Table of contents
- 1. Differentiate between on-demand instances and spot instances.
- 2. What is the boot time for an instance store-backed instance?
- 3. Is it possible to vertically scale on an Amazon Instance? If yes, how?
- 4. Differentiate between vertical and horizontal scaling in AWS.
- 5. What is the total number of buckets that can be created in AWS by default?
- 6. Differentiate between Amazon RDS, Redshift, and Dynamo DB.
- 7. An organization wants to deploy a two-tier web application on AWS. The application requires complex query processing and table joins. However, the company has limited resources and requires high availability. Which is the best configuration for the company based on the requirements?
- 8. What should be the instance’s tenancy attribute for running it on single-tenant hardware?
- 9. What are the important features of a classic load balancer in Amazon Elastic Compute Cloud (EC2)?
- 10. What parameters will you consider when choosing the availability zone?
- 11. Which instance will you use for deploying a 4-node Hadoop cluster in AWS?
- 12. How will you bind the user session with a specific instance in ELB (Elastic Load Balancer)?
- 13. What are the possible connection issues you encounter when connecting to an Amazon EC2 instance?
- 14. Can you run multiple websites on an Amazon EC2 server using a single IP address?
- 15. What happens when you reboot an Amazon EC2 instance?
- 16. How is stopping an Amazon EC2 instance different from terminating it?
- Advanced AWS Interview Questions and Answers
1. Differentiate between on-demand instances and spot instances.
Spot Instances are spare unused Elastic Compute Cloud (EC2) instances that one can bid for. Once the bid exceeds the existing spot price (which changes in real-time based on demand and supply), the spot instance will be launched. If the spot price exceeds the bid price, the instance can go away anytime and terminate within 2 minutes of notice. The best way to decide on the optimal bid price for a spot instance is to check the price history of the last 90 days available on the AWS console. The advantage of spot instances is that they are cost-effective, and the drawback is that they can be terminated anytime. Spot instances are ideal to use when –
There are optional nice-to-have tasks.
You have flexible workloads that can run when there is enough computing capacity.
Tasks that require extra computing capacity to improve performance.
On-demand instances are made available whenever you require them, and you need to pay for the time you use them hourly. These instances can be released when they are no longer required and do not require any upfront commitment. The availability of these instances is guaranteed by AWS, unlike spot instances.
The best practice is to launch a couple of on-demand instances which can maintain a minimum level of guaranteed compute resources for the application and add on a few spot instances whenever there is an opportunity.
2. What is the boot time for an instance store-backed instance?
The boot time for an Amazon Instance Store -Backed AMI is usually less than 5 minutes.
3. Is it possible to vertically scale on an Amazon Instance? If yes, how?
Following are the steps to scale an Amazon Instance vertically –
Spin up a larger Amazon instance than the existing one.
Pause the existing instance to remove the root ebs volume from the server and discard.
Stop the live running instance and detach its root volume.
Make a note of the unique device ID and attach that root volume to the new server.
Start the instance again.
4. Differentiate between vertical and horizontal scaling in AWS.
The main difference between vertical and horizontal scaling is how you add compute resources to your infrastructure. In vertical scaling, more power is added to the existing machine. In contrast, in horizontal scaling, additional resources are added to the system with the addition of more machines into the network so that the workload and processing are shared among multiple devices. The best way to understand the difference is to imagine retiring your Toyota and buying a Ferrari because you need more horsepower. This is vertical scaling. Another way to get that added horsepower is not to ditch the Toyota for the Ferrari but buy another car. This can be related to horizontal scaling, where you drive several cars simultaneously.
When the users are up to 100, an Amazon EC2 instance alone is enough to run the entire web application or the database until the traffic ramps up. Under such circumstances, when the traffic ramps up, it is better to scale vertically by increasing the capacity of the EC2 instance to meet the increasing demands of the application. AWS supports instances up to 128 virtual cores or 488GB RAM.
When the users for your application grow up to 1000 or more, vertical cannot handle requests, and there is a need for horizontal scaling, which is achieved through a distributed file system, clustering, and load balancing
5. What is the total number of buckets that can be created in AWS by default?
100 buckets can be created in each of the AWS accounts. If additional buckets are required, increase the bucket limit by submitting a service limit increase.
6. Differentiate between Amazon RDS, Redshift, and Dynamo DB.
Features | Amazon RDS | Redshift | Dynamo DB |
Computing Resources | Instances with 64 vCPU and 244 GB RAM | Nodes with vCPU and 244 GB RAM | Not specified, SaaS-Software as a Service. |
Maintenance Window | 30 minutes every week. | 30 minutes every week. | No impact |
Database Engine | MySQL, Oracle DB, SQL Server, Amazon Aurora, Postgre SQL | Redshift | NoSQL |
Primary Usage Feature | Conventional Databases | Data warehouse | Database for dynamically modified data |
Multi A-Z Replication | Additional Service | Manual | In-built |
7. An organization wants to deploy a two-tier web application on AWS. The application requires complex query processing and table joins. However, the company has limited resources and requires high availability. Which is the best configuration for the company based on the requirements?
DynamoDB deals with core problems of database storage, scalability, management, reliability, and performance but does not have an RDBMS’s functionalities. DynamoDB does not support complex joins or query processing, or complex transactions. You can run a relational engine on Amazon RDS or Amazon EC2 for this kind of functionality.
8. What should be the instance’s tenancy attribute for running it on single-tenant hardware?
The instance tenancy attribute must be set to a dedicated instance, and other values might not be appropriate for this operation.
9. What are the important features of a classic load balancer in Amazon Elastic Compute Cloud (EC2)?
The high availability feature ensures that the traffic is distributed among Amazon EC2 instances in single or multiple availability zones. This ensures a high scale of availability for incoming traffic.
Classic load balancer can decide whether to route the traffic based on the health check’s results.
You can implement secure load balancing within a network by creating security groups in a VPC.
Classic load balancer supports sticky sessions, which ensures a user’s traffic is always routed to the same instance for a seamless experience.
10. What parameters will you consider when choosing the availability zone?
Performance, pricing, latency, and response time are factors to consider when selecting the availability zone.
11. Which instance will you use for deploying a 4-node Hadoop cluster in AWS?
We can use a c4.8x large instance or i2.large for this, but using a c4.8x will require a better configuration on the PC.
12. How will you bind the user session with a specific instance in ELB (Elastic Load Balancer)?
This can be achieved by enabling Sticky Session.
13. What are the possible connection issues you encounter when connecting to an Amazon EC2 instance?
Unprotected private key file
Server refused key
Connection timed out
No supported authentication method available
Host key not found,permission denied.
User key not recognized by the server, permission denied.
14. Can you run multiple websites on an Amazon EC2 server using a single IP address?
More than one elastic IP is required to run multiple websites on Amazon EC2.
15. What happens when you reboot an Amazon EC2 instance?
Rebooting an instance is just similar to rebooting a PC. You do not return to the image’s original state. However, the hard disk contents are the same as before the reboot.
16. How is stopping an Amazon EC2 instance different from terminating it?
Stopping an Amazon EC2 instance result in a normal shutdown being performed on the instance, and the instance is moved to a stop state. However, when an EC2 instance is terminated, it is transferred to a stopped state, and any EBS volumes attached to it are deleted and cannot be recovered.
Advanced AWS Interview Questions and Answers
Here are a few AWS Interview Questions and Answers for experienced professionals to further strengthen their knowledge of AWS services useful in cloud computing.
17. Mention the native AWS security logging capabilities.
AWS CloudTrail:
This AWS service facilitates security analysis, compliance auditing, and resource change tracking of an AWS environment. It can also provide a history of AWS API calls for a particular account. CloudTrail is an essential AWS service required to understand AWS use and should be enabled in all AWS regions for all AWS accounts, irrespective of where the services are deployed. CloudTrail delivers log files and an optional log file integrity validation to a designated Amazon S3 (Amazon Simple Storage Service) bucket once almost every five minutes. When new logs have been delivered, AWS CloudTrail may be configured to send messages using Amazon Simple Notification Service (Amazon SNS). It can also integrate with AWS CloudWatch Logs and AWS Lambda for processing purposes.
AWS Config:
AWS Config is another significant AWS service that can create an AWS resource inventory, send notifications for configuration changes and maintain relationships among AWS resources. It provides a timeline of changes in resource configuration for specific services. If multiple changes occur over a short interval, then only the cumulative changes are recorded. Snapshots of changes are stored in a configured Amazon S3 bucket and can be set to send Amazon SNS notifications when resource changes are detected in AWS. Apart from tracking resource changes, AWS Config should be enabled to troubleshoot or perform any security analysis and demonstrate compliance over time or at a specific time interval.
AWS Detailed Billing Reports:
Detailed billing reports show the cost breakdown by the hour, day, or month, by a particular product or product resource, by each account in a company, or by customer-defined tags. Billing reports indicate how AWS resources are consumed and can be used to audit a company’s consumption of AWS services. AWS publishes detailed billing reports to a specified S3 bucket in CSV format several times daily.
Amazon S3 (Simple Storage Service) Access Logs:
Amazon S3 Access logs record information about individual requests made to the Amazon S3 buckets and can be used to analyze traffic patterns, troubleshoot, and perform security and access auditing. The access logs are delivered to designated target S3 buckets on a best-effort basis. They can help users learn about the customer base, define access policies, and set lifecycle policies.
Elastic Load Balancing Access Logs:
Elastic Load Balancing Access logs record the individual requests made to a particular load balancer. They can also analyze traffic patterns, perform troubleshooting, and manage security and access auditing. The logs give information about the request processing durations. This data can improve user experiences by discovering user-facing errors generated by the load balancer and debugging any errors in communication between the load balancers and back-end web servers. Elastic Load Balancing access logs get delivered to a configured target S3 bucket based on the user requirements at five or sixty-minute intervals.
Amazon CloudFront Access Logs:
Amazon CloudFront Access logs record individual requests made to CloudFront distributions. Like the previous two access logs, Amazon CloudFront Access Logs can also be used to analyze traffic patterns, perform any troubleshooting required, and for security and access auditing. Users can use these access logs to gather insight about the customer base, define access policies, and set lifecycle policies. CloudFront Access logs get delivered to a configured S3 bucket on a best-effort basis.
Amazon Redshift Logs:
Amazon Redshift logs collect and record information concerning database connections, any changes to user definitions, and activity. The logs can be used for security monitoring and troubleshooting any database-related issues. Redshift logs get delivered to a designated S3 bucket.
Amazon Relational Database Service (RDS) Logs:
RDS logs record information on access, errors, performance, and database operation. They make it possible to analyze the security, performance, and operation of AWS-managed databases. RDS logs can be viewed or downloaded using the Amazon RDS console, the Amazon RDS API, or the AWS command-line interface. The log files may also be queried from a specific database table.
Amazon Relational Database Service (RDS) logs capture information about database access, performance, errors, and operation. These logs allow security, performance, and operation analysis of the AWS-managed databases. Customers can view, watch, or download these database logs using the Amazon RDS console, the AWS Command Line Interface, or the Amazon RDS API. the log files may also be queried by using DB engine-specific database tables.
Amazon VPC Flow Logs:
Amazon VPC Flow logs collect information specific to the IP traffic, incoming and outgoing from the Amazon Virtual Private Cloud (Amazon VPC) network interfaces. They can be applied, as per requirements, at the VPC, subnet, or individual Elastic Network Interface level. VPC Flow log data is stored using Amazon CloudWatch Logs. To perform any additional processing or analysis, the VPC Flow log data can be exported using Amazon CloudWatch. It is recommended to enable Amazon VPC flow logs for debugging or monitoring policies that require capturing and visualizing network flow data.
Centralized Log Management Options:
Various options are available in AWS for centrally managing log data. Most of the AWS audit and access logs data are delivered to Amazon S3 buckets, which users can configure.
Consolidation of all the Amazon S3-based logs into a centralized, secure bucket makes it easier to organize, manage and work with the data for further analysis and processing. The Amazon CloudWatch logs provide a centralized service where log data can be aggregated.
18. What is a DDoS attack, and how can you handle it?
A Denial of Service (DoS) attack occurs when a malicious attempt affects the availability of a particular system, such as an application or a website, to the end-users. A DDoS attack or a Distributed Denial of Service attack occurs when the attacker uses multiple sources to generate the attack.DDoS attacks are generally segregated based on the layer of the Open Systems Interconnection (OSI) model that they attack. The most common DDoS attacks tend to be at the Network, Transport, Presentation, and Application layers, corresponding to layers 3, 4, 6, and 7, respectively.
19. What are RTO and RPO in AWS?
The Disaster Recovery (DR) Strategy involves having backups for the data and redundant workload components. RTO and RPO are objectives used to restore the workload and define recovery objectives on downtime and data loss.
Recovery Time Objective or RTO is the maximum acceptable delay between the interruption of a service and its restoration. It determines an acceptable time window during which a service can remain unavailable.
Recovery Point Objective or RPO is the maximum amount of time allowed since the last data recovery point. It is used to determine what can be considered an acceptable loss of data from the last recovery point to the service interruption.
RPO and RTO are set by the organization using AWS and have to be set based on business needs. The cost of recovery and the probability of disruption can help an organization determine the RPO and RTO.
Upskill yourself for your dream job with industry-level big data projects with source code.
20. How can you automate EC2 backup by using EBS?
AWS EC2 instances can be backed up by creating snapshots of EBS volumes. The snapshots are stored with the help of Amazon S3. Snapshots can capture all the data contained in EBS volumes and create exact copies of this data. The snapshots can then be copied and transferred into another AWS region, ensuring safe and reliable storage of sensitive data.
Before running AWS EC2 backup, it is recommended to stop the instance or detach the EBS volume that will be backed up. This ensures that any failures or errors that occur will not affect newly created snapshots.
The following steps must be followed to back up an Amazon EC2 instance:
Sign in to the AWS account, and launch the AWS console.
Launch the EC2 Management Console from the Services option.
From the list of running instances, select the instance that has to be backed up.
Find the Amazon EBS volumes attached locally to that particular instance.
List the snapshots of each of the volumes, and specify a retention period for the snapshots. A snapshot has to be created of each volume too.
Remember to remove snapshots that are older than the retention period.
21. Explain how one can add an existing instance to a new Auto Scaling group?
To add an existing instance to a new Auto Scaling group:
Open the EC2 console.
From the instances, select the instance that is to be added
Go to Actions -> Instance Setting -> Attach to Auto Scaling Group
Select a new Auto Scaling group and link this particular group to the instance.