AWS Q&A

SET – 1
1. What is AWS, and why is it used?
AWS (Amazon Web Services) is a cloud platform offering computing power, storage, databases, machine learning, and more through a pay-as-you-go model. It’s used for scalable and flexible cloud computing, eliminating the need for on-premise infrastructure.
2. Explain the difference between EC2 and S3.
EC2 (Elastic Compute Cloud) provides scalable virtual servers for running applications, while S3 (Simple Storage Service) is an object storage service for storing and retrieving data at any scale.
3. What is an AMI (Amazon Machine Image)?
An AMI is a template containing the software configuration (OS, application server, and applications) needed to launch an instance in EC2.
4. Can you explain how an AWS VPC (Virtual Private Cloud) works?
A VPC allows you to define a logically isolated section of AWS to launch resources. You can configure subnets, route tables, and gateways to control the network environment.
5. What is the difference between Vertical Scaling and Horizontal Scaling in AWS?
Vertical scaling increases the power of existing instances (e.g., adding more CPU or RAM). Horizontal scaling adds more instances to distribute the load (e.g., adding more EC2 instances).
6. Explain the various types of storage services in AWS (e.g., S3, EBS, Glacier).
S3: Object storage for unstructured data.
EBS: Block storage for EC2 instances, acting like hard drives.
Glacier: Archival storage for long-term backup with low access frequency.
7. How does pricing work in AWS? What are Reserved Instances?
AWS pricing is based on the pay-as-you-go model. Reserved Instances provide discounted rates if you commit to using certain EC2 instances for 1 or 3 years.
8. What is an Elastic Load Balancer (ELB), and how does it work?
ELB automatically distributes incoming application traffic across multiple targets (e.g., EC2 instances) to improve performance and fault tolerance.
9. Describe Amazon RDS and its main features.
RDS (Relational Database Service) manages database engines (e.g., MySQL, PostgreSQL, etc.) for you, handling backups, patching, and scaling.
10. Explain the concept of ‘Regions’ and ‘Availability Zones’ in AWS
Regions are geographic areas with multiple data centers. Each region is a separate geographic location, like North America, Europe, or Asia. Companies choose regions closer to their customers to make their services faster and more efficient. Availability zones consist of one or more discrete data centers with redundant power,networking, and connectivity. They allow the deployment of resources in a more fault-tolerant way.

SET – 2
1. Explain AWS IAM and its purpose.
IAM (Identity and Access Management) allows you to securely control access to AWS services and resources by creating policies for users, groups, and roles.
2. What is Auto Scaling, and how does it work?
Auto Scaling automatically adjusts the number of EC2 instances based on demand, ensuring the application meets traffic requirements while optimizing cost.
3. Explain the difference between Security Groups and Network ACLs.
Security Groups: Act as a virtual firewall for instances, controlling inbound and outbound traffic at the instance level.
Network ACLs: Control traffic at the subnet level, providing an additional layer of security.
4. What is AWS Lambda, and when would you use it?
AWS Lambda is a serverless compute service that runs code in response to events without provisioning or managing servers. It’s ideal for running microservices, eventdriven applications, and real-time file processing.
5. How do you design a high-availability architecture in AWS across multiple regions?
Use services like Route 53 for DNS failover, Auto Scaling, Multi-AZ deployment for databases (RDS), and Cross-Region Replication for S3. Distribute instances across multiple Availability Zones and regions for resilience.
6. What is the difference between AWS CloudFormation and Terraform?
CloudFormation is AWS-specific and automates infrastructure management using declarative templates. Terraform is cloud-agnostic and can manage infrastructure across multiple cloud platforms.
7. How do you optimize costs in a large AWS environment?
Use Cost Explorer for visibility, leverage Reserved Instances and Savings Plans for discounts, right-size instances, and eliminate idle resources.
8. How do you implement disaster recovery in AWS?
Use multi-region architectures, Route 53 for DNS failover, RDS Multi-AZ for database redundancy, S3 cross-region replication, and scheduled backups using AWS Backup.
9. How do you secure S3 buckets?
Implement bucket policies and IAM roles for access control, enable encryption (in transit and at rest), use S3 versioning, and audit using AWS CloudTrail.
10. What are the different types of databases supported in AWS (DynamoDB, RDS, Redshift)?
RDS: Relational databases like MySQL, PostgreSQL.
DynamoDB: NoSQL database for low-latency and high-throughput.
Redshift: Data warehousing for big data analytics.

SET – 3
1. How do you configure security groups and network ACLs in AWS?
Security Groups act as a firewall for EC2 instances, controlling inbound and outbound traffic at the instance level. Network ACLs are stateless and control traffic at the subnet level.
2. What are AWS CloudWatch and CloudTrail, and how do they differ?
CloudWatch monitors AWS resources and applications, providing metrics and alarms. CloudTrail logs API activity, providing a history of AWS account actions for security auditing.
3. Explain how to back up and restore an AWS environment.
AWS offers services like AWS Backup to automate and manage backups for various services (EC2, RDS, S3). You can restore resources from backups based on recovery points.
4. Can you describe the AWS Lambda architecture and its use cases?
AWS Lambda is a serverless compute service that runs code in response to events. It scales automatically and is used for real-time file processing, APIs, and automation.
5. Explain the concept of AWS Elastic Beanstalk.
Elastic Beanstalk is a PaaS (Platform as a Service) that lets you deploy and manage applications quickly without worrying about the underlying infrastructure.
6. Explain the AWS Direct Connect service and its benefits.
Direct Connect provides a dedicated, private network connection from your data center to AWS, improving performance, reducing latency, and enhancing security compared to internet-based connections.
7. Describe a real-world use case where you would use AWS Kinesis.
AWS Kinesis is used for real-time data streaming applications, like processing clickstream data from websites, real-time analytics, or IoT sensor data processing.
8. What are AWS Organizations, and how do you manage multiple AWS accounts?
AWS Organizations allow you to manage multiple AWS accounts centrally, control billing, apply policies for security and compliance, and consolidate billing.
9. How would you ensure cost optimization in a large AWS environment?
Use Cost Explorer to analyze spending, Reserved Instances and Savings Plans for discounts, and ensure right-sizing of instances. Also, review idle resources and automate shutdowns for non-production instances.
10. Explain how AWS WAF (Web Application Firewall) protects against threats.
AWS WAF monitors and blocks malicious traffic like SQL injection and cross-site scripting (XSS) by allowing you to create custom rules for your web applications.

SET – 4
1. What is the process for migrating on-premises applications to AWS?
The process includes discovery and assessment (using tools like AWS Application Discovery Service), planning the migration (rehosting, replatforming, refactoring), performing the migration with tools like AWS Database Migration Service and AWS Server Migration Service, and testing.
2. Explain how you would design a multi-tier architecture using AWS services.
Use Elastic Load Balancers to distribute traffic, Auto Scaling to handle scaling, RDS for databases, and S3 for static content. Each layer (web, application, database) is isolated for better security and scalability.
3. What strategies would you use to implement disaster recovery in AWS?
Implement multi-region replication for critical data (e.g., RDS and S3 cross-region replication), use Route 53 DNS failover, and deploy backup infrastructure in a secondary region.
4. Describe a scenario where you would use Amazon Route 53 for DNS failover.
Route 53 can be used to route traffic to the secondary region in case of a disaster by using health checks to detect failures in the primary region.
5. How would you manage compliance and security for sensitive workloads on AWS?
Use AWS Config to monitor compliance, AWS Shield for DDoS protection, IAM roles and policies for least-privilege access, and AWS Key Management Service (KMS) to manage encryption keys.
6. What is a NAT Gateway, and when is it used?
A NAT Gateway is a network address translation device that allows instances in a private subnet to access the internet without exposing their public IP addresses.
7. How do you implement data pipelines and analytics in AWS?
Data pipelines can be implemented using AWS services like Kinesis, S3, and Glue. Analytics can be performed using services like Redshift, Athena, and EMR.
8. How do you manage scaling in AWS?
Auto Scaling: Automatically adjusts the number of EC2 instances based on demand.
Manual scaling: Manually adding or removing instances.
Scheduled scaling: Scaling based on a predetermined schedule.
9. What is a T2 instance in AWS?
T2 instances are low-cost instance types for general use. They provide base-level CPU performance but can provide bursts above the baseline. They work best where full CPU capacity is not needed constantly and is only needed to burst higher CPU performance.
10. List the services that can be used to create a centralized logging solution.
A centralized logging solution enables organizations to gather, analyze and display Amazon CloudWatch Logs in one central place. You can use Amazon CloudWatch Logs, Amazon ElasticSearch, and Amazon Kinesis to create a centralized logging solution.

SET – 5
1. List the three common types of AMI designs.
-Fully Baked AMI

–  Just Enough Baked AMI (JeOS AMI)

– Hybrid AMI

2. Explain Key-Pairs in AWS.
Key-pairs in AWS are secured login information for virtual machines. They are password protected login credentials to verify your identity while connecting the Amazon EC2 instances. AWS key-pairs are made up of private and public keys
that connect to the instances.
3. In a VPC, how many subnets are present?
Two hundred subnets can be created in a single Amazon VPC.
4. Why one should prefer Provisioned IOPS, not Standard Rds Storage?
We prefer Provisioned IOPS over Standard Rds Storage because it delivers high IO rates. Usually, we use Provisioned IOPS when there are batch-oriented workloads. However, it is expensive as compared to Standard Rds Storage.
5. What do you understand by Connection draining?
Connection draining is the allowing of serving current requests on the servers. These requests can be either decommissioned or updated.
6. Tell me about Power User Access in AWS
Power-users have owner access like an administrator user but can’t control other users and permissions. The Power user access in AWS IAM gives permission to do other roles except using IAM.
7. Is it possible to take a backup of EFS like EBS?
Yes, it is possible to take a backup of EFS like EBS. Amazon EFS (Elastic File System) provides the ability to take point-in-time backups of your file system using Amazon EFS backup.
8. What is Amazon Route 53?
Amazon Route 53 is a DNS service that provides businesses and developers a safe way to route traffic to the applications. Route 53 also manages network traffic globally and builds highly available applications.
9. Tell the difference between a Domain and a Hosted Zone.
A domain is a collection of data and has easily recognizable names for numerically addressed Internet resources. Whereas, a hosted zone is a container to hold information and it is analogous to a traditional DNS zone file.
10. What is AWS Certificate Manager?
AWS Certificate Manager is an administrative feature that helps you provision, deploy, and manage public and private Secure Socket Layers. These layers are used with AWS services for internally connected resources.