Showing posts with label EC2. Show all posts
Showing posts with label EC2. Show all posts

Tuesday, 23 November 2021

Top 20 Aws Cloudwatch interview Questions & Answers


Ques: 1). What Is Amazon Cloudwatch and How Does It Work?


CloudWatch is an AWS monitoring service that keeps track of your cloud resources and the applications you run on them. CloudWatch may be used to gather and track metrics, monitor log files, and generate alarms. EC2 instances, DynamoDB tables, and RDS DB instances may all be monitored with CloudWatch.

Amazon CloudWatch is a management tool for system architects, administrators, and developers, and it is part of the Amazon Web Services family.


AWS RedShift Interview Questions and Answers

Ques: 2). What's the difference between CloudTrail and CloudWatch, and how do I use them?


CloudWatch keeps track of the health and performance of AWS services and resources and generates reports on them. CloudTrail, on the other hand, keeps track of all of the activities that take place in your AWS environment.


Ques: 3). What platforms are compatible with CloudWatch Logs Agent?


The CloudWatch logs agent is compatible with a wide range of operating systems and platforms. The following is a list of similar items:

  • CentOS
  • Amazon Linux
  • Ubuntu
  • Red Hat Enterprise Linux
  • Windows


Ques: 4). What Are Amazon Cloudwatch Logs, and What Do They Mean?


Using your existing system, application, and custom log files, Amazon CloudWatch Logs allows you to monitor and troubleshoot your systems and applications. You may monitor your logs in near real time with CloudWatch Logs for specific phrases, values, or patterns. You could, for example, set an alarm for the amount of failures in your system logs or look at graphs of web request latency from your application logs. The original log data can then be viewed to determine the source of the problem. You don't have to worry about filling up hard discs because log data may be saved and accessed endlessly in very durable, low-cost storage.


Ques: 5). What Cloudwatch Access Management Policies Can I Implement?


You can select which CloudWatch actions a user in your AWS Account can execute using CloudWatch's integration with AWS IAM. IAM cannot be used to restrict access to CloudWatch data for individual resources. You can't grant a person access to CloudWatch data for just one group of instances or a single LoadBalancer, for example. Permissions provided by IAM apply to all cloud resources used by CloudWatch. Furthermore, the Amazon CloudWatch command line tools do not support IAM roles.


Ques: 6). What is a CloudWatch Alarm, and how does it work?


CloudWatch Alarms is a new feature that allows you to monitor CloudWatch metrics and receive warnings when they go outside of the levels (high or low thresholds) you designate. There can be several Alarms for each statistic, each with its own set of actions.

A CloudWatch Alarm's state is always one of three things: OK, ALARM, or INSUFFICIENT DATA. When the metric is inside the permissible range that you've set, the Monitor is in the OK condition. It enters the ALARM state when it hits a particular threshold. When the data needed to make a judgement is absent or incomplete, the monitor enters the INSUFFICIENT DATA state.


Ques: 7). What Is The Average Metric Retention Period?


The following is how CloudWatch stores metric data:

For 3 hours, data points with a period of less than 60 seconds are available. These data points are bespoke measurements with a high resolution.

Data points with a period of 60 seconds (1 minute) are available for 15 days, 300 seconds (5 minutes) are available for 63 days, and 4) data points with a metric of 3600 seconds (1 hour) are available for 455 days (15 months). Data points with a shorter duration of publication are aggregated together for long-term storage.


Ques: 8). When should I use a custom metric instead of sending a log to Cloudwatch Logs?


Custom metrics, CloudWatch logs, or both can be used to keep track of your data. If your data, such as OS process or performance measurements, is not already produced in log format, you may want to utilise custom metrics. You may also create your own app or script, or use one offered by an AWS partner. CloudWatch Logs can be used to store and save specific measurements as well as supplementary information.


Ques: 9). Is There Anything I Can Do With My Cloudwatch Logs?


CloudWatch Logs can monitor and store logs to help you understand and operate your systems and applications better. No code modifications are necessary when using CloudWatch Logs with your logs because your existing log data is used for monitoring.


Ques: 10). What is Amazon CloudWatch Synthetics, and how does it work?


You may use Amazon CloudWatch Synthetics to create canaries, which are programmable scripts that run on a schedule, to monitor your endpoints and APIs. Canaries follow the same paths as customers and do the same actions, allowing you to validate your client experience even when there is no customer activity on your apps. Using canaries, you can notice problems before your customers do.

Synthetic monitoring is a technique for assessing a website or online service's availability, performance, and functionality by mimicking visitor queries.


Ques: 11). Is it possible to use regular expressions with log data?


Regular expressions are not supported by CloudWatch Metric Filters. Consider using Amazon Kinesis and connecting the stream to a regular expression processing engine to handle your log data with regular expressions.


Ques: 12). Canaries in Amazon CloudWatch Synthetics are what they sound like.


Canaries are scripts that are written in Node.js or Python. Users construct Lambda functions in your account using Node.js or Python as a framework. The HTTP and HTTPS protocols are both supported by Canaries.


Ques: 13). How Do I Get My Log Data Back?


The CloudWatch Logs console or the CloudWatch Logs CLI can be used to retrieve any of your log data. The Log Group, Log Stream, and time with which the log events are related are used to obtain them.


Ques: 14). What Are the Different Thresholds I Can Use To Set A Cloudwatch Alarm?


When you create an alarm, you must first select the CloudWatch statistic that it will track. The next step is to select an evaluation period and a statistical value to assess. Set a target value and choose whether the alarm will be triggered if the value is more, equal, or less than that value to create a threshold.


Ques: 15). What is Amazon CloudWatch ServiceLens, and how does it work?


Amazon CloudWatch ServiceLens is a new tool that allows you to visualise and analyse the health, performance, and availability of your applications in a single location. All public AWS Regions that offer AWS-X-Ray support Amazon CloudWatch ServiceLens.


Ques: 16). What are CloudWatch Metric Streams, and how can I use them?


CloudWatch Metric Streams is a feature that lets you broadcast CloudWatch metrics endlessly to a location of your choice with very little setup and administration. It's a completely managed solution that takes care of everything for you, including writing code and maintaining infrastructure. With a few clicks, users can setup a metric stream to destinations like Amazon Simple Storage Service (S3). Users might also submit the analytics to a variety of third-party service providers to keep their operational dashboards up to date.


Ques: 17). What Can Amazon Cloudwatch Metrics Tell Me?


CloudWatch allows you to monitor AWS cloud resources as well as the AWS packages you use. EC2 times, EBS volumes, ELBs, Autoscaling agencies, EMR process flows, RDS DB times, DynamoDB tables, ElastiCache clusters, RedShift clusters, OpsWorks stacks, Route 53 fitness assessments, SNS topics, SQS queues, SWF workflows, and Storage Gateways are among the AWS services and products for which metrics are automatically provided. You can also view custom metrics generated by your own applications and services.


Ques: 18). How do I send Grafana from CloudWatch metrics?


1. Install Grafana : Follow the steps to Install Grafana.

2. Go to AWS -> IAM -> Policies.

3. Add below JSON in policy -> Create Policy:


   "Version": "2021-10-23", -- current Date

   "Statement": [


           "Sid": "AllowReadingMetricsFromCloudWatch",

           "Effect": "Allow",

           "Action": [





           "Resource": "*"



           "Sid": "AllowReadingTagsInstancesRegionsFromEC2",

           "Effect": "Allow",

           "Action": [





           "Resource": "*"




4. IAM -> Roles -> Create Role -> Select AWS Service / EC2

5. Attach Permission policies

6. IAM -> Users and click Add User ->Attach existing policies -> copy Access Key ID, your Secret Key

7. EC2 -> Instances-> Select Grafana Server and click on Actions -> Instance Settings -> Attach/Replace IAM Role -> Attach your Grafana IAM Role to the instance.

8. Log in to your Grafana Server using Terminal as root user and provide Access Key ID, your Secret Key:

# vim /usr/share/grafana/.credentials

aws_access_key_id = 000000000000

aws_secret_access_key = 0000000000

region = us-west-2

# chmod 0644 .credentials

9. Grafana -> Navigate to Data Sources -> Select CloudWatch Type

10. Create Dashboard -> Select Graph -> Select Panel Title -> edit and provide namespace.

Ques: 19). Is it possible to use IAM roles with the CloudWatch logs agent?


Yes, the CloudWatch logs agent has access to both keys and IAM roles and is capable of supporting and working with IAM.

Amazon Key Management Service (AWS KMS) is a managed service that integrates with a number of other AWS services. You can use it to create, store, and control encryption keys in your applications to encrypt your data. AWS KMS Key Management Service is a service that allows you to manage your keys on Amazon Web Services.


Ques: 20). How does AWS CloudWatch handle authentication and access control?


Use IAM users or roles to control who has access.

To manage access control, use Dashboard Permissions, IAM identity-based policies, and service-linked roles.

Permissions policies define who gets access to what and when.

Policies based on an individual's identity

Policies based on resources

You can't utilise CloudWatch Amazon Resource Names (ARNs) in an IAM policy because there aren't any. When designing a policy to control access to CloudWatch actions, replace the resource with a * (asterisk).

Monday, 22 November 2021

Top 20 Aws Lambda Interview Questions & Answers


Ques: 1). What exactly is AWS Lambda?


AWS Lambda is a serverless computing solution that is one of the best on the market. It enables you to run code without the need for server management or setup. When you consume data, you must pay for the computation time. When you are not running your code, there are no fees to pay. You may use Lambda to run code for any application or backend service virtually, without having to worry about management. All you have to do is upload the code, and Lambda will handle the rest. Lambda is a high-availability service that runs and scales your code. You may even set up the code to call it straight from the mobile app or the web, or from any other AWS accessible.

 BlockChain Interview Question and Answers

Ques: 2). What is the purpose of Lambda?


If you need a rapid, one-time function that accomplishes something simple and doesn't require long-running operations or expensive calculations, and you only need it to execute for a brief amount of time, Lambda functions are ideal. They can be provided as parameters into higher-order functions, making them handy in situations when other types of code might not be suitable for the task at hand.


Ques: 3). What types of programmes can be run on AWS Lambda?


AWS Lambda makes it simple to complete a variety of tasks in the cloud. AWS Lambda, for example, can be used to fetch and transform data from Amazon DynamoDB in mobile back-ends. Other tasks that may be done in the cloud with the help of AWS Lambda include handlers that alter and compress objects when they are uploaded to Amazon S3, server-less streaming data processing with Amazon Kinesis, and reporting and auditing of API calls made to any of Amazon's Web Services.


Ques: 4). What distinguishes Lambda as a time-saving strategy?


This is for a variety of reasons. The first is that everything can be stored in the local server memory. Furthermore, data can be directly stored in the database without compromising performance. Additionally, testing is not very difficult. Multiple vendors can simply make integration testing more powerful.

 AWS RedShift Interview Questions and Answers

Ques: 5). What are your thoughts on Auto-Scaling?


It's essentially an Amazon Web Services capability that allows you to automatically configure and start up new instances. The good news is that you are not required to intervene at any point. Users may, however, keep track of everything using metrics and criteria. Simply cross a threshold to activate this task, and you'll notice that the instances have scaled horizontally without any intervention.


Ques: 6). How can a serverless application be automated?


An AWS CodePipeline and an AWS CodeDeploy can be used to automate the serverless application's release process. The CodePipeline is a continuous delivery service that allows for the modelling, visualisation, and automation of essential procedures, allowing for the deployment of server-less applications. For Lambda-based apps, CodeDeploy also has an automated deployment engine. It enables you to coordinate deployments using best-practice approaches such as canary and linear deployments, as well as assisting you in establishing major barriers to ensure that the newly deployed software is secure, stable, and ready for industrial usage.


Ques: 7). What is the best way to troubleshoot a serverless application?


By adding X-Ray permissions to the Lambda function's role of execution and changing the function's "mode of tracing" to "active," a Lambda function can be activated for tracking with AWS X-Ray. When you enable X-ray for Lambda functions, AWS Lambda will provide tracing data to X-Ray, including information about the Lambda service used to invoke the function. This will show you the overhead of the Lambda service, the time it takes to execute a function unit, and the time it takes to execute a function. Also, the X-Ray SDK can be included in Lambda deploying the package to create one’s segments of the trace, annotate one’s marks, or view the trace segments for various downstream calls that are made from Lambda function. X-Ray SDKs are presently available for Node.js and Java. Visit the Troubleshooting applications based on Lambda to learn more. AWS X-Ray rates shall apply.


Ques: 8). Is there a limit on how many AWS Lambda functions may be run at the same time?


No. AWS Lambda is built to run multiple instances of functions at the same time. AWS Lambda, on the other hand, has a safety threshold set by default for some consecutive runs for each account per region. The maximum number of times a single AWS Lambda function can be executed in a row can be adjusted, which can be used to set aside a portion of the account concurrency threshold for key functions or reduce traffic rates to downstream resources.

If you want to submit a request to extend the limit, go to the Support Centre for additional information.


Ques: 9). What is the definition of a server-less application?


Lambda-based apps (also known as server-less applications) are built up of functions that are triggered by different events. One or more of these methods are triggered by events such as object upload to Amazon S3, Amazon SNS, or API activities in a standard server-less application. The functions can work independently or in conjunction with other resources such as DynamoDB tables or Amazon S3 buckets. A function is the most common serverless application.


Ques: 10). What precisely is deployment automation?


It's a lot like programming in another language. However, it alleviated many of the difficulties. The nicest part is the deployment of a pipeline that can be readily built as one gains experience. Automated Deployment reduces human intervention and assists enterprises in ensuring quality-based and best-in-class outcomes.


Ques: 11). What are the features of AWS Lambda that make deployments more automated?


AWS lambda supports a variety of environmental factors. When it comes to altering the deployment package, they can be utilised for data and a variety of additional credentials. It also allows aliases because it's a serverless technique. There are a few categories that you may simply think about, such as stage production and development. As a result, functions may be readily evaluated for testing without disrupting the production code. Because the end-point does not change frequently, it is possible to keep up with the task's pace.


Ques: 12). What are the benefits of employing a server-less approach?


To begin with, this technique features straightforward procedures that allow for a faster time to market and increased revenue. Users only have to pay when the code is compiling, therefore increasing profitability can save a lot of money. Managing the components of the larger application is also not difficult. Furthermore, the additional infrastructure is not required. The biggest advantage is that customers don't have to worry about the servers where the code is run.


Ques: 13). What is the definition of an external extension? What are some external Lambda runtime extensions?


An external extension is one that continues to execute as a separate process in the execution even after the function call has completed. External extensions for Lambda runtimes include:

  • NET Core 3.1 (C#/PowerShell) ( dotnetcore3. 1 )
  • Custom runtime ( provided )
  • Custom runtime on Amazon Linux 2 ( provided. al2 )
  • Java 11 (Corretto) ( java11 )
  • Java 8 (Corretto) ( java8. al2 )


Ques: 14). Is it possible to scale Amazon Instance vertically? If so, how would you go about doing it?


Yes, it is feasible to scale an Amazon Instance vertically. Here's how to do it:

  • On top of the already controlling instance, form and twist a new enormous instance.
  • Try delaying the present instance and separating the source web mass of dispatch and the server.
  • The next step is to terminate your current instance and detach it from the source quantity.
  • Make a note of the new machine ID and use the same source mass on your new server.


Ques: 15). What are the many ways to activate Lamda?


Lambda can be triggered in three different ways.

API Gateway event:

These are what are known as standard events. When someone calls an API Gateway For Lambda, it will call your lambda function. If you're using the Serverless Framework, you'll need to specify which event type was triggered in the configuration, or serverless.yml.

S3 events:

S3 events happen when someone(s) changes the contents of an S3 bucket. A file can be created, removed, or updated to change the content. When you specify an event, you can choose whether the lambda function creates, destroys, or changes a file.

DynamoDB events:

When someone makes a modification to a record in a DynamoDB table, all of the changes are immediately published in a stream, and the lambda is triggered because there is data in the stream. When there is data in the stream, Lambda can be activated in two different ways. First, the lambda will only be called once if there is specific data in the stream, such as a single database change at a specific time. The second method Lambda is activated is when a stream of events is processed together. Because streams are rather rapid, this significantly reduces the amount of time spent running.


Ques: 16). What are the drawbacks of a serverless architecture?


Everything in the Aws lambda has its own set of advantages and disadvantages, depending on the task at hand.

In the serverless technique, the upper limit is strictly on vendor control, which results in higher downtime.

Other difficulties include the loss of system operation and the system's constraints. AWS serverless solution requires dedicated hardware, which is not available.

Most of the time, it is the customer's blunders that cause the issues.


Ques: 17). What are the best security techniques in Lambda?


In terms of security, Lambda has some of the best solutions. Identity Access and Management can be used. When it comes to regulating access to resources, this might be advantageous. Another option is privilege, which essentially expands the permissions. Access might be blocked to untrustworthy or unauthorised hosts. The security group has regulations that can be reviewed over time to stay up with the pace.


Ques: 18). In Lambda, what is SQS? What function does it have?


SQS is essentially a method for sharing and transmitting information between hosts and connectors. Different Lambda components can be made available, or in other words, communication can be enabled. Even if the functional components aren't the same, they can be linked together. This strategy can eliminate a lot of failures, and components can communicate well with one another.


Ques: 19). In Lambda, what are Final Variables and Effectively Final Variables?


Final variables are ones that can't be changed once they've been assigned. They are called essentially variable when they are in an early stage where any type of change is possible. They have yet to be assigned a value. In many circumstances, the outcome is required without constraint, which is why effective variables are used. They can also help with testing. Effective Variables can be used to empower final variables with a variety of additional capabilities. In Lambda, the majority of local expressions are final.


Ques: 20). What are the different types of storage that Amazon offers?


There are a variety of storage options for Amazon Lambda, and the main thing to remember is that all of them are the finest in terms of durability and performance. It would not be a problem if you used them together. Accessibility for people with disabilities is also available. Let me give you a few examples, such as EBS, which is a storage tool that is essentially block-level storage. This comes with encryption capabilities, and it's an excellent alternative to think about if your system requires independent storage. The next category is EC2 instances, which are storage discs that are directly attached to the host PC.

This sort of storage is only employed for a short period of time. After then, the user can think about good storage. Until the instances are valid, the user data will be valid. The user can utilise this storage to run instances. The next type is Adding storage -> this is a type of root storage device. This is where you'll find information on the boot instance. The third type is Amazon S3, which is another AWS lambda storage option that is considered a low-cost alternative that can store any quantity of data.

Top 20 AWS Solution Architect Interview Questions & Answers


Ques: 1). I have a few private servers, and I also use the public cloud to share some workloads. What kind of structure is this?


The hybrid cloud is created when both private and public cloud services are combined. When private and public clouds are virtually housed on the same network, it is easy to comprehend a hybrid architecture.


AWS RedShift Interview Questions and Answers

Ques: 2). What's the difference between stopping and terminating an instance?


Stopping an Instance: When you stop an instance, it goes through a standard shutdown process. Its Amazon EBS volume, on the other hand, remains attached, and you may restart the instance whenever you want. The advantage of stopping an instance is that you will not be charged for that instance once it has been terminated.

Terminating an Instance: When an instance is terminated, it goes through a normal shutdown and any Amazon EBS volumes attached to the instance are destroyed at the same time. You cannot restart an instance once it has been terminated.


Ques: 3). What distinguishes a Spot Instance from a Reserved or On-Demand Instance?


Pricing models include Spot instances, Reserved instances, and On-demand instances. Users can buy compute power without making an upfront investment using a spot instance, however they must pay hourly, which is lower than the on-demand instance fee in each area.

Spot instances are analogous to bidding, and the Spot Price is the bidding price for these instances. The price may fluctuate due to availability and demand, but you will never pay more than the maximum amount mentioned. In the event that spot prices rise above the maximum price, the EC2 instances will automatically shut down. The opposite is not true: if spot prices fall, EC2 Instances are not instantly launched. It's possible to do it manually.

There is no obligation on the part of the user for Spot and On-demand instances. In the case of Reserved Instances, however, one must keep to the time period that was previously selected.


Ques: 4). In AWS, which instance type should you use to deploy a 4-node Hadoop cluster?


Each Hadoop cluster is built on a master-slave model, in which the master system processes the data and the slave machine acts as a data node. Because all of the processing is done on the master system, it requires a high-capacity CPU and RAM, and because all of the storage is done on the slave machine, a large hard disc is required.

You have complete control over the machine's setup based on the workload. If you don't want to configure the computer manually, you can immediately launch an Amazon EMR instance that will do it for you. You dump the data to be processed in S3, EMR picks the data from there, processes it, and dumps it back to the S3.


Ques: 5). Is a single Elastic IP address sufficient for all running instances?


Each instance has its own public and private addresses. When an instance is stopped or terminated, it returns a private address that is unique to that instance. Similarly, until the instance is halted or terminated, a public address is connected only with it. However, an EIP (Elastic IP address) can be assigned to an instance that will remain active until the user detaches it manually. In the event that you are hosting multiple websites on your EC2 server, you will require different EIP numbers.


Ques: 6). Is it possible to use an S3 bucket with EC2 Instances as well?


Yes, it's possible to utilise it with root devices that are backed up by local instances storage. Amazon S3 gives developers access to the same dependable and expensive data storage infrastructure that Amazon uses to power its global websites.


Ques: 7). Explain how to use Amazon Instance to vertically scale.


The following are the steps to vertically scale on Amazon:

  1. Upgrade from the current instance to a new larger instance.
  2. Pause the previous instance and discard it by detaching the root web volumes from the servers.
  3. Now stop the live instance and also detach its root volume.
  4. Attach the root volume to the new server after you note the unique device ID.
  5. And finally, restart it.


Ques: 8). What does a buffer do in Amazon web services?


The buffer is used to make the system more robust for managing traffic or load by synchronising multiple components. The components, in general, receive and process requests in an uneven manner. When the buffer is used, however, the components are balanced and operate at the same speed, ensuring that proper service is provided.


Ques: 9). What kind of performance can Elastic Block Storage provide? How do you back it up and improve the results?


The performance of elastic block storage fluctuates, and it might go above and below the SLA performance threshold. SLA gives an average disc I/O rate, which can irritate performance experts who want a server's disc throughput to be consistent and reliable. This is not the case with virtual AWS instances. A graphical user interface, such as elasticfox, can be used to backup EBS volumes, or an API call can be used to leverage the snapshot feature. Using Linux software raid and striping over four drives can further increase performance.


Ques: 10). Distinguish between an on-demand and a spot instance.


Spot Instances are unused Amazon EC2 instances that can be bid on. The spot instance will be launched once the bid exceeds the current spot price (which changes in real-time based on demand and supply). If the spot price exceeds the bid price, the instance can be cancelled at any time and with only 2 minutes' notice. The best technique to determine the best bid price for a spot instance is to consult the AWS console's price history for the previous 90 days. Spot instances have the benefit of being cost-effective, but the disadvantage is that they can be cancelled at any time. Spot instances are ideal to use when –

There are optional nice to have tasks.

You have flexible workloads which can be run when there is enough compute capacity.

Tasks that require extra computing capacity to improve performance.

On-demand instances are available anytime you need them, and you must pay on an hourly basis for the time you utilise them. These instances can be released as soon as they are no longer needed, and there is no commitment required up front. Unlike spot instances, AWS guarantees the availability of these instances.

The recommended practise is to start a few on-demand instances that can provide a minimal level of assured compute resources for the application and then add on a few spot instances as needed.


Ques: 11). What is Amazon EMR and how does it work?


Amazon EMR is a surviving cluster stage that is useful in data structures since it demonstrates how things work before they are notified. On Amazon Web Services, Apache Spark and Apache Hadoop are useful for analysing massive amounts of data. Data for analytics purposes and marketing intelligence workloads can be prepared using Apache Hive. It also makes use of other open-source ideas that are applicable.


Ques: 12). Is it possible to scale an Amazon Instance vertically? If so, how do you go about doing it?


The steps to vertically scale an Amazon Instance are as follows –

    1. Spin up a larger Amazon instance than the existing one.
    2. Pause the exisiting instance to remove the root ebs volume from the server  and discard.
    3. Stop the live running instance and detach its root volume.
    4. Make a note of the unique device ID and attach that root volume to the new server.
    5. Start the instance again.


Ques: 13). How will you prepare an instance to serve traffic by configuring it with the application and its dependencies?


The use of lifecycle hooks can help you do this. They are useful because they allow you to halt the construction or termination of an instance so that you can sneak a peek inside and do specific activities such as configuring the instance, downloading relevant files, and performing any other steps necessary to get the instance ready. There can be many lifecycle hooks in each auto scaling group.


Ques: 14).  How can EC2 instances running in a VPC be protected?


AWS Security groups connected with EC2 instances can help you protect EC2 instances running in a VPC by enforcing protocol and port access security. You can secure access to the EC2 instance by configuring both INBOUND and OUTBOUND traffic. AWS security groups are similar to firewalls in that they contain a collection of rules that filter traffic entering and exiting an EC2 instance and prevent unauthorised access to those instances.


Ques: 15). What are some of the most important security best practises in Amazon EC2?


To limit access to your AWS resources, create unique IAM (Identity and Access Management) users. Creating a unique IAM user gives each user their own set of credentials, allowing them to be given varying permissions based on their access needs.

  • Secure the AWS Root account and its access keys.
  • Harden EC2  instances by disabling unnecessary services and applications by installing only necessary software and tools on EC2 instances.
  • Grant least privileges by opening up permissions that are required to perform a specific task and not more than that. Additional permissions can be granted as required.
  • Define and review the security group rules on a regular basis.
  • Have a well-defined strong password policy for all the users.
  • Deploy anti-virus software on the AWS network to protect it from Trojans, Viruses, etc.


Ques: 16). What are the key characteristics of a traditional load balancer in EC2?


The high availability functionality distributes traffic among EC2 instances in a single or several availability zones.

This assures a high level of incoming traffic availability.

Based on the findings of the health check, a traditional load balancer can decide whether or not to route traffic.

By defining security groups in a VPC, you may achieve safe load balancing within a network.

Sticky sessions are supported by traditional load balancers, which ensure that a user's traffic is always routed to the same instance for a consistent experience.


Ques: 17).  What are the possible connection issues you encounter when connecting to an EC2 instance ?


    • Unprotected private key file
    • Server refused key
    • Connection timed out
    • No supported authentication method available
    • Host key not found,permission denied.
    • User key not recognized by the server, permission denied.


Ques: 18). What's the difference between stopping and terminating an EC2 instance?


When you end an EC2 instance, it goes into a standard shutdown mode and is moved to the stop state. When an EC2 instance is terminated, it is put into a suspended state, and any EBS volumes attached to it are erased and can't be restored.


Ques: 19). How can you use EBS to automate EC2 backups?


Creating snapshots of EBS volumes can be used to back up AWS EC2 instances. Amazon S3 is utilised to store the snapshots. Snapshots can capture all of the data in EBS volumes and produce precise replicas of it. The snapshots can then be cloned and relocated to another AWS region, ensuring that sensitive data is kept safe and secure.

Stopping the instance or detaching the EBS volume that will be backed up is suggested before executing AWS EC2 backup. Any failures or problems will not effect newly produced snapshots as a result of this.

The following steps must be followed to back up an AWS EC2 instance:

  1. Sign in to the AWS account, and launch the AWS console.
  2. Launch the EC2 Management Console from the Services option.
  3. From the list of running instances, select the instance that has to be backed up.
  4. Find the Amazon EBS volumes that are attached locally to that particular instance.
  5. List the snapshots of each of the volumes, and specify a retention period for the snapshots. A snapshot has to be created of each volume too.
  6. Remember to remove snapshots that are older than the retention period.


Ques: 20). What is a denial-of-service (DoS) attack, and how do you respond to one?


When a malicious attempt is made to affect the availability of a certain system, such as an application or a website, a Denial of Service (DoS) attack occurs. When an attacker uses many sources to generate a DDoS attack, it is known as a Distributed Denial of Service attack. DDoS assaults are usually classified according to whatever layer of the Open Systems Interconnection (OSI) model they target. The Network, Transport, Presentation, and Application levels, which correspond to layers 3,4,6, and 7, are the most typical targets for DDoS attacks.