Top AWS Interview Questions and Answers

AWS (Amazon Web Services) is popular because it’s easy to use, reliable, and flexible. For example, you can quickly start servers or store data and only pay for what you use.

AWS provides EC2 for servers, S3 for storage, and IAM (Identity and Access Management) for security. For example, EC2 runs apps, S3 saves files, and IAM controls who can access what.

It’s a virtual server in the cloud. We rent it to run apps or websites, and you can start, stop, or scale it anytime.

We can use S3 to store files, backups, or data you need to access from anywhere. Use EBS when you need fast, block storage attached to an EC2 server, like for running apps or databases.

The public subnet has direct access to the internet. A web server in a public subnet can talk to users on the internet. For example, like a house with a front door.

A private subnet doesn’t have internet access and is used for internal resources. A database in a private subnet stays hidden and only talks to the web server. For example, like a house with no front door, only inside access.

AWS Spot Instances offer the same capabilities as standard EC2 instances but at significantly lower costs. However, their availability is not guaranteed, as they can be interrupted by AWS with little warning. As a result, they are best suited for workloads that can tolerate interruptions, such as batch processing, data analysis, or testing environments.

A Region is like a country or a big area. Inside that, you have Availability Zones. They’re separate data centers. So AWS spreads things out to keep them running, even if one place has issues. For example, the region can be US East (N. Virginia), and the availability zone can be us-east-1a.
 

Horizontal scaling means adding more machines to handle the load. Vertical scaling means giving more power (CPU, RAM) to your existing machine. For example, if your app is slow, you can either upgrade your EC2 instance (vertical) or add more EC2 instances behind a load balancer (horizontal).

We can use CloudWatch to monitor AWS resources like EC2 and Lambda. It helps track logs, set alarms, and check performance. For example, we can set up alerts for high CPU usage on EC2, so we can fix issues before they get worse.

Snowball is a physical device from AWS used to move large amounts of data into the cloud. It’s helpful when transferring data over the internet would take too long or be too expensive. For example, use it when your internet is too slow to upload large files, like moving all your company’s photos or videos to the cloud.

There are three types:

IaaS(Infrastructure as a Service): You get virtual machines and storage. AWS EC2 and S3 are examples.

PaaS(Platform as a Service): A ready platform to run apps without managing servers. Like Elastic Beanstalk and Lambda.

SaaS(Software as a Service): Software you use right away, like WorkDocs or Chime.

We use Elastic IP when we have to provide a static, public IPV4 address. This feature is crucial for maintaining consistent connectivity for applications and services even when instances are stopped, started, or replaced.

S3 is for storing files you need to access quickly and often, while Glacier is for long-term storage when you don’t need to get to your files right away. It’s less expensive but slower to access.

Amazon RDS is a relational database that uses SQL and is good for structured data. DynamoDB is a NoSQL database that works well with flexible, fast, and scalable key-value data.

AWS Lambda lets you run code without managing servers. You just upload your code, and it runs automatically when triggered, scaling up or down as needed.

EC2 gives you full control of a virtual server where you manage everything. Lambda runs your code without needing to manage any servers. Just write the code, and it runs when triggered.

Elastic Beanstalk is for quickly deploying and managing apps. AWS handles most of the setup. OpsWorks gives you more control and uses Chef or Puppet to automate server setup and management. Puppet is a tool that automates server setup and management. It keeps everything consistent and saves time by applying the same rules across many servers.

SNS(Simple Notification Service) is for sending messages to many systems at once (like a broadcast), while SQS(Simple Queue Service) is for holding messages in a queue until one system picks it up to process. SNS pushes, SQS stores.

Route 53 is a DNS service that directs users to resources like websites. ELB (Elastic Load Balancer) distributes incoming traffic across multiple servers. Route 53 helps users find the server, and ELB balances the traffic once they get there.

CloudFront is best for caching and speeding up static content like images, videos, or scripts through edge locations. Global Accelerator is better for improving overall application performance by routing traffic through the AWS global network to the nearest healthy endpoint. Use CloudFront for content delivery. Use Global Accelerator for low-latency access to applications.

VPC Peering is like a direct link between two networks. Transit Gateway is more like a central hub that connects lots of networks together all at once.

CloudFormation helps you set up AWS resources automatically using templates. CloudTrail keeps track of what happens in your AWS account, like a log of all actions.

AWS Storage Gateway has three types:

File Gateway – lets you save files to the cloud like a network drive. For example, save work documents to the cloud like a shared folder.

Volume Gateway – acts like a hard drive you can back up to AWS. For example, use a cloud hard drive for your database backups.

Tape Gateway – works like old-school tape backups but stores data in the cloud. For example, replace physical backup tapes with cloud storage for old files.

CloudFormation is AWS’s tool to set up and manage resources using templates. Terraform can do the same, but it works with many cloud services, not just AWS. If you only use AWS, CloudFormation is straightforward. But if you handle different clouds, Terraform is more flexible. Both help automate tasks so you don’t have to do everything by hand.

ECS(Elastic Container Service) is AWS’s service to run containers easily. EKS(Elastic Kubernetes Service) runs Kubernetes, which is a popular tool that works on many platforms. ECS is simpler, while EKS gives you more options if you need them.

Use Fargate if you want to run containerized apps without worrying about servers, especially for apps that run longer or need more setup. For example, to run a web app in containers that stays online all day.

Use Lambda for quick, small tasks that happen in response to events and finish fast. For example, to resize images automatically right after someone uploads a photo.

AWS WAF watches the web traffic and blocks harmful requests before they reach your app. AWS Shield focuses on stopping large-scale attacks that try to flood your app with traffic. So, WAF is about filtering bad visitors, and Shield is about handling big attacks.

AWS Config tracks changes in your resources and shows how they’ve changed over time. CloudTrail records who did what and when across your AWS account. So, Config watches the resource setup, while CloudTrail watches the actions people take.

CodeDeploy handles getting your app changes onto the servers. CodePipeline is like the assembly line. It takes your code, runs tests, builds it, and then sends it over to CodeDeploy. Together, they help you roll out updates without a trouble.

EFS(Elastic File System) works best when you need simple, shared storage across many Linux servers. FSx(File System x) gives you more choices, like Windows-friendly or high-speed file systems, depending on what your app needs.

Step Functions is easier to use, with a visual workflow and simple setup. SWF(Simple Workflow Service) is older, more flexible, but harder to manage. Use Step Functions for most new projects unless you need deep customization.

AWS Direct Connect provides a dedicated, high-bandwidth, low-latency connection to AWS, ideal for consistent performance. VPN uses the public internet, is easier to set up, but may have higher latency and variable speed.

AWS KMS(Key Management Service) is a managed service that handles encryption keys for you with easy integration, while CloudHSM(Cloud Hardware Security Module) gives you full control over hardware security modules to manage your keys directly.

AWS makes DevOps easier because it helps you automate things. For example, with AWS CodePipeline, your code can be tested and updated automatically every time you change it. This means fewer mistakes and faster updates. Also, AWS handles the servers, so you don’t have to worry about that part.