AWS Interview Questions

AWS Interview Question and Answer Series

Refer below links

https://blog.goinit.net/2016/12/aws-interview-questions-part-1.html

https://blog.goinit.net/2021/03/aws-interview-questions-part-2.html

https://blog.goinit.net/2021/03/aws-interview-questions-part-3.html

Q) What is amazon EC2?

Amazon Elastic Compute Cloud (EC2) provides scalable (resizable) computing capacity in the Amazon Web Services (AWS) cloud. Using Amazon EC2 you can launch as many virtual servers you need and configure security, networking and also manage storage.

Q) What is EC2 Instance?

An EC2 instance is a virtual server in Amazon’s Elastic Compute Cloud (EC2) for running application on Amazon Web Service (AWS) infrastructure.

Q) Features of EC2?

1. Virtual computing environment known as instances

2. Preconfigured templates for your instances known as Amazon Machine Images (AMI).

3. Various configurations of CPU, Memory, Storage and networking capacity known instance types.

4. Secure login information for your instances using key pair.

5. Storage volumes for temporary data that’s deleted when you stop or terminate the instances known as instance store volume.

6. Persistent storage volume for your data using Amazon Elastic Block Store (EBS) known as Amazon EBS volume.

7. Multiple physical locations for your resources such as instances and Amazon EBS volumes known as regions and Availability zones.

8. A Firewall that enables you to specify the protocol, ports and source IP ranges that can reach your instances using security groups.

9. Static IP addresses for dynamic cloud computing knows as Elastic IP Addresses.

10. Metadata i.e. tags that you can create and assign to your Amazon EC2 resources.

11. Virtual networks you can create that are logically isolated from rest of the AWS cloud and that you can optionally connect to your own network know as Virtual Private Cloud (VPC)

Q) What is AMI?

It’s a template that provides information (an operating system, an application server and applications) required to launch an instance, which is a copy of AMI running as a virtual server in AWS cloud.

An AMI includes following:

1. A template for root volume for instance (an operating system, an application server and applications)

2. Launch permission that control which AWS accounts can use the AMI to launch the instances.

3. A block device mapping that specifies the volumes to attached to the instance when it is launched.

Q) Types of AMI?

You can select an AMI to use based on following characters.

1. Regions and availability zones.

2. Operating Systems

3. Architecture (32-bit or 64-bit)

4. Launch permission     

5. Storage for root device

Q) What is instance type?

When you launch an instance, the instance type that you specify determines the hardware of the host computer used for your instance.

Each instance type offers different compute, memory and storage capabilities and are grouped into instance families based on these capabilities.

Q) What is VPC?

Amazon Virtual Private Cloud (VPC) enables you to launch Amazon Web Services (AWS) Resources into the virtual network that you have defined.

A virtual Private Cloud (VPC) is a virtual network dedicated to your AWS account.

It is logically isolated from other virtual networks in AWS cloud. You can launch AWS resources such as amazon EC2 instances into your VPC.

You can configure your VPC; you can select its IP address range, create subnets, and configure route tables, network gateways and security settings.

Q) What is Security group?

A Security group act as a virtual firewall for your instance to control inbound and outbound traffic. When you launch an instance in a VPC, you can assign an instance to up to five security group.

Security group act at the instance level, not the subnet level. Therefore each instance in a subnet in your VPC could be assign to a different set of security groups.

If you don’t specify a particular group at launch time, the instance is automatically assigned to the default security group for the VPC.

For each security group, you add rules that control the inbound traffic to instances and a separate set of rules that control the outbound traffic.

Q) Basic Characteristics of Security group for VPC.

i. You can create up to 500 security groups per VPC. You can add up to 50 inbound and outbound rules to each security group. You can associate up to 5 security group per network interface.

ii. You can specify allow rules, but not deny rules.

iii. You can specify separate rules for inbound and outbound traffic.

iv. By default, no inbound traffic is allowed until you add inbound rules to the security groups.

v. By default, an outbound rule allows all outbound traffic. You can remove the rule and add outbound rules that allow specific outbound traffic only.

vi. Security groups are stateful means the responses to allowed inbound traffic are allowed to flow outbound regardless of outbound rules and vice versa.

vii. Instances associated with security groups can’t talk to each other unless you add rules allowing it.

Viii. Security groups are associated with network interfaces. After you launch an instance, you can change security group associated with the instance, which changes the security group’s associated with a primary network interface (eth0).

You can also change security group associated with any other network interface.

Q) What is S3?

Amazon S3 is storage for the internet. A Simple Storage Service that offers software developers a high-scalable, reliable and low-latency data storage infrastructure at very low costs. It is designed to make web-scale computing easier for developers.

Amazon S3 provides a web service interface which you can use to store and retrieve any amount of data, at any time, from anywhere on the web.

Using this web service, developers can easily build applications that make use of internet storage.

Q) Amazon EBS Volume?

Amazon Elastic Block store (Amazon EBS) provides the block level storage volume for use with amazon EC2 Instances. EBS volumes are highly available and reliable storage volumes that can be attached to any running instance that is in same availability zone.

Amazon EBS is recommended when data must be quickly accessible and requires long-term persistence. EBS volumes particularly well suited for the use as the primary storage for the file systems, databases, or for any applications that requires fine granular updates and access to raw, unformatted and block level storage.

Amazon EBS is well suited to both database-style applications that rely on random reads and writes and to throughput-intensive application that performs long, continuous read and writes.

Amazon EBS provide following volume type:

1. General purpose SSD (gp2)

2. Provisioned IOPS SSD (io1)

3. Throughput Optimized HDD (st1)

4. Cold HDD (sc1)

5. Magnetic (standard)

Q) Instance store volume?

An Instance store provides temporary block level storage for your instance. This storage is located on disks that are physically attached to the host computer. Instance store is ideal for temporary storage of information that changes frequently, such as buffers, cache, scratch data, and other temporary content or for the data that is replicated across a fleet of instances, such as a load-balanced pool of web servers.

The data on an instance store volume persists only during the life of the associated Amazon EC2 instance; if you stop or terminate an instance, any data on instance store volumes is lost.

Q) What is IaaS?

Cloud Infrastructure Service, known as Infrastructure as a Service. IaaS model provides computing infrastructure including servers, storage, networking, and networking services (eg firewall).

IaaS provider offers these cloud servers and their associated resources via dashboard and/or API. IaaS clients have direct access to their servers and storage, just as they would with traditional servers but gain access to a much higher order of scalability. Users of IaaS can outsource and build a “virtual data center” in the cloud and have access to many of the same technologies and resource capabilities of a traditional data center without having to invest in capacity planning or the physical maintenance and management of it.

Examples: Amazon EC2, Windows Azure, Rackspace, Google Compute Engine.

Q) What is PaaS?

Cloud Platform Service or Platform as a Service provides the platform on which software can be developed or deployed. It provides you computing platforms which typically includes an operating system, programming language execution environment, database, web server etc.

Examples: AWS Elastic Beanstalk, Google App Engine, Apache Stratos.

Q) What is SaaS?

Cloud application services, or Software as a Service (SaaS), is the most popular and known form of cloud service for consumers. SaaS moves the task of managing software and its deployment to third-party services.

In IaaS model you are provided with access to application software’s often refer to as on-demand software.

Use of SaaS applications tends to reduce the cost of software ownership by removing the need for technical staff to manage install, manage, and upgrade software, as well as reduce the cost of licensing software.
Examples: Google Apps, Netflix, WebEx, GoToMeetings and DropBox, Microsoft Office 365.

Q) Regions and Availability zones?

Amazon EC2 is hosted in multiple locations worldwide. These locations are composed of regions and availability zones. Each region is a separate geographic area. Each region has multiple, isolated locations known as Availability zones. Amazon EC2 provides you the ability to place the resources, such as instances and data in multiple locations.

Each region is completely independent. Each availability zone is isolated, but the availability zones in a region are connected through low-latency link.

Amazon EC2 resources are either global, tied to a region, or tied to an Availability Zone.

Availability zone:

Availability zones are effectively different data centers located within the regions. Each availability zone is completely independent of others which enable them to reside in different areas within the same region providing a level of business continuity in the event of a disaster.

All the Availability zones within the same regions are linked by extremely low latency link providing high availability feature for many of AWS service such as S3, RDS etc. to communicate with each other.

Q) What is Edge Location?

Edge locations are used in conjunction with the AWS CloudFront service which is a global Content Delivery Network service. Edge locations are deployed across the world in multiple locations to reduce the latency for the traffic served over the CDN and as a result, are usually located in high populated areas.

Q) What is shared instance?

i. Shared instances are Amazon EC2 instances which are running on hardware that is not dedicated to single AWS account i.e. different instances from different AWS account sharing same physical host.

ii. In case of stop and start of instances, the underlying hardware (i.e. host) would change

Q) What is dedicated instance?

i. Dedicated instances are Amazon EC2 instances that run in Virtual Private Cloud (VPC) on hardware that is dedicated to a single customer.

ii. Your dedicated instances are physically isolated at host hardware level from the instances that belong to other AWS account.

iii. Dedicated instances may share hardware with other instances from the same AWS account that are not dedicated instances.

iv. In case of stop and start of instances, the underlying hardware (i.e. host) would change.

Q) What is Dedicated Hosts?

i. An Amazon EC2 Dedicated Host is a physical server with EC2 instance capacity fully dedicated to your use. You can use Dedicated Hosts to launch Amazon EC2 instances on physical servers that are dedicated for your use.

ii. Dedicated Hosts give you additional visibility and control over how instances are placed on a physical server.

iii. In case of stop and start of instances, the underlying hardware will not change.

Q) What is Route 53?

Amazon Route 53 is highly available and scalable cloud DNS web service. It is designed to give developers and businesses an extremely reliable and cost effective way to route end user to Internet applications by translating names like www.example.com into the numeric IP addresses like 192.0.2.1 that computers use to connect to each other.

Amazon Route 53 performs three main functions:

1. Register domain names.

2. Route internet traffic to the resources for your domain.
3. Check the health of your resources.