Table of contents
- AWS Interview Preparation: An Overview
- We need to deploy an application on the cloud which we are going to commercialize in a later phase. Which cloud provider do you think will suit our needs and why? Given the fact, that you don’t know anything about our project.
- How can I collaborate among my different accounts on AWS?
- What are some of the recommended practices by AWS?
- What is one service that can provide us with an overview of our AWS cloud infrastructure usage in terms of cost, security, availability, etc?
- Instead of going to AWS why can’t I opt for OpenStack cloud? What are the pros and cons?
- What is meant by geolocation-based routing and latency-based routing, how they are different, and which AWS service helps in configuring such routing policy?
- How should we decide to choose between Reserved, On-demand, and spot instances?
- How you create highly available, fault-tolerant, low latency, and DR-compliant global infrastructure in AWS. Only a brief description.
- What does Infrastructure as a Code mean and which AWS service facilitates that?
- Our organization runs BI tools on large-scale data, and data analytics have been run on third-party web servers, which service would you recommend for this task?
- Difference between vertical and horizontal scaling?
- What are the three important things that AWS is going to bill you?
- We need to set cross-region replication of our S3 bucket, but even after setting up cross-region replication a very large amount of our data doesn’t get replicated, what could be the possible reason and how can we overcome this?
- Does the complete CI/CD solution exist on the AWS platform, if yes, please explain.
- You have provisioned a higher configuration instance and you want to host your Database as well as app server on the very same instance. How would you route the traffic on your DB and to your app server?
- What are the ways to keep your dev/prod team in a loop in case any issue arises with your web/app server outside business hours?
- If our company already has a system to carry out the identification of the user, how can I use the same system to give AWS account access to my user?
- If you have lost the .pem file for your running instance how you can recover that instance?
- If you are the AWS admin for your company and someone has recently left the company, how will you ensure security along with ensuring the smooth flow of tasks that he/she was responsible for?
- Given the fact that you need to use only the AWS stack to schedule the turn-off and turn-on automation of your staging servers, what services you will use and how will you plan it?
- How Amazon Route 53 can offer high availability and low latency?
- How Region and Availability Zone are linked?
- Explain Spot Instances and On-Demand Instances.
- Mention the steps associated with a CloudFormation Solution.
- What is a DDoS attack? How to minimize a DDoS attack?
- How to set up a system for real-time monitoring of website metrics in AWS?
- What aspects do you need to consider when migrating to Amazon Web Services?
- What does it mean by policies in AWS? What are the various types of policies?
- How to control the security of your VPC?
- Mention the relationship between an instance and AMI is?
- What is geo-targeting in CloudFront?
- What is an Elastic Transcoder?
- With specified private IP addresses, can an Amazon Elastic Compute Cloud (EC2) instance be launched? If so, which Amazon service makes it possible?
- Define Amazon availability zones.
- Explain Amazon EC2 root device volume.
- How would you address a situation in which the relational database engine frequently collapses when traffic to your RDS instances increases, given that the RDS instance replica is not promoted as the master instance?
- What do you understand by 'changing' in Amazon EC2?
- Define Snapshots in Amazon Lightsail.
- On an EC2 instance, an application of yours is active. Once the CPU usage on your instance hits 80%, you must reduce the load on it. What strategy do you use to complete the task?
- Describe SES.
- How many S3 buckets can be created?
- What is the maximum limit of elastic IPs anyone can produce?
- What Are Some of the Security Best Practices for Amazon EC2?
- What are the common types of AMI designs?
- What are Key-Pairs in AWS?
- How do you connect multiple sites to a VPC?
- How many Subnets can you have per VPC?
- When Would You Prefer Provisioned IOPS over Standard Rds Storage?
- How Do Amazon Rds, Dynamodb, and Redshift Differ from Each Other?
- What Are the Benefits of AWS’s Disaster Recovery?
Name 5 AWS services you have used and their use cases:
Amazon EC2: Used for scalable computing capacity, great for hosting web applications, running backend servers, or for general-purpose computing.
Amazon S3: Ideal for storing and retrieving large amounts of data, such as static website content, backup storage, or hosting media files.
Amazon RDS: Provides managed relational databases, suitable for applications requiring a traditional SQL database like MySQL, PostgreSQL, or SQL Server.
Amazon CloudWatch: Monitors AWS resources and applications, providing insights into system performance, resource utilization, and operational health.
Amazon IAM: Identity and Access Management service for controlling access to AWS services and resources securely.
Tools used to send logs to the cloud environment:
- Commonly used tools include AWS CloudWatch Logs agent, AWS CloudTrail for API call logging, and third-party tools like Fluentd or Logstash.
IAM Roles: How to create/manage them:
- IAM Roles are permissions policies that can be assigned to AWS resources. They define what actions are allowed or denied on AWS resources. You can create/manage IAM Roles using the IAM console, AWS CLI, or AWS SDKs.
Upgrading/downgrading a system with zero downtime:
- Achieve zero downtime upgrades/downgrades by implementing blue-green deployment strategies, where you run two identical production environments simultaneously and switch traffic between them seamlessly after verifying the new environment's stability.
Infrastructure as Code (IaC) and how to use it:
- IaC involves managing and provisioning infrastructure using code (e.g., CloudFormation or Terraform). With IaC, you can automate infrastructure deployment, make changes more predictably, and enforce version control.
Load Balancer and scenarios for each type:
A load balancer distributes incoming application traffic across multiple targets, such as EC2 instances. Scenarios:
Application Load Balancer (ALB): Ideal for HTTP/HTTPS traffic, routing requests based on content, and supporting multiple applications on a single EC2 instance.
Network Load Balancer (NLB): Best for TCP traffic, capable of handling millions of requests per second with low latency, suitable for extreme performance needs.
Classic Load Balancer (CLB): Legacy load balancer offering basic routing capabilities, now largely replaced by ALB and NLB.
CloudFormation and its use:
- AWS CloudFormation is a service that allows you to define and provision AWS infrastructure using code templates. It enables you to deploy and update resources in a safe, repeatable, and automated manner.
Difference between AWS CloudFormation and AWS Elastic Beanstalk:
- CloudFormation is an infrastructure provisioning service, while Elastic Beanstalk is a Platform as a Service (PaaS) offering that automates the deployment, scaling, and management of web applications.
Kinds of security attacks on the cloud and minimizing them:
- Attacks like DDoS, data breaches, and unauthorized access can occur. Minimize them through strong IAM policies, encryption, network security measures, regular security audits, and employing best practices for application and infrastructure security.
Recovering EC2 instance when the key is lost:
- If you've lost access to an EC2 instance due to lost keys, you can still recover it by creating a new key pair, modifying the instance to associate the new key pair, and then accessing the instance using the new key pair.
Gateway:
- A gateway is a network node used to connect different networks, enabling communication between them. In AWS, gateways can refer to services like API Gateway for creating APIs, or VPN Gateway for securely connecting on-premises networks to AWS.
Difference between Amazon RDS, DynamoDB, and Redshift:
- Amazon RDS is a managed relational database service, DynamoDB is a NoSQL database service, and Redshift is a data warehousing service. Each is optimized for different types of workloads and use cases, such as transactional data, high-scale web applications, and analytics respectively.
Hosting a website on S3: Yes or No, and why:
- Yes, I prefer hosting a website on S3 for its simplicity, scalability, and cost-effectiveness. S3 provides reliable static website hosting, low latency content delivery through CloudFront, and easy integration with other AWS services like Route 53 for DNS management. It's especially suitable for static websites or sites with minimal dynamic content.
AWS Interview Preparation: An Overview
We need to deploy an application on the cloud which we are going to commercialize in a later phase. Which cloud provider do you think will suit our needs and why? Given the fact, that you don’t know anything about our project.
I will go for AWS for to following reasons :
The oldest cloud provider and range of managed services offered by them are quite large therefore you can build and deploy your diverse applications with ease and less time.
AWS's collaboration with Intel, VMWare, and Akamai makes them quite strong in terms of providing global, highly available, and robust cloud infrastructure.
They are the oldest in the cloud market, hence their use case experience is more comprehensive.
How can I collaborate among my different accounts on AWS?
Using AWS organization service collaboration among different AWS accounts is easy and seamless.
What are some of the recommended practices by AWS?
Democratize IT services, and use managed services as much as you can, attaining expertise in all domains is expensive as well as time-consuming.
Consider your cloud infra resources like cattle, not pets. You use servers, and databases, store, use them, and once they get outdated decommission them and deploy new updated versions.
Security of the cloud is in the customer's hands, whereas the security of the cloud is AWS's responsibility.
What is one service that can provide us with an overview of our AWS cloud infrastructure usage in terms of cost, security, availability, etc?
Trusted advisors provide you with information and can also guide what steps necessarily be taken in order to make your infrastructure efficient.
Instead of going to AWS why can’t I opt for OpenStack cloud? What are the pros and cons?
Everyone is free to choose a cloud service provider their choice, but the question arises before getting down to the actual business in hand how much overhead do you want to create? OpenStack is free but at the same time configurations and nitty-gritty details of every service will call for a certain level of expertise moreover, if the infrastructure falls apart, there is no one to take responsibility for, or better say lack of directed guidance is missing.
What is meant by geolocation-based routing and latency-based routing, how they are different, and which AWS service helps in configuring such routing policy?
Geolocation-based routing where routing of traffic can be done on a specific geographic region and can also be restricted to a certain geographic region where we don’t want to show our content/service availability. Latency-based routing is meant to serve the customer from the node that provides content with the least latency, suppose we have our web servers deployed over the US, Europe, and Asia in a Global AWS Infrastructure, we want that customer request from the US region should be answered by US region AWS infra and so on. Suppose a customer raises a request middle or in Africa, his/her request will be served from the node that is Geographically closer to the African continent. We can configure such routing policies by using the AWS-managed DNS service Route53, where such routing policies are available.
How should we decide to choose between Reserved, On-demand, and spot instances?
Reserved instances have been used for housekeeping functions which will run all the time mostly in a 24x7 manner, as you have already made the payment or committed to a certain amount for their 24x7 operation. On-demand instances can be deployed for immediate needs where the processing of data as well as a transfer of data is also critical, mostly it happens in scenarios like a big-billion-day sale, black Friday, or a major global event that is unpredictable. Spot instances are instances that are cheapest in nature and should be deployed where we are not so much worried about loss or interruption of transactions are not a thing to worry about.
How you create highly available, fault-tolerant, low latency, and DR-compliant global infrastructure in AWS. Only a brief description.
1. Highly available: Serve traffic from distributed infrastructure in all available Availability Zones.
2. Fault-tolerant: Implementing load-balancing policy along with Autoscaling.
3. Low-latency: Replicating business-critical web, app, and DB servers in all availability zones and serving the traffic by AWS CDN service (Cloud Front) and can also use Elastic Cache service.
4. DR compliant (Disaster recovery compliant): Keep taking automated backups and put across region replication policy for the stored items in S3. Keep a business-critical DB server on standby in a different region.
Use managed services as much as possible, where the uptime is taken care of by AWS and you need not worry about them.
What does Infrastructure as a Code mean and which AWS service facilitates that?
Infrastructure as a Code means where you create a template of your entire business infrastructure based on a cloud in the form of Code (JSON/XML or any other simple script). You keep updating this template/code as and when you make any configuration changes or you implement this code template for deploying AWS infra, be it servers, databases, storage resources, deployment policies, etc. You can utilize the AWS Cloud formation service to facilitate this. There you can find predefined templates from use cases or you can draft your own custom-made code for your AWS Cloud Infra which suits your needs.
Our organization runs BI tools on large-scale data, and data analytics have been run on third-party web servers, which service would you recommend for this task?
AWS Redshift is a proper tool provided by AWS that can exactly answer this need. AWS Redshift is a Data warehouse solution where you can also run your analytics, with no need to deploy separate servers.
Difference between vertical and horizontal scaling?
Vertical scaling is where you are adding more power/capacity to your resources, whereas horizontal scaling is where the number of the same resources has been multiplied. The autoscaling policy provides us with a managed service to a horizontal scale of EC2 resources. For vertical scaling of EC2 resources either we can do it manually or we write down an automated script and get it pushed and some specific event gets triggered.
What are the three important things that AWS is going to bill you?
Compute power utilization, storage used, and Data transfer.
We need to set cross-region replication of our S3 bucket, but even after setting up cross-region replication a very large amount of our data doesn’t get replicated, what could be the possible reason and how can we overcome this?
When we apply cross-region replication only new data that you store in the source bucket will get replicated across the region, data that existed prior to the implementation of Cross-region replication will not get replicated. In order to replicate that data either, we can write a script to copy the entire data across a region we can create a lambda function, or do it using the S3 bucket dashboard.
Does the complete CI/CD solution exist on the AWS platform, if yes, please explain.
AWS provides you with services like CodeStart, CodeCommit, Cloud9, CodeBuild, CodeDeploy, etc. where you can build a custom-made pipeline for the deployment on a staging/production server. Moreover, there is a presence of CloudFormation templates where you can store your entire production-grade Cloud Infra in the form of code which is easy to port and deploy.
You have provisioned a higher configuration instance and you want to host your Database as well as app server on the very same instance. How would you route the traffic on your DB and to your app server?
We can route traffic in a port-specific manner by registering the targets with the Application load balancer where we can mention the port number and the target DB or app server.
What are the ways to keep your dev/prod team in a loop in case any issue arises with your web/app server outside business hours?
There are a couple of ways we can do that. We can utilize AWS native Cloudwatch service with SNS (Simple Notification Services) to roll out emails/SMS in case any issue arises with our production web/app servers. We can also configure a third-party monitoring service like Data Dog and PagerDuty with AWS CloudWatch. We can configure to follow an escalation policy in case of major or minor issues or if someone is not available. We can configure the monitoring tools to give an automated call to the responsible teams informing them about any outage or any critical matrices breaching.
If our company already has a system to carry out the identification of the user, how can I use the same system to give AWS account access to my user?
There are basically three possibilities that arise:
If your corporate directory agrees with SAML 2.0, you can configure SSO access to your AWS account using your corporate directory.
If the corporate directory is not compatible, then we can use an identity broker.
If your corporate directory is Microsoft’s AD-based, you can utilize AWS Directory Service to establish trust between your corporate AD and your AWS account.
If you have lost the .pem file for your running instance how you can recover that instance?
The OS + Stack can be recovered by creating an AMI and then relaunching an AMI using the same if we need to recover data also, then we need to detach volumes and attach them with a new instance.
If you are the AWS admin for your company and someone has recently left the company, how will you ensure security along with ensuring the smooth flow of tasks that he/she was responsible for?
The main issue will arise if we have used that personal security key and access ID someplace, we can first deactivate his/her id’s and then check whether it has hampered any tasks or not running on theAWS platform, if no there is no task gets affected then, we can simply delete the access keys, along with user profile, or if we found some tasks getting affected, we will regenerate a new set of access keys/id’s, feed them on the very same place where the old one is working, then deactivate the old one. Once task execution gets properly checked under the new access keys and IDs, we can go ahead with deleting the old access keys/IDs.
Given the fact that you need to use only the AWS stack to schedule the turn-off and turn-on automation of your staging servers, what services you will use and how will you plan it?
We will utilize the CloudWatch Events window to schedule the event of specific times at which we want to turn off or turn on the staging servers. The event trigger will be two lambda functions that fire up as per the schedule and the targets of the lambda function will be the servers which are grouped under the “staging” tag. We can write a script in Python or node.js to pull up the list of staging servers and take action to shut down or start as per the trigger. By using these services we are meeting the mandatory requirement to devise a solution without going outside the AWS stack.
How Amazon Route 53 can offer high availability and low latency?
Amazon Route 53 utilizes the following ways to provide high availability and low latency:
Globally Distributed Servers:
Since Amazon is a global service, it has DNS Servers worldwide. Any customer who creates a query from anywhere can access a DNS Server local to them which offers low latency.
Dependency:
Route 53 offers the superior dependability demanded by critical applications.
Optimal Locations:
Route 53 is known to serve the requests from the closest data center to the client delivering the request. Moreover, Route 53 allows any server in a data center that has the required data to react.
How Region and Availability Zone are linked?
An Amazon data center is located in AWS Availability Zone which is a physical location. But AWS Region is an assortment or cluster of Availability Zones or Data Centers. The same assists your services to be more accessible while you place your VMs in various data centers in an AWS Region. In case any of the data centers fails in a Region then the client requests would still be served but from other data centers positioned in the same Region. It is important to know these terms in your AWS Training.
Explain Spot Instances and On-Demand Instances.
Whenever AWS creates EC2 instances, certain blocks of processing power and computing capacity are rendered unused. AWS gives away such blocks as Spot Instances. Moreover, Spot Instances execute when capacity is available. They prove useful if you are flexible regarding when your application could run and if your applications can be blocked.
You can create On-Demand Instances whenever required. Their prices are static. They are always available unless you explicitly end them.
Mention the steps associated with a CloudFormation Solution.
Below are the steps included in a CloudFormation solution:
Step 1: Create or use any previously created CloudFormation template through JSON or YAML format.
Step 2: Now save the code in an S3 bucket. The S3 bucket works as a repository for the code.
Step 3: Use AWS CloudFormation to call the bucket and create a stack on your template.
Step-4: CloudFormation will read the file and comprehend those services that are called. Also, it understands their sequence, the affiliation between the services, and the provisions of the services in sequence.
What is a DDoS attack? How to minimize a DDoS attack?
DDoS is basically a cyber-attack wherein the perpetrator retrieves a website and makes multiple sessions. Consequently, the other valid users could not access the service. The AWS learning path highlights an overview of a DDoS attack.
Below is the list of the native tools that assist you in minimizing the DDoS attacks on your AWS services:
1. AWS WAF
2. AWS Shield
3. Amazon Route53
4. Amazon CloudFront
5. VPC
6. ELB
How to set up a system for real-time monitoring of website metrics in AWS?
Amazon CloudWatch lets you monitor the application status of diverse AWS services as well as custom events. It is possible to monitor:
1. Auto-scaling lifecycle events
2. State changes in Amazon EC2
3. Scheduled events
4. Console sign-in events
5. AWS API calls
What aspects do you need to consider when migrating to Amazon Web Services?
Below is the list of aspects to be considered for AWS migration:
1. Workforce Productivity
2. Business agility
3. Cost avoidance
4. Operational resilience
5. Operational Costs - Includes the expense of infrastructure, capability to match demand and supply, transparency, and others.
What does it mean by policies in AWS? What are the various types of policies?
Policy is an object that is linked with a resource that defines the permissions. AWS analyzes such policies whenever a user makes a request. The permissions in the policy decide whether to allow or reject action. It is important to note that policies are saved as JSON documents.
6 types of policies supported in AWS are:
1. Resource-based policies
2. Identity-based policies
3. Permissions boundaries
4. Access Control Lists
5. Organizations SCPs
6. Session policies
How to control the security of your VPC?
You can follow any of the below ways:
i. Security Groups: It works as a virtual firewall for associated EC2 instances which control inbound as well as outbound traffic at the instance level.
ii. Network access control lists (NACL): It works as a firewall for connected subnets that control inbound as well as outbound traffic at the subnet level.
Mention the relationship between an instance and AMI is?
From an AMI, it is allowed to launch various types of instances. An instance type describes the hardware of the host computer utilized for your instance. Every instance type offers various computer and memory abilities. After an instance is launched, it appears like a traditional host. Furthermore, you can interact with it just like any computer.
What is geo-targeting in CloudFront?
It is a concept where businesses can show personalized content to their audience based on their geographic location without changing the URL. This helps us create customized content for the audience of a specific geographical area, keeping their needs at the forefront.
What is an Elastic Transcoder?
To support multiple devices with various resolutions such as laptops, tablets, and smartphones, you need to change the resolution and format of the video. This can be done very easily by an AWS Service tool called the Elastic Transcoder, which is a media transcoding in the cloud that exactly lets us do the needful. Elastic Transcoder is easy to use, cost-effective, and highly scalable for businesses and developers.
With specified private IP addresses, can an Amazon Elastic Compute Cloud (EC2) instance be launched? If so, which Amazon service makes it possible?
Yes! Utilizing VPC makes it possible (Virtual Private Cloud).
Define Amazon availability zones.
Availability zones are geographically separate locations. As a result, failure in one zone does not affect EC2 instances in other zones. When it comes to regions, they may have one or more availability zones. This configuration also helps you to reduce latency and costs.
Explain Amazon EC2 root device volume.
The image that will be used to boot an EC2 instance is stored on the root device drive. This occurs when an Amazon AMI runs a new EC2 instance. This root device volume is supported by EBS or an instance store. In general, the root device data on Amazon EBS is not affected by the lifespan of an EC2 instance.
How would you address a situation in which the relational database engine frequently collapses when traffic to your RDS instances increases, given that the RDS instance replica is not promoted as the master instance?
A larger RDS instance type is required for handling significant quantities of traffic, as well as producing manual or automated snapshots to recover data if the RDS instance fails.
What do you understand by 'changing' in Amazon EC2?
To make limit administration easier for customers, Amazon EC2 now offers the option to switch from the current 'instance count-based limitations' to the new 'vCPU restrictions.' As a result, when launching a combination of instance types based on demand, utilization is measured in terms of the number of vCPUs.
Define Snapshots in Amazon Lightsail.
The point-in-time backups of EC2 instances, block storage drives, and databases are known as snapshots. They can be produced manually or automatically at any moment. Your resources can always be restored using snapshots, even after they have been created. These resources will also perform the same tasks as the original ones from which the snapshots were made.
On an EC2 instance, an application of yours is active. Once the CPU usage on your instance hits 80%, you must reduce the load on it. What strategy do you use to complete the task?
It can be accomplished by setting up an autoscaling group to deploy additional instances, when an EC2 instance's CPU use surpasses 80% and by allocating traffic across instances via the creation of an application load balancer and the designation of EC2 instances as target instances.
Describe SES.
Amazon offers the Simple Email Service (SES) service, which allows us to send bulk emails to customers swiftly at a minimal cost.
How many S3 buckets can be created?
In S3 buckets, Up to 100 buckets can be created by default.
What is the maximum limit of elastic IPs anyone can produce?
A maximum of five elastic IP addresses can be generated per location and AWS account.
What Are Some of the Security Best Practices for Amazon EC2?
Security best practices for Amazon EC2 include using Identity and Access Management (IAM) to control access to AWS resources; restricting access by only allowing trusted hosts or networks to access ports on an instance; only opening up those permissions you require, and disabling password-based logins for instances launched from your AMI.
What are the common types of AMI designs?
There are many types of AMIs, but some of the common AMIs are:
1. Fully Baked AMI
2. Just Enough Baked AMI (JeOS AMI)
3. Hybrid AMI
What are Key-Pairs in AWS?
The key pairs are password-protected login credentials for the Virtual Machines that are used to prove our identity while connecting the Amazon EC2 instances. The Key-Pairs are made up of a Private Key and a Public Key which lets us connect to the instances.
How do you connect multiple sites to a VPC?
If we have multiple VPN connections, you can provide secure communication between sites using the AWS VPN CloudHub.
How many Subnets can you have per VPC?
You can have up to 200 Subnets per Amazon Virtual Private Cloud (VPC).
When Would You Prefer Provisioned IOPS over Standard Rds Storage?
We would use Provisioned IOPS when you have batch-oriented workloads. Provisioned IOPS delivers high IO rates, but it is also expensive. However, batch-processing workloads do not require manual intervention.
How Do Amazon Rds, Dynamodb, and Redshift Differ from Each Other?
Amazon RDS is a database management service for relational databases. It manages patching, upgrading, and data backups automatically. It’s a database management service for structured data only. On the other hand, DynamoDB is a NoSQL database service for dealing with unstructured data. Redshift is a data warehouse product used in data analysis.
What Are the Benefits of AWS’s Disaster Recovery?
Now, Businesses use cloud computing in part to enable faster disaster recovery of critical IT systems without the cost of a second physical site. The AWS cloud supports many popular disaster recovery architectures ranging from small customer workload data center failures to environments that enable rapid failover at scale. With data centers all over the world, AWS provides a set of cloud-based disaster recovery services that enable rapid recovery of your IT infrastructure and data.