3 Standard
• Amazon S3 Standard-Infrequent Access
• Amazon S3 Reduced Redundancy Storage
• Amazon Glacier

Explain what T2 instances are?

T2 Instances are designed to provide moderate baseline performance and the capability to burst to higher performance as required by the workload.

What are Key-Pairs in AWS?

Key-Pairs are secure login information for your Virtual Machines. To connect to the instances, you can use Key-Pairs which contain a Public Key and a Private Key.

Advance AWS Interview Question

List different types of Cloud Services?

Different types of Cloud Services are:

• Software as a Service (SaaS)
• Data as a Service (DaaS)
• Platform as a Service (PaaS)
• Infrastructure as a Service (IaaS)

Explain what S3 is?

S3 stands for Simple Storage Service. You can use the S3 interface to store and retrieve any amount of data, at any time and from anywhere on the web. For S3, the payment model is “pay as you go”.

How can you send a request to Amazon S3?

Amazon S3 is a REST Service, and you can send a request by using the REST API or the AWS SDK wrapper libraries that wrap the underlying Amazon S3 REST API.

AWS Interview Question

What does AMI include?

An AMI includes the following things:

• A template for the root volume for the instance.
• Launch permissions to decide which AWS accounts can avail the AMI to launch instances.
• A block device mapping that determines the volumes to attach to the instance when it is launched.

What are the different types of Instances?

Following are the types of instances:

• Compute Optimized
• Memory-Optimized
• Storage Optimized
• Accelerated Computing
• General Purpose

What is the relation between the Availability Zone and Region?

An AWS Availability Zone is a physical location where an Amazon data center is located. On the other hand, an AWS Region is a collection or group of Availability Zones or Data Centers. 

This setup helps your services to be more available as you can place your VMs in different data centers within an AWS Region. If one of the data centers fails in a Region, the client requests still get served from the other data centers located in the same Region. This arrangement, thus, helps your service to be available even if a Data Center goes down.

Advance AWS Interview Question

What do you understand by stopping and terminating an EC2 Instance?

Stopping an EC2 instance means to shut it down as you would normally do on your Personal Computer. This will not delete any volumes attached to the instance and the instance can be started again when needed.

On the other hand, terminating an instance is equivalent to deleting an instance. All the volumes attached to the instance get deleted and it is not possible to restart the instance if needed at a later point in time.

What are the consistency models for modern DBs offered by AWS?

Eventual Consistency – It means that the data will be consistent eventually, but may not be immediate. This will serve the client requests faster, but chances are that some of the initial read requests may read the stale data. This type of consistency is preferred in systems where data need not be real-time. For example, if you don’t see the recent tweets on Twitter or recent posts on Facebook for a couple of seconds, it is acceptable.

Strong Consistency – It provides an immediate consistency where the data will be consistent across all the DB Servers immediately. Accordingly. This model may take some time to make the data consistent and subsequently start serving the requests again. However, in this model, it is guaranteed that all the responses will always have consistent data.

What is Geo-Targeting in Cloud Front?

Geo-Targeting enables the creation of customized content based on the geographic location of the user. This allows you to serve the content which is more relevant to a user. For example, using Geo-Targeting, you can show the news related to local body elections to a user sitting in India, which you may not want to show to a user sitting in the US. Similarly, the news related to Baseball Tournament can be more relevant to a user sitting in the US, and not so relevant for a user sitting in India.

AWS Interview Question

What are the advantages of AWS IAM?

AWS IAM enables an administrator to provide granular level access to different users and groups. Different users and user groups may need different levels of access to different resources created. With IAM, you can create roles with specific access-levels and assign the roles to the users. 

It also allows you to provide access to the resources to users and applications without creating the IAM Roles, which is known as Federated Access.

What do you understand by a Security Group?

When you create an instance in AWS, you may or may not want that instance to be accessible from the public network. Moreover, you may want that instance to be accessible from some networks and not from others.

Security Groups are a type of rule-based Virtual Firewall using which you can control access to your instances. You can create rules defining the Port Numbers, Networks, or protocols from which you want to allow access or deny access.

What are Spot Instances and On-Demand Instances?

When AWS creates EC2 instances, there are some blocks of computing capacity and processing power left unused. AWS releases these blocks as Spot Instances. Spot Instances run whenever capacity is available. These are a good option if you are flexible about when your applications can run and if your applications can be interrupted.

On the other hand, On-Demand Instances can be created as and when needed. The prices of such instances are static. Such instances will always be available unless you explicitly terminate them.

Advance AWS Interview Question

Explain Connection Draining.

Connection Draining is a feature provided by AWS which enables your servers which are either going to be updated or removed, to serve the current requests. 

If Connection Draining is enabled, the Load Balancer will allow an outgoing instance to complete the current requests for a specific period but will not send any new request to it. Without Connection Draining, an outgoing instance will immediately go off and the requests pending on that instance will error out.

What is a Stateful and a Stateless Firewall?

A Stateful Firewall is the one that maintains the state of the rules defined. It requires you to define only inbound rules. Based on the inbound rules defined, it automatically allows the outbound traffic to flow. 

On the other hand, a Stateless Firewall requires you to explicitly define rules for inbound as well as outbound traffic. 

For example, if you allow inbound traffic from Port 80, a Stateful Firewall will allow outbound traffic to Port 80, but a Stateless Firewall will not do so.

What is a Power User Access in AWS?

An Administrator User will be similar to the owner of the AWS Resources. He can create, delete, modify or view the resources and also grant permissions to other users for the AWS Resources.

A Power User Access provides Administrator Access without the capability to manage the users and permissions. In other words, a user with Power User Access can create, delete, modify or see the resources, but he cannot grant permissions to other users.

AWS Interview Question

What is an Instance Store Volume and an EBS Volume?

An Instance Store Volume is temporary storage that is used to store the temporary data required by an instance to function. The data is available as long as the instance is running. As soon as the instance is turned off, the Instance Store Volume gets removed and the data gets deleted.

On the other hand, an EBS Volume represents a persistent storage disk. The data stored in an EBS Volume will be available even after the instance is turned off.

What are Recovery Time Objective and Recovery Point Objective in AWS?

Recovery Time Objective – It is the maximum acceptable delay between the interruption of service and restoration of service. This translates to an acceptable time window when the service can be unavailable.

Recover Point Objective – It is the maximum acceptable amount of time since the last data restore point. It translates to the acceptable amount of data loss which lies between the last recovery point and the interruption of service.

Is there a way to upload a file that is greater than 100 Megabytes in Amazon S3?

Yes, it is possible by using the Multipart Upload Utility from AWS. With the Multipart Upload Utility, larger files can be uploaded in multiple parts that are uploaded independently. You can also decrease upload time by uploading these parts in parallel. After the upload is done, the parts are merged into a single object or file to create the original file from which the parts were created.

Advance AWS Interview Question

Can you change the Private IP Address of an EC2 instance while it is running or in a stopped state?

No, a Private IP Address of an EC2 instance cannot be changed. When an EC2 instance is launched, a private IP Address is assigned to that instance at the boot time. This private IP Address is attached to the instance for its entire lifetime and can never be changed.

What is the use of lifecycle hooks is Autos caling?

Lifecycle hooks are used for Auto-scaling to put an additional wait time to a scale-in or a scale-out event.

What are the policies that you can set for your user’s passwords?

Following are the policies that can be set for user’s passwords:

• You can set a minimum length of the password.
• You can ask the users to add at least one number or special character to the password.
• Assigning the requirements of particular character types, including uppercase letters, lowercase letters, numbers, and non-alphanumeric characters.
• You can enforce automatic password expiration, prevent the reuse of old passwords, and request for a password reset upon their next AWS sign-in.
• You can have the AWS users contact an account administrator when the user has allowed the password to expire.

AWS Interview Question

What are the components of AWS?

The following are the main components of AWS are:

• Simple Storage Service: S3 is a service of aws that stores the files. It is object-based storage, i.e., you can store the images, word files, pdf files, etc. The size of the file that can be stored in S3 is from 0 Bytes to 5 TB. It is an unlimited storage medium, i.e., you can store the data as much you want. S3 contains a bucket which stores the files. A bucket is like a folder that stores the files. It is a universal namespace, i.e., name must be unique globally. Each bucket must have a unique name to generate the unique DNS address.
• Elastic Compute Cloud: Elastic Compute Cloud is a web service that provides resizable compute capacity in the cloud. You can scale the compute capacity up and down as per the computing requirement changes. It changes the economics of computing by allowing you to pay only for the resources that you actually use.
• Elastic Block Store: It provides a persistent block storage volume for use with EC2 instances in aws cloud. EBS volume is automatically replicated within its availability zone to prevent the component failure. It offers high durability, availability, and low-latency performance required to run your workloads.
• CloudWatch: It is a service which is used to monitor all the AWS resources and applications that you run in real time. It collects and tracks the metrics that measure your resources and applications.
• Identity Access Management: It is a service of aws used to manage users and their level of access to the aws management console. It is used to set users, permissions, and roles. It allows you to grant permission to the different parts of the aws platform.
• Simple Email Service: Amazon Simple Email Service is a cloud-based email sending service that helps digital marketers and application developers to send marketing, notification, and transactional emails. This service is very reliable and cost-effective for the businesses of all the sizes that want to keep in touch with the customers.
• Route53: It is a highly available and scalable DNS (Domain Name Service) service. It provides a reliable and cost-effective way for the developers and businesses to route end users to internet applications by translating domain names into numeric IP addresses.

What are Key-pairs?

An Amazon EC2 uses public key cryptography which is used to encrypt and decrypt the login information. In public key cryptography, the public key is used to encrypt the information while at the receiver’s side, a private key is used to decrypt the information. The combination of a public key and the private key is known as key-pairs. Key-pairs allows you to access the instances securely.

What is S3?

S3 is a storage service in aws that allows you to store the vast amount of data.

Advance AWS Interview Question

What are the pricing models for EC2 instances?

There are four pricing models for EC2 instances:

• On-Demand instance
  • On-Demand pricing is also known as pay-as-you-go. Pay-as-you-go is a pricing model that allows you to pay only for those resources that you use.
  • You need to pay for the compute capacity by per hour or per second that depends on which instances you run.
  • On-Demand instance does not require any upfront payments.
  • While using On-Demand instance, you can increase or decrease the compute capacity based on the requirements of your application.
  • On-Demand instances are recommended for those applications which are of short term and unpredictable workloads.
  • Users that want low cost and flexibility on EC2 instances with no upfront payments.
  • On-Demand instances are used for those applications which have been developed or tested on EC2 for the first time.
• Reserved instance
  • Reserved instance is the second most important pricing model that reduces the overall cost of your AWS environment by making an upfront payment for those services that you know will be used in the future.
  • Reserved instances provide a discount of up to 75% as compared to On-Demand instance.
  • Reserved instances are assigned to a specific Availability zone that reserves the compute capacity for you so that you can use whenever you need.
  • Reserved instances are mainly recommended for those applications that have steady state and require reserve capacity.
  • Customers who want to use the EC2 over 1 to 3 term can use the reserved instance to reduce the overall computing costs.
• Spot instance
  • Spot instances consist of unused capacity which is available at a highly discounted rate.
  • It offers up to 90% discount as compared to On-Demand instance.
  • Spot instances are mainly recommended for those applications which have flexible start and end times.
  • It is useful when applications require computing capacity at a very low price.
  • It is useful when applications require additional amount of computing capacity at an urgent need.
• Dedicated Hosts
  It is a physical EC2 server which is dedicated for your use. It reduces the overall costs by providing you a VPC that comprise of a dedicated hardware.

What is AWS Lambda?

AWS Lambda is a compute service that runs your code without managing servers. Lambda function runs your code whenever needed. You need to pay only when your code is running.

What is Cross Region Replication?

Cross Region Replication is a service available in aws that enables to replicate the data from one bucket to another bucket which could be in a same or different region. It provides asynchronous copying of objects, i.e., objects are not copied immediately.

AWS Interview Question

What is Cloud Front?

Cloud Front is a computer delivery network which consists of distributed servers that delivers web pages and web content to a user based on the geographic locations of a user.

What are Regions and Availability Zones in aws?

Regions: A region is a geographical area which consists of 2 or more availability zones. A region is a collection of data centers which are completely isolated from other regions.

Availability zones: An Availability zone is a data center that can be somewhere in the country or city. Data center can have multiple servers, switches, firewalls, load balancing. The things through which you can interact with the cloud reside inside the Data center.

What are edge locations in aws?

Edge locations are the endpoints in aws used for caching content.

Advance AWS Interview Question

What is the minimum and maximum size that you can store in S3?

The minimum size of an object that you can store in S3 is 0 bytes and the maximum size of an object that you can store in S3 is 5 TB.

What are EBS Volumes?

Elastic Block Store is a service that provides a persistent block storage volume for use with EC2 instances in aws cloud. EBS volume is automatically replicated within its availability zone to prevent from the component failure. It offers high durability, availability, and low-latency performance required to run your workloads.

What is Auto Scaling?

Auto Scaling is a feature in aws that automatically scales the capacity to maintain steady and predictable performance. While using auto scaling, you can scale multiple resources across multiple services in minutes. If you are already using Amazon EC2 Auto- scaling, then you can combine Amazon EC2 Auto-Scaling with the Auto-Scaling to scale additional resources for other AWS services.

Benefits of Auto Scaling

• Setup Scaling Quickly
  It sets the target utilization levels of multiple resources in a single interface. You can see the average utilization level of multiple resources in the same console, i.e., you do not have to move to the different console.
• Make Smart Scaling Decisions
  It makes the scaling plans that automate how different resources respond to the changes. It optimizes the availability and cost. It automatically creates the scaling policies and sets the targets based on your preference. It also monitors your application and automatically adds or removes the capacity based on the requirements.
• Automatically maintain performance
  Auto Scaling automatically optimize the application performance and availability even when the workloads are unpredictable. It continuously monitors your application to maintain the desired performance level. When demand rises, then Auto Scaling automatically scales the resources.

AWS Interview Question

What is AMI?

AMI stands for Amazon Machine Image. It is a virtual image used to create a virtual machine within an EC2 instance.

What is an EIP?

EIP (Elastic IP address) is a service provided by an EC2 instance. It is basically a static IP address attached to an EC2 instance. This address is associated with your AWS account not with an EC2 instance. You can also disassociate your EIP address from your EC2 instance and map it to another EC2 instance in your AWS account.

Let’s understand the concept of EIP through an example:

Suppose we consider the website www.javatpoint.com points to the instance which has a public IP address. When instance is restarted, then AWS takes another public IP address from the pool and the previous public IP address is no longer valid. Due to this reason, the original link is no longer available between the website and EC2 instance. To overcome from such situation, Elastic IP address or static address is used which does not change.

What are the different storage classes in S3?

Storage classes are used to assist the concurrent loss of data in one or two facilities. Each object in S3 is associated with some storage class. Amazon S3 contains some storage classes in which you can store your objects. You can choose a storage class based on your requirements and these storage classes offer high durability.

Advance AWS Interview Question

How can you secure the access to your S3 bucket?

S3 bucket can be secured in two ways:

• ACL (Access Control List)
  ACL is used to manage the access of resources to buckets and objects. An object of each bucket is associated with ACL. It defines which AWS accounts have granted access and the type of access. When a user sends the request for a resource, then its corresponding ACL will be checked to verify whether the user has granted access to the resource or not.
  When you create a bucket, then Amazon S3 creates a default ACL which provides a full control over the AWS resources.
• Bucket Policies
  Bucket policies are only applied to S3 bucket. Bucket policies define what actions are allowed or denied. Bucket policies are attached to the bucket not to an S3 object but the permissions define in the bucket policy are applied to all the objects in S3 bucket.

The following are the main elements of Bucket policy:

• Sid
  A Sid determines what the policy will do. For example, if an action that needs to be performed is adding a new user to an Access Control List (ACL), then the Sid would be AddCannedAcl. If the policy is defined to evaluate IP addresses, then the Sid would be IPAllow.
• Effect: An effect defines an action after applying the policy. The action could be either to allow an action or to deny an action.
• Principal
  A Principal is a string that determines to whom the policy is applied. If we set the principal string as ‘*’, then the policy is applied to everyone, but it is also possible that you can specify individual AWS account.
• Action
  An Action is what happens when the policy is applied. For example, s3:Getobject is an action that allows to read object data.
• Resource
  The Resource is a S3 bucket to which the statement is applied. You cannot enter a simply bucket name, you need to specify the bucket name in a specific format. For example, the bucket name is javatpoint-bucket, then the resource would be written as “arn:aws:s3″”javatpoint-bucket/*”.

What are policies and what are the different types of policies?

Policy is an object which is associated with a resource that defines the permissions. AWS evaluate these policies when user makes a request. Permissions in the policy determine whether to allow or to deny an action. Policies are stored in the form of a JSON documents.

AWS supports six types of policies:

• Identity-based policies
• Resource-based policies
• Permissions boundaries
• Organizations SCPs
• Access Control Lists
• Session policies

• Identity-based policies
  Identity-based policies are the permissions stored in the form of JSON format. This policy can be attached to an identity user, group of users or role. It determines the actions that the users can perform, on which resources, and under what conditions.
  Identity-based policies are further classified into two categories:
  • Managed Policies: Managed Policies are the identity-based policies which can be attached to multiple users, groups or roles. There are two types of managed policies:
    • AWS Managed Policies
      AWS Managed Policies are the policies created and managed by AWS. If you are using the policies first time, then we recommend you to use AWS Managed Policies.
    • Custom Managed Policies
      Custom Managed Policies are the identity-based policies created by user. It provides more precise control over the policies than AWS Managed Policies.
  • Inline Policies
    Inline Policies are the policies created and managed by user. These policies are encapsulated directly into a single user, group or a role.
• Resource-Based Policies
  Resource-based policies are the policies which are attached to the resource such as S3 bucket. Resource-based policies define the actions that can be performed on the resource and under what condition, these policies can be applied.
• Permissions boundaries
  Permissions boundaries are the maximum permissions that identity-based policy can grant to the entity.
• Service Control Policies (SCPs)
  Service Control Policies are the policies defined in a JSON format that specify the maximum permissions for an organization. If you enable all the features in an Organization, then you can apply Service Control Policies to any or all of your AWS accounts. SCP can limit the permission on entities in member accounts as well as AWS root user account.
• Access Control Lists (ACLs)
  ACL defines the control that which principals in another AWS account can access the resource. ACLs cannot be used to control the access of a principal in a different AWS account. It is the only policy type which does not have the JSON policy document format.

AWS Part 1		AWS Part 3