Cloud / Amazon Web Service (AWS) Interview questions
Amazon Web Service (AWS) is a collection of remote computing services also known as a cloud computing platform. AWS offers IaaS or Infrastructure as a Service.
Amazon Web Services offers reliable, scalable, and inexpensive cloud computing services. There are over 175 fully-featured services from data centers globally.
AWS Elastic Beanstalk is an orchestration service offered by Amazon Web Services for deploying applications that orchestrate various AWS services, including EC2, S3, Simple Notification Service, CloudWatch, autoscaling, and Elastic Load Balancers.
AWS CodePipeline is a fully managed continuous delivery service that helps you automate your release pipelines for fast and reliable application and infrastructure updates. CodePipeline automates the build, test, and deploy phases of your release process every time there is a code change, based on the release model you define. This enables you to rapidly and reliably deliver features and updates. You can easily integrate AWS CodePipeline with third-party services such as GitHub or with your own custom plugin.
An environment is a collection of AWS resources running an application version. Each environment runs only one application version at a time, however, you can run the same application version or different application versions in many environments simultaneously. When you create an environment, Elastic Beanstalk provisions the resources needed to run the application version you specified.∫
Lightsail is an easy-to-use cloud platform that offers you everything needed to build an application or website. Lightsail is ideal for simpler workloads, quick deployments, and getting started on AWS. It's designed to help you start small, and then scale as you grow. Lightsail is ideal for Simple web applications, Websites, business software, and dev/test/QA environment.
AWS Lambda is an event-driven, serverless computing platform provided by Amazon as a part of Amazon Web Services. It is a computing service that runs code in response to events and automatically manages the computing resources required by that code.
Route 53, is a DNS web service.
Amazon VPC (Virtual Private Cloud) provides versatile network performance in AWS, which means it provides integrated security and a private cloud.
Simple E-mail Service allows sending e-mail using RESTFUL API call or via regular SMTP.
Identity and Access Management (IAM) provides enhanced security and identity management for your AWS account.
Simple Storage Device or (S3) is a storage device and the most widely used AWS service.
Elastic Compute Cloud (EC2) provides on-demand computing resources for hosting applications. It is handy in case of unpredictable workloads.
Elastic Block Store (EBS) offers persistent storage volumes that attach to EC2 to allow you to persist data past the lifespan of a single Amazon EC2 instance.
CloudWatch monitors AWS resources, allows administrators to view and collect key Also, one can set a notification alarm in case of trouble.
Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services that provides object storage through a web service interface. S3 provides industry-leading scalability, data availability, security, and performance.
Cloud computing comprises IT resources such as infrastructure, platform, or software as their services are used over the Internet on a pay-per-use basis. Cloud service providers are the companies that have public cloud or data centers that offer services like computation, storage, database, operations, migration, messaging, Notifications, and analytics services.
Some of the leading cloud service providers are AWS, Microsoft Azure, Google Cloud Platform, IBM Cloud, Rackspace, Verizon Cloud and Heroku.Amazon Simple Email Service (SES) is a flexible, and scalable email service that enables developers to send mail from within any application in a cost-effective way. Amazon SES can be configured quickly to support several email use cases, including transactional, marketing, or mass email communications. With Amazon SES, it is easy to send email securely, globally, and at scale.
AMI (Amazon Machine Image) is a template that provides the information (an operating system, an application server, and applications) required to launch an instance, which is a copy of the AMI running as a virtual server in the cloud. You can launch instances from as many different AMIs as you need.
An AMI can be shared.
Auto-scaling function in AWS allows you to provision and launch new instances whenever there is a demand. It allows you to automatically increase or decrease resource capacity in relation to the demand.
AWS Auto Scaling monitors your applications and automatically adjusts capacity to maintain steady, predictable performance.
Amazon CloudFront is a fast content delivery network(CDN) offered by Amazon Web Services. Amazon CloudFront service securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds, all within a developer-friendly environment, thus improving access speed for downloading the content.
AWS CloudFormation provides a common language for you to model and provision AWS and third-party application resources in your cloud environment. CloudFormation allows you to use programming languages or a simple text file to model and provision, in an automated and secure manner, all the resources needed for your applications across all regions and accounts. This gives you a single source of truth for your AWS and non-AWS resources.
"Resources": { "MyInstance": { "Type": "AWS::EC2::Instance", "Metadata" : { "AWS::CloudFormation::Init" : { "config" : { "packages" : { : }, "groups" : { : }, "users" : { : }, "sources" : { : }, "files" : { : }, "commands" : { : }, "services" : { : } } } }, "Properties": { : } } }
Virtual Private Cloud (VPC) allows you to customize your networking configuration. It is a network that is logically isolated from another network in the cloud. It allows you to have your IP address range, internet gateways, subnet, and security groups.
Elastic block storage (EBS) is a storage system that is used to store persistent data. EBS is designed to provide block-level storage volumes and to use EC2 instance for both transactions and throughput intensive workloads at any scale.
Amazon Elastic Block Store provides raw block-level storage that can be attached to Amazon EC2 instances and is used by Amazon Relational Database Service.
EBS. | S3. |
Highly Scalable. | Less scalable. |
Block storage. | Object storage. |
EBS provides faster retrival operations. | S3 less speed when compared to EBS. |
User can access EBS only via the given EC2 instance. | Anyone can access S3 as it is available public. |
supports File system interface. | supports web interface. |
An Elastic IP address is a static IPv4 address designed for dynamic cloud computing. By using an Elastic IP address, you can mask the failure of an instance or software by rapidly remapping the address to another instance in your account. An Elastic IP address is allocated to your AWS account and is yours until you release it.
An Elastic IP address is a public IPv4 address, which is reachable from the internet.
Amazon API Gateway is a fully managed service that developers can use to create, publish, maintain, monitor, and secure APIs at any scale. APIs act as the front door for applications to access data, business logic, or functionality from your backend services. Using API Gateway, you can create RESTful APIs and WebSocket APIs that enable real-time two-way communication applications. API Gateway supports containerized and serverless workloads, as well as web applications.
A security group acts as a virtual firewall for your EC2 instances to control incoming and outgoing traffic. Inbound rules control the incoming traffic and outbound rules control the outgoing traffic for your instance. When Amazon EC2 decides whether to allow traffic to reach an instance, it evaluates all of the rules from all of the security groups that are associated with the instance.
You can add rules to each security group that allows traffic to or from its associated instances. You can modify the rules for a security group at any time. New and modified rules are automatically applied to all instances that are associated with the security group.
When you launch an instance, you can specify one or more security groups. If you don't specify a security group, Amazon EC2 uses the default security group.
An Amazon S3 bucket is a public cloud storage resource available in AWS Simple Storage Service (S3). Amazon S3 buckets are similar to file folders, store objects that have data and descriptive metadata.
NAT stands for Network Address Translation. NAT gateways enable instances in a private subnet to connect to the internet but prevent the internet from initiating a connection with those instances.
Cross-Region Replication is an AWS service that enables the replication of the data from one bucket to another bucket which could be in the same or different region. It provides asynchronous copying of objects.
Security groups are tied to an instance whereas Network ACLs are tied to the subnet.
A Security Group defines which traffic is allowed TO/FROM EC2 instance. Whereas ACL, controls at the SUBNET level, scrutinize the traffic TO/FROM a Subnet.
In AWS, there are 4 services related to CI/CD: CodeBuild, CodePipeline, CodeCommit, and CodeDeploy. All of them are fully managed.
CodeBuild is used to build and test code, as well as create deployment-ready software packages.
CodeCommit is a source control service that hosts your Git repositories. It keeps your code secure with encryption, simplifies collaborations, and provides excellent accessibility to all the members of your project team.
CodePipeline is a continuous delivery service that lets you automate release pipelines, and CodeDeploy automates software deployments.
There are 3 types of load balancers that are supported by Elastic Load Balancing:
- Application Load Balancer,
- Network Load Balancer,
- and Classic Load Balancer.
- General purpose,
- Computer Optimized,
- Memory Optimized,
- Storage Optimized,
- and Accelerated Computing.
- PaaS, Platform as a Service.
- SaaS, Software as a Service.
- IaaS, Infrastructure as a Service.
SQS is an AWS component, that offers a fully managed distributed queue service. Queues help handle communication between different services or other components in distributed systems.
A DLQ is a special queue for messages which other queues (source queues) can target for messages that can't be processed (consumed) successfully. Dead-letter queues are useful for debugging your application or messaging system because they let you isolate problematic messages to determine why their processing doesn't succeed.
An edge location is the nearest point to the consumer(user) who is consuming the AWS service. In these locations, the server is not present but a small setup is there.
Unlike Availability Zones which are physical locations where AWS servers lies, an Edge location is basically a small setup in different locations. AWS Edge location is the place where the data is cached to reduce the latency to the end-users.
Amazon S3 offers a range of storage classes designed for different use cases.
- S3 Standard for general-purpose storage of frequently accessed data.
- S3 Intelligent-Tiering for data with unknown or changing access patterns.
- S3 Standard-Infrequent Access (S3 Standard-IA) and S3 One Zone-Infrequent Access (S3 One Zone-IA) for long-lived, but less frequently accessed data.
- and Amazon S3 Glacier (S3 Glacier) and Amazon S3 Glacier Deep Archive (S3 Glacier Deep Archive) for long-term archive and digital preservation.
S3 bucket can be secured in 2 ways:
- ACL (Access Control List) is used to manage the access of resources to buckets and objects. An object of each bucket is associated with ACL. It defines which AWS accounts have granted access and the type of access. When a user sends the request for a resource, then its corresponding ACL will be checked to verify whether the user has granted access to the resource or not. When you create a bucket, then Amazon S3 creates a default ACL which provides full control over the AWS resources.
- Bucket policies are only applied to S3 bucket. Bucket policies define what actions are allowed or denied. Bucket policies are attached to the bucket not to an S3 object but the permissions define in the bucket policy are applied to all the objects in S3 bucket.
Policy is an object which is associated with a resource that defines the permissions. AWS evaluates these policies when the user makes a request. Permissions in the policy determine whether to allow or to deny an action. Policies are stored in the form of JSON documents.
AWS supports 6 policy types.
- Identity-based policies,
- Resource-based policies,
- Permissions boundaries,
- Organizations SCPs,
- Access Control Lists,
- Session policies.
EC2 is a cloud web service used for hosting your application while S3 provides object/file storage (data storage).
The AWS Snowball is a petabyte-scale data transport service that uses physical storage devices to transfer large amounts of data between Amazon Simple Storage Service (Amazon S3) and your onsite data storage location at faster-than-internet speeds.
Using AWS Snowball, you can save time and money. Snowball provides powerful interfaces that you can use to create jobs, track data, and track the status of your jobs through to completion.
AWS CloudTrail is a service that provides compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure.
CloudTrail provides event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command-line tools, and other AWS services. This event history simplifies security analysis, resource change tracking, and troubleshooting.
- Analytics
- Application Integration
- AR & VR
- AWS Cost Management
- Blockchain
- Business Applications
- Compute
- Containers
- Customer Enablement
- Database
- Developer Tools
- End User Computing
- Front-end Web & Mobile
- Game Development
- Internet of Things
- Machine Learning
- Management & Governance
- Media Services
- Migration & Transfer
- Networking & Content Delivery
- Quantum Technologies
- Robotics
- Satellite
- Security, Identity, & Compliance
- Storage