Top 20 AWS (Amazon Web Services ) Interview Questions

Ques: 1. What is Data warehouse in AWS?

Ans: Data ware house is a central repository for data that can come from one or more sources. Organization typically use data warehouse to compile reports and search the database using highly complex queries. Data warehouse also typically updated on a batch schedule multiple times per day or per hour compared to an OLTP (Online Transaction Processing) relational database that can be updated thousands of times per second.

Ques: 2. What is NAT Instance and NAT Gateway?

Ans: 

NAT instance: A network address translation (NAT) instance is an Amazon Linux machine Image (AMI) that is designed to accept traffic from instances within a private subnet, translate the source IP address to the Public IP address of the NAT instance and forward the traffic to IWG.

NAT Gateway: A NAT gateway is an Amazon managed resources that is designed to operate just like a NAT instance, but it is simpler to manage and highly available within an availability Zone. To allow instance within a private subnet to access internet resources through the IGW via a NAT gateway.

Ques: 3. What type of performance can you expect from Elastic Block Storage? How do you back it up and enhance the performance?

Ans: Performance of an elastic block storage varies i.e. it can go above the SLA performance level and after that drop below it. SLA provides an average disk I/O rate which can at times frustrate performance experts who yearn for reliable and consistent disk throughput on a server. Virtual AWS instances do not behave this way. One can backup EBS volumes through a graphical user interface like elasticfox or use the snapshot facility through an API call. Also, the performance can be improved by using Linux software raid and striping across four volumes.

Ques: 4. How will you access the data on EBS in AWS?

Ans: Elastic block storage as the name indicates provides persistent, highly available and high-performance block level storage that can be attached to a running EC2 instance. The storage can formatted and mounted as a file system or the raw storage can be accessed directly.

Ques: 5. Is it possible to vertically scale on an Amazon Instance?  If yes, how?

Ans: Following are the steps to scale an Amazon Instance vertically –

1. Spin up a larger Amazon instance than the existing one. 
2. Pause the existing instance to remove the root ebs volume from the server  and discard. 
3. Stop the live running instance and detach its root volume. 
4. Make a note of the unique device ID and attach that root volume to the new server. 
5. Start the instance again.

Ques: 6. What is the total number of buckets that can be created in AWS by default?

Ans: 100 buckets can be created in each of the AWS accounts. If additional buckets are required, increase the bucket limit by submitting a service limit increase.

Ques: 7. How will you configure an instance with the application and its dependencies, and make it ready to serve traffic?

Ans: You can achieve this with the use of life cycle hooks. They are powerful as they let you pause the creation or termination of an instance so that you can sneak peak in and perform custom actions like configuring the instance, downloading the required files, and any other steps that are required to make the instance ready. Every auto scaling group can have multiple life cycle hooks.

Ques: 8. What are some of the key best practices for security in Amazon EC2?

Ans:  

• Create individual IAM (Identity and Access Management) users to control access to your AWS recourses. 
• Creating separate IAM user provides separate credentials for every user making it possible to assign different permissions to each user based on the access requirements. 
• Secure the AWS Root account and its access keys. 
• Harden EC2 instances by disabling unnecessary services and applications by installing only necessary software and tools on EC2 instances. 
• Grant least privileges by opening permissions that are required to perform a specific task and not more than that. Additional permissions can be granted as required. 
• Define and review the security group rules on a regular basis. 
• Have a well-defined strong password policy for all the users. 
• Deploy anti-virus software on the AWS network to protect it from Trojans, Viruses, etc.

Ques: 9. What are the important features of a classic load balancer in EC2?

Ans: The high availability feature ensures that the traffic is distributed among EC2 instances in single or multiple availability zones. This ensures high scale of availability for incoming traffic.

Classic load balancer can decide whether to route the traffic or not based on the results of health check.

You can implement secure load balancing within a network  by creating security groups in a VPC.

Classic load balancer supports sticky sessions which ensure that the traffic from a user is always routed to the same instance for a seamless experience.

Ques: 10. What happens when you reboot an EC2 instance?

Ans: Rebooting an instance is just like rebooting a PC. You do not return to image’s original state; however, the contents of the hard disk are same as before the reboot.

Ques: 11. What Are the main features of Amazon Cloud Front?

Ans: Amazon Cloud Front is a web service that speeds up delivery of your static and dynamic web content, such as .html, .css, .js, and image files, to your users. CloudFront delivers your content through a universal network of data centres called edge locations

Ques: 12. Explain storage for Amazon Ec2 Instance?

Ans: An instance store is a provisional storing type located on disks that are physically attached to a host machine. … This article will present you to the AWS instance store storage type, compare it to AWS Elastic Block Storage (AWS EBS), and show you how to backup data stored on instance stores to AWS EBS

Amazon SQS is a message queue service used by scattered requests to exchange messages through a polling model, and can be used to decouple sending and receiving components

Ques: 13. What is AWS Certificate Manager?

Ans: AWS Certificate Manager is an administration that lets you effortlessly arrangement, oversee, and send open and private Secure Sockets Layer/Transport Layer Security (SSL/TLS) endorsements for use with AWS administrations and your inward associated assets. SSL/TLS declarations are utilized to anchor arrange interchanges and set up the character of sites over the Internet and additionally assets on private systems. AWS Certificate Manager expels the tedious manual procedure of obtaining, transferring, and reestablishing SSL/TLS endorsements.

Ques: 14. What is the AWS Key Management Service?

Ans: AWS Key Management Service (AWS KMS) is an overseen benefit that makes it simple for you to make and control the encryption keys used to scramble your information. … AWS KMS is additionally coordinated with AWS CloudTrail to give encryption key use logs to help meet your inspecting, administrative and consistence needs.

Ques: 15. What is Amazon EMR?

Ans: Amazon Elastic MapReduce (EMR) is one such administration that gives completely oversaw facilitated Hadoop system over Amazon Elastic Compute Cloud (EC2).

Ques: 16. What is Amazon Kinesis Firehose?

Ans: Amazon Kinesis Data Firehose is the least demanding approach to dependably stack gushing information into information stores and examination devices. … It is a completely overseen benefit that consequently scales to coordinate the throughput of your information and requires no continuous organization.

Ques: 17. What Is Amazon CloudSearch and its highlights?

Ans: Amazon CloudSearch is a versatile cloud-based hunt benefit that frames some portion of Amazon Web Services (AWS). CloudSearch is normally used to incorporate tweaked seek abilities into different applications. As indicated by Amazon, engineers can set a pursuit application up and send it completely in under 60 minutes.

Ques: 18. What is the Difference between the Service Role and SAML Federated Role?

Ans: Service Role are meant for usage of AWS Services and based upon the policies attached to it, it will have the scope to do its task. Example : In case of automation we can create a service role and attached to it.

Federated Roles are meant for User Access and getting access to AWS as per designed role. Example: We can have a federated role created for our office employee and corresponding to that a Group will be created in the AD and user will be added to it.

Ques: 19. Distinguish between Scalability and Flexibility?

Ans: Cloud computing offers industries flexibility and scalability when it comes to computing needs:

Flexibility. Cloud computing agrees your workers to be more flexible – both in and out of the workplace. Workers can access files using web-enabled devices such as smartphones, laptops and notebooks. In this way, cloud computing empowers the use of mobile technology.

One of the key assistances of using cloud computing is its scalability. Cloud computing allows your business to easily expensive or downscale your IT requests as and when required. For example, most cloud service workers will allow you to increase your existing resources to accommodate increased business needs or changes. This will allow you to support your commercial growth without exclusive changes to your present IT systems.

 Ques: 20 What is SES, SQS and SNS?

Ans: SES (Simple Email Service): SES is SMTP server provided by Amazon which is designed to send bulk mails to customers in a quick and cost-effective manner.SES does not allows to configure mail server.

SQS (Simple Queue Service): SQS is a fast, reliable and scalable, fully managed message queuing service. Amazon SQS makes it simple and cost Effective. It’s temporary repository for messages to waiting for processing and acts as a buffer between the component producer and the consumer.

SNS (Simple Notification Service): SNS is a web service that coordinates and manages the delivery or sending of messages to recipients.