Share this:

Top 161 AWS Questions and Answers for Job Interview :

1) Define AWS.

Answer : AWS is the acronym for Amazon Web Services. It is one of the most popular platforms that provides certain on-demand resources for hosting web services, storage, networking, databases and other resources over the internet with a pay-as-the user-go pricing system.

2) Mention the components of AWS.

Answer : Some of the components of Amazon Web Services are EC2 (Elastic Compute Cloud), S3 (Simple Storage Service), Route53, EBS (Elastic Block Store), Cloudwatch, Key-Paris.

3) What do you mean by key pairs?

Answer : Key-pairs can be considered as little packets of data that secure the login information for the user’s instances/virtual machines. To connect to the instances, one usually makes use of key-pairs that contain a public-key and private-key.

4) What do you know about the S3?

Answer : S3 is the acronym for Simple Storage Service. It is a storage service that provides an interface that can be used to store any amount of data, at any time, from anywhere in the world. With S3 the user pays only for what the user uses and the payment model is pay-as-you-go.

5) Mention the pricing models for EC2 Instances.

Answer : The various pricing models used for EC2 instances have been mentioned below:

  • On-demand
  • Reserved
  • Spot
  • Scheduled
  • Dedicated

6)What do you know about the EBS volumes?

Answer : EBS is the acronym for Elastic Block Stores. They are persistent volumes that can be attached to the instances. With EBS volumes, the user’s data will be preserved even when he/she stops his/her instances, unlike the instance store volumes where the data is deleted when one stops the instances.

7)What are the different types of volumes provided by AWS for EC2 Instances?

Answer : There are two types of volumes [provided by the AWS for EC2 Instances:

  • Instance store volumes
  • EBS – Elastic Block Stores

8) Mention the various types of instances.

Answer : The various types of instances provided by AWS are:

  • General purpose
  • Computer Optimized
  • Storage Optimized
  • Memory Optimized
  • Accelerated Computing

9) Mention the different types of volumes that have been provided in the EBS.

Answer : The different types of volumes that have been provided in the EBS:

  • General purpose
  • Provisioned IOPS
  • Magnetic
  • Cold HDD
  • Throughput optimized

10) What do you know about reserved instances?

Answer : Reserved instances are the instances that one can use to reserve a fixed capacity of EC2 instances. In reserved instances the user will have to get into a contract of 1 year or 3 years.

11) What do the user know about auto-scaling and its components?

Answer : Auto scaling allows the users to automatically scale-up and scale-down the number of instances depending on the CPU utilization or memory utilization. There are 2 components in Auto scaling, they are Auto-scaling groups and Launch Configuration.

12) Define EIP.

Answer : EIP is an acronym for Elastic IP address. It is designed for dynamic cloud computing. When the user wants to have a static IP address for the various instances when he/she stops and restarts the instances, he/she will be using EIP address.

13) Define AMI.

Answer : AMI stands for Amazon Machine Image. AMI is a template that contains the software configurations, launch permission and a block device mapping that specifies the volume to attach to the instance when it is launched.

14) What do you know about Cloudwatch?

Answer : Cloudwatch is a monitoring tool that can be used to monitor the various AWS resources such as health check, network, Application, etc.

15) Mention the different types of Cloudwatch.

Answer : There are 2 types in cloudwatch in AWS: Basic monitoring and detailed monitoring. Basic monitoring is free and detailed monitoring is chargeable.

16) Mention the Cloudwatch metrics that have been provided in the EC2 Instances.

Answer : The various Cloudwatch metrics that have been provided in the EC2 instances: Diskreads, Diskwrites, CPU utilization, networkpacketsIn, networkpacketsOut, networkIn, networkOut, CPUCreditUsage, CPUCreditBalance.

17) Mention the different storage classes provided in S3.

Answer : The different storage classes provided in S3 are:

  • Standard frequently accessed
  • Standard infrequently accessed
  • One-zone infrequently accessed.
  • Glacier
  • RRS – reduced redundancy storage

18) Write about the minimum and maximum size of individual objects that can be created in S3.

Answer : The minimum size of individual objects that can be stored in S3 by the user is 0 bytes and the maximum bytes that can be stored for individual objects is 5TB.

19) Write about the default storage class in S3.

Answer : The default storage class in S3 in Standard frequently accessed.

20) How to secure access to S3 bucket?

Answer : There are two ways that the user can control the access to the user S3 buckets:

  • ACL – Access Control List
  • Bucket polices

21) How to encrypt data in S3?

Answer : The following ways are used to encrypt data in S3:

  • Server Side Encryption – S3 (AES 256 encryption)
  • Server Side Encryption – KMS (Key management Service)
  • Server Side Encryption – C (Client Side)

22) What parameters are maintained during S3 pricing?

Answer : The parameters that have to be maintained by a user during S3 pricing:

  • Storage used
  • Number of requests the user make
  • Storage management
  • Data transfer
  • Transfer acceleration

23) What are the prerequisites required by a user to work with Cross region replication in S3?

Answer : The user needs to enable versioning on both source bucket and destination to work with cross region replication. Both the source and destination bucket also should be in different region.

24) What do the user mean by Roles?

Answer : Roles are used to provide permissions to entities that the user trusts within the AWS account. Roles are users in another account. Roles are similar to users but with roles that the users do not need to create any username and password to work with the resources.

25) What do the user know about policies and what are the different types of policies?

Answer : Policies are permissions that can be attached to the users that the users create. These policies will contain that access that he/she have been provided to the users that they have created. There are 2 types of policies.

  • Managed policies
  • Inline policies

26) What do you know about Cloudfront?

Answer : Cloudfront is an AWS web service that provides businesses and application developers an easy and efficient way to distribute their content with low latency and high data transfer speeds. Cloudfront is the content delivery network of AWS.

27) What do you know about edge location?

Answer : An Edge location is the place where the contents are cached. When a user tries to access some content, the content will be searched in the edge location. If it is not available then the content will be made available from the origin location and a copy will be stored in the edge location.

28) Mention the maximum individual archive that can be stored in Glacier.

Answer : The maximum individual archive that can be stored in Glacier is 40TB.

29) What do you know about VPC?

Answer : VPC is the acronym for Virtual Private Cloud. VPC allows the users to easily customize their networking configuration. VPC is a network that is logically isolated from other network in the cloud. It allows the user to have their own IP address range, subnets, internet gateways, NAT gateways and security groups.

30) What is the VPC peering connection?

Answer : VPC peering connection allows the users to connect 1 VPC with another VPC. Instances in these VPC behave as if they are in the same network.

31) What do you mean by NAT gateways?

Answer : NAT stands for Network Address Translation. NAT gateways enables instances in a private subnet to connect to the internet but prevent the internet from initiating a connection with those instances.

32) How does one control the security to the VPC?

Answer : The users can use security groups and NACL (Network Access Control List) to control the security to the user’s VPC.

33) Mention the different types of storage getaway.

Answer : The following are the different types of storage getaway:

  • File gateway
  • Volume gateway
  • Tape gateway

34) What do you mean by a snowball?

Answer : Snowball is a data transport solution that can be used to source appliances to transfer large amounts of data into and out of AWS. Using snowball, the user can move huge amount of data from one place to another which reduces the network costs, long transfer times and also provides better security.

35) What do you mean by database types in RDS?

Answer : The following database types are used in RDS:

  • Aurora
  • Oracle
  • MYSQL server
  • Postgresql
  • MariaDB
  • SQL server

36)What do you mean by a redshift?

Answer : The Amazon redshift is a data warehouse product. It is a fast and powerful, fully managed, petabyte scale data warehouse service in the cloud.

37) What do the user mean by SNS?

Answer : SNS is the acronym for Simple Notification Service. SNS is a web service that makes it easy to notifications from the cloud. The user can set up SNS to receive email notification or message notification.

38)Mention the different types of routing policies in route53.

Answer : The following are the different types of routing policies in route53:

  • Simple routing
  • Latency routing
  • Failover routing
  • Geolocation routing
  • Weighted routing
  • Multivalue answer

39) What is the maximum size of messages in SQS?

Answer : The maximum size of messages in SQS is 256 KB.

40) Mention the different types of queues used in SQS.

Answer : There are 2 types of queues in SQS.

  • Standard queue
  • FIFO (First In First Out)

41) What do you mean by multi-AZ RDS?

Answer : Multi-AZ (Availability Zone) RDS allows the users to have a replica of their production database in another availability zone. Multi-AZ (Availability Zone) database is used for disaster recovery. The user will have an exact copy of their database. So when the user’s primary database goes down, the corresponding application will automatically failover to the standby database.

42) Mention the different types of backups in RDS database.

Answer : There are 2 types of backups in RDS database.

  • Automated backups
  • Manual backups which are known as snapshots.

43) What are the different types of load balancers in EC2?

Answer : The various types of load balancers in EC2 are:

  • Application load balancer
  • Network load balancer
  • Classic load balancer

44) What do you mean by ELB?

Answer : ELB is the acronym for Elastic Load balancing. ELB automatically distributes the incoming application traffic or network traffic across multiple targets like EC2, containers, IP addresses.

45) What are the different types of access that can be provided when creating users?

Answer : The different types of access that can be provided when creating a user are:

  • Programmatic access
  • Console access

46) Mention the benefits of auto scaling.

Answer : The benefits of auto scaling are:

  • Better fault tolerance
  • Better availability
  • Better cost management

47) What do you know about security groups?

Answer : Security groups acts as a firewall that contains the traffic for one or more instances. The user can associate one or more security groups to their instances when they launch them. The user can add rules to each security group that allow traffic to and from its associated instances. The user can modify the rules of a security group at any time, the new rules are automatically and immediately applied to all the instances that are associated with the security group.

48) Name the tools that are available to help troubleshoot the hardware VPN configuration.

Answer : The status of the VPN connection is displayed by the Describe VPN connection API. It also includes the Up or down state of each and every VPN tunnel and it shows corresponding error messages if either one of the tunnel is down.

49) Is the access control between the EC2 classic instance and other instances which are present in the EC2 classic platform be affected by classic link?

Answer : The access control that is defined for an EC2 classic instance through its existing security groups from the EC2 classic platform cannot be changed with classic link.

50) Is it possible for traffic from an EC2 classic instance to travel through the Amazon VPC and then egress through the internet gateway, virtual private gateway or to peer VPCs?

Answer : It is only possible to route the traffic from an EC2 classic instance to the private IP addresses that is within the VPC. They cannot be routed to any other destination which is outside the VPC.

51) Mention the VPCs for which the classic link cannot be enabled.

Answer : A VPC which has a classless inter domain routing is one type of VPCs for which the user cannot enable classic link. Another one is the VPC which has a route table entry that points to CIDR space.

52) Name the customer gateway devices that are used to connect to Amazon VPC.

Answer : Statically routed VPN connections and dynamically routed VPN connections are the two types of VPN connections. The customer gateway devices that supports statically routed VPN connections must be able to do:-

  • Using pre-shared keys, establish IKE security association.
  • In tunnel mode, establish IPsec security associations.
  • Utilization of AES 128 bit or 256 bit encryption function
  • Prior to encryption, perform packet fragmentation.
  • Utilization of SHA 1 or SHA 2 having function

The custom gateway devices that supports dynamically routed VPN connections must be able to:-

  • Establishing border gateway protocol peering
  • Utilization of IPsec dead peer detection
  • Binding of tunnels to logical interfaces which have VPN route based

53) How can one connect a VPC to corporate data center? 

Answer : In order to establish a hardware VPN connection among an existing network and Amazon, VPC will permit the user to interact with Amazon EC2 instances that are present within a VPC as if they were already present within the existing network. Network address translation is not performed by AWS on Amazon EC2 instances that are present within a VPN connection that is VPC accessed through hardware.

54) Mention the process in which a hardware VPN connection turns work with Amazon VPC. 

Answer : The virtual private cloud is connected to the data center with the help of a hardware VPN connection. Internet protocol security VPN connections are supported by Amazon. In order to intern the integrity and confidentiality of a data which is in transit, this data is transferred between the VPN and the data centers are routed over an encrypted VPN connection. To establish a hardware VPN connection the user do not need an Internet gateway.

55) Mention the process in which instances without public IP addresses access the Internet.

Answer : There are two ways in which instances without public addresses can make use of the Internet. Those instances that are without public IP addresses can route their traffic through a NAT instance or a NAT gateway so that it can access the Internet. In order to traverse the Internet, these instances make use of public IP address of the NAT gateway or the NAT instance. Outbound communication is allowed by the NAT instance or NAT gateway but it do not permit machines on the Internet to start a connection with the addressed instances privately. For those VPCs that are provided by a hardware VPN connection or direct connect connection, the instances can route the Internet traffic through the virtual private gateway to the existing data centre. It can then access the Internet through the existing egress points and also new tweak security or monitoring devices.

56) Mention the process in which a VPC access the Internet.

Answer : In order to give instances in the VPC the power to both direct communicate outbound to the Internet and also to get the unsolicited inbound traffic from the Internet, the user can make use of public IP addresses which include elastic IP addresses.

57) Is the property of multicast or broadcast supported by Amazon VPC? 

Answer : No, Amazon VPC do not support multicast or broadcast.

58) Is there a service level Agreement (SLA) for the Amazon VPC VPN connection? 

Answer : No there is no service level agreement for Amazon VPC VPN connection.

59)Mention the work of an Amazon VPC router.

Answer : Enabling of Amazon EC2 instances that is within the subnet so that it can communicate with Amazon EC2 instances on other subnets that are in the same VPC is done by an Amazon VPC router. It also helps in enabling Internet gateways, subnets, and virtual private gateways so that it can communicate with each other. The user will not get between usage data from the router. But the user are entitled to obtain network usage statistics from the instances which are using Amazon cloud watch.

60) What are the VPCs, elastic IP addresses, subnets, Internet gateways, virtual private gateways, customer gateways and VPN connections can be created? 

Answer : There are:-

  • There are five Amazon VPCs per AWS account per region.
  • For every, Amazon VPC there are two hundred subnets
  • For every, AWS account per region there are five Amazon VPC elastic IP addresses.
  • For every, AWS per region there are five virtual private gateways.
  • For every, VPC there is one Internet gateway.
  • There are fifty customer gateways for every AWS account per region.
  • For every virtual private gateway, there are ten IPsec VPN connections.

61) In order to control and mane Amazon VPC, is it possible to make use of AWS management console? 

Answer : It is possible to use AWS management console to manage and control Amazon VPC objects that include subnets, virtual private cloud, IPsec VPN connections, and Internet gateways. Also the user can make use of a simple wizard in order to create a virtual private cloud.

62) Is it possible to specify the subnet that will be used by a gateway as its default? 

Answer : Yes, it possible to specify which subnet will be used by which gateway as its default. The user are entitled to make a default route for each and every subnet. Via the VPC, Internet gateway or the NAT gateway, the default route will be able to direct traffic to egress the virtual private cloud.

63) Is it possible to modify the route tables of virtual private cloud? If possible then how? 

Answer : Yes, it is possible go modify the route table of VPC. In order to specify which subnets are to be routed to VPC, Internet gateway or any other instances the user are allowed to create route rules.

64) In case of peering connections, is there any limitation on bandwidth? 

Answer : There is no difference in bandwidth between instances in peered VPCs and also between instances in the VPC. Peered VPCs can be spanned by a placement group. But the user will not be provided with full bisects on bandwidth that is present between instances in peered VPCs.

65) Is the VPC peering traffic, present within the region, duly encrypted?

Answer : No, the VPC peering traffic within the region is not encrypted. The traffic between instances that is present in peered VPCs does remain isolated and private. This is similar to the fact the traffic between two instances in the same VPC are also isolated and private.

66) In order to use peering connections, is it necessary to have an Internet gateway? 

Answer : No, the user do not need an Internet gateway in order to virtual private cloud peering connections.

67) Is it possible to peer two VPCs with matching IP address ranges?

Answer : No, it is not possible to peer two VPCs with matching IP address ranges since peered VPCs should possess IP ranges that are non-overlapping.

68) In order to access VPCs that the user are peered with, can the user make use of AWS direct connect or hardware VPN connections? 

This is not a possible concept. Amazon VPC does not support edge to edge routing.

69) Can a primary interface be detached on EC2 instance? 

Answer : It is possible. The user can only attach and detach secondary interfaces on an instance of EC2 but the user would not be able to detach eth0 interface.

70) Is it possible to use elastic network interfaces in a way so that it can host multiple websites which are required to separate IP addresses on a single instance?

Answer : Yes it is a possible scenario but not the best suited use case in case of multiple interfaces. Apart from doing this it is much more logical to assign an additional private IP address to the instance and to associate the EIPs to the private IPs as per requirement.

71) Can a network interface in one VPC be attached to an instance that is present in another VPC? 

Answer : It is possible for the network interfaces to be attached to instances that are in the same virtual private cloud as that of the interface.

72) Can a network interface in one availability zone be attached with an instance in another availability zone?

Answer : The instances that are present in the same availability zone can be attached with network interfaces.

73) Is it possible to have more than two network interfaces to be attached to EC2 instance?

Answer : The number of network interfaces that are to be attached with an EC2 instance will depend on the type of the instance.

74) Is it possible for classic link settings on EC2 classic interface to persist through start or stop cycles? 

Answer : It is not possible for a classic link connection to persist through the start or stop cycles of the EC2 classic interface. After the EC2 classic interface is stopped it will need to be linked back to a virtual private cloud. But the classic link will persist through the instance reboot cycles.

75) Is it possible for an EC2 classic instance to become a member of a virtual private cloud? 

Answer : No, it is not possible for an EC2 classic instance to be a member of a VPC though it can become a member of the security group of virtual private cloud. The security group should be associated with the EC2 classic instance.

76) What is the process to use classic link?

Answer : For the purpose of using classic link, the user will need to enable minimum one virtual private cloud on the user account for classic link. After doing this, the user can associate a security group from that VPC to the EC2 classic instance that the user would prefer. This will make sure that the user EC2 classic instance is linked to VPC. It will become a member of the chosen security group in the VPC. It should be remembered that the user cannot connect the user EC2 classic instance to more than one virtual private cloud at the same time.

77) What do you mean by classic link?

Answer : The Amazon virtual private cloud classic link will permit EC2 instances in the EC2 classic platform. This occurs so that it can communicate with the instances that are present in the virtual private cloud. The communication occurs with the help of private IP addresses. In order to use a classic link it is important that the user enable it to for virtual private cloud in the userr account. Then the user will need to associate a security group with an instance in the EC2 classic. This security group is from the VPC for which the user enabled the classic link in the userr account. Each and every rule that is there for the VPC security group is applicable for the communications between the instances in EC2 classic and those instances in the VPC.

78) What is a SimpleDB?

Answer : A data repository or structure record that encourages data doubts and indexing to both S3 and EC2 are called as SimpleDB.

79) What do you mean by AWS Data Pipeline?

Answer : A network service that can be applied to automate the alteration and migration of the information is called the AWS Data Pipeline. Using AWS, the data-driven workflows can be specified so that the businesses can rely on the achievement of early tasks.

80) Mention the features of Amazon Cloud Search.

Answer : The different features offered by the Amazon Cloud Search are:

  • Range searches
  • Prefix Searches
  • Boolean Searches
  • Entire text search with language specific text processing
  • Highlighting
  • AutoComplete advice
  • Faceting term boosting

81)What is the Hybrid Cloud Architecture?

Answer : It is the type of architecture where the workload is divided into two halves among which one is on public load and the other is on the local storage.

82) What is the Geo restriction on CloudFront?

Answer : It is also known as geo-blocking, that can be used avoid or block the users in particular geographic locations from accessing the content that is being distributed using a CloudFront web distribution.

83) Elaborate on the Amazon Kinesis Firehose.

Answer : It is fully sophistically managed service to deliver the real-time live streaming data to destinations like Amazon Simple Storage Service i.e., Amazon S3 and Amazon Redshift.

84) What do you mean by the Amazon EMR?

Answer : It is a survived cluster stage that interprets the working of data structures, before the intimation as Apache Hadoop and Apache Spark on the Amazon Web Services to investigate a large amount of data. We can prepare data for the analytics goals and marketing intellect workloads using Apache Huive and relevant open source designs. Upon that, Amazon EMR can be used to migrate and convert the big masses of data into other AWS data repositories such as Amazon S3 and Amazon DynamoDB.

85) Define the terms ElastiCache and DynamoDB.

Answer : Elasticache:It is a web service that executes to set up, maintain and scale classified in-memory cache settings in the cloud.

DynamoDBIt is a controlled NoSQL database aid that can render anticipated and quick execution with seamless scalability.

The database table formulation to save and reclaim any quantity of data and support any level of the application can be done using Amazon DynamoDB.It automatically increases the transactions and data for the table for adequate servers to supervise the function and volume of data saved while keeping it constant and rapid execution.

86) Elaborate on the AWS Certificate Manager.

Answer : AWS Certificate Manager, which can be shortened as ACM manages the complexity of extending, providing and regulating the certificates, which are granted over ACM to the user’s AWS based forms and websites. People work on ACM to maintain and petition the certificates and practice other Amazon web services for the website’s purpose. ACM certificates cannot be handled outside of AWS.

87) How does secure data carrying in the cloud?

Answer : Ensuring that the information is not seized in the cloud while moving from one point to the other and also that there is no leakage with the security key from various storerooms in the cloud, we can rest assured that the data in the cloud is secured. Another option available is segregation of the information from the information of additional companies and then encrypting them by means of approved methods.

88) Differentiate between flexibility and scalability.

Answer : Scalability – The ability of any scheme to intensify the tasks on its hardware resources to hold the inconsistency in command is called as scalability.

Flexibility – The aptitude of a schema that augments the task on the hardware property is known as flexibility.
AWS provides several configuration solutions for the AWS flexibility, scalability, availability and management.

89) What are the automation gears that help the spinup services?

Answer : For spinup services as well as for the written script, API tools are used.
All these scripts can be coded in the user preferred languages like Perl, bash etc. Another option is patterned administration and stipulating tools like a dummy or improved descendants. For a controlled explanation like Rightscale, a tool called Scalar can be used.

90) What are the different layers of cloud computing?

Answer : The different layers of cloud computing are:

  • PaaS – Platform as a Service
  • SaaS – Software as a Service
  • IaaS – Infrastructure as a Service

91)Differentiate between Amazon S3 and EC2.

Answer : S3

  • It is a cloud web service that is used to host the application
  • It is like a computer machine that can run either on the Linux or Windows and manage the applications like Python, PHP, Apache or any databases.


  • It is a data storage system, with unlimited capacitance.
  • It has the REST interface and uses secure authentication keys like HMAC-SHA1.

92) What are the various TC2 instances?

Answer : These instances are specially designed to offer moderate performance and the caliber to burst to higher performance as per the requirement depending on the workload.

93) Mention how buffer is used in AWS.

Answer : It is used to make the system more robust and manage traffic by synchronizing different components. The component processes the requests in an imbalanced way. Using buffer, the components work at the same speed for faster services and will also be balanced.

94) What are the different components of AWS?

Answer : The different components of AWS that have been released till date are now:

  • Route 53
  • Simple E-mail serve
  • Identity and Access Management
  • Simple Storage Device
  • Elastic Compute Cloud
  • Elastic Block Store
  • Cloud watch

95) What do you mean by AMI?

Answer : Amazon Machine Image is the full form of AMI. It is actually a template that provides the information of the operating system, server, applications etc., required to launch an instance that is the replica of the AMI running in the cloud as a virtual server. An instance can be launched from as many different AMIs as per the requirement.

96) Explain the relationship between AMI and an instance.

Answer : A single Amazon Machine Image is used to launch multiple instances. The hardware of the host computer used by our instance is defined by the instance type. Each instance is provided with different capabilities of computing and memory. When the instance is launched, it looks like a traditional host and can be interacted like that of a computer.

97) What are the various components of AMI?

Answer : The Amazon Machine Image includes the following:

  • Launch permission decisions with which AWS accounts to launch the instances using AMI.
  • A block device mapping, when an instance is launched it determines the volumes to attach to that instances.
  • A template for the instance.

98) What are the various levels of Cloud Architecture available in AWS?

Answer : There are 5 layers and are listed below

  • CC- Cluster Controller
  • SC- Storage Controller
  • CLC- Cloud Controller
  • Walrus
  • NC- Node Controller

99) Explain how the various processes start, stop and terminate work.

Answer :

  • Starting and stopping of an instance: If an instance gets stopped or ended, the instance functions a usual power cut and then change over to a clogged position. The user can establish the case afterward since all the EBS volumes of Amazon remain attached. If an instance is in stopping state, then the user will not get charged for additional instance.
  • Finishing the instance: If an instance gets terminated it tends to perform a typical blackout, so the EBS volumes which are attached will get removed except the volume’s deleteOnTermination characteristic is set to zero. In such cases, the instance will get removed and cannot set it up afterward.

100) What are the security elements used at the network and server level?

Answer : A network ACL is a network security for the user Amazon VPC that acts as a firewall for controlling traffic in and out of one or more subnets. Security Groups is security placed at server level which is first level of defense.

101) Why is the ec2-create-group CreateSecurityGroupused in the Amazon EC2 security groups?

Answer : A Security group is just like a firewall, it controls the traffic in and out of the userr instance. In AWS terms, the inbound and outbound traffic. The command mentioned is pretty straight forward, it says create security group, and does the same. Moving along, once the userr security group is created, the user can add different rules in it. For example, the user have an RDS instance, to access it, the user have to add the public IP address of the machine from which the user want access the instance in its security group.

102) When does one incur costs when using an Elastic IP Address?

Answer : The user is not charged if only one Elastic IP address is attached with the running instance. But the users are charged in the following conditions:

  • When more than one Elastic IPs has been used with the user’s instance.
  • When the Elastic IP is attached to a stopped instance.
  • When the Elastic IP is not attached to any instance.

103) Differentiate between a Spot Instance and an On-demand and Reserved Instance.

Answer : The Spot Instance, On-Demand instance and Reserved Instances are all models for pricing. Moving along, spot instances provide the ability for customers to purchase compute capacity with no upfront commitment, at hourly rates usually lower than the On-Demand rate in each region. Spot instances are just like bidding, the bidding price is called Spot Price. The Spot Price fluctuates based on supply and demand for instances, but customers will never pay more than the maximum price they have specified. If the Spot Price moves higher than a customer’s maximum price, the customer’s EC2 instance will be shut down automatically. But the reverse is not true, if the Spot prices come down again, the user EC2 instance will not be launched automatically, one has to do that manually.  In Spot and On-Demand instance, there is no commitment for the duration from the user side, however in reserved instances one has to stick to the time period that he has chosen.

104) How can a user use the processor state control feature provided by the c4.8xlarge instance?

Answer : The processor state control consists of 2 states:

  • The C state – Sleep state varying from c0 to c6. C6 being the deepest sleep state for a processor
  • The P state – Performance state p0 being the highest and p15 being the lowest possible frequency.

Now, why the C state and P state. Processors have cores, these cores need thermal headroom to boost their performance. Now since all the cores are on the processor the temperature should be kept at an optimal state so that all the cores can perform at the highest performance. If a core is put into sleep state it will reduce the overall temperature of the processor and hence other cores can perform better. Now the same can be synchronized with other cores, so that the processor can boost as many cores it can by timely putting other cores to sleep, and thus get an overall performance boost. The C and P state can be customized in some EC2 instances like the c4.8xlarge instance and thus the user can customize the processor according to the user workload.

105) What are the different network performance parameters that can be used when a user launches instances in cluster placement group?

Answer : The network performance depends on the instance type and network performance specification, if launched in a placement group the user can expect up to

  • 10 Gbps in a single-flow,
  • 20 Gbps in multiflow i.e. full duplex
  • Network traffic outside the placement group will be limited to 5 Gbps (full duplex).

106) What instance type can be used to deploy a 4 node cluster of Hadoop in AWS?

Answer : The Hadoop cluster follows a master slave concept. The master machine processes all the data, slave machines store the data and act as data nodes. Since all the storage happens at the slave, a higher capacity hard disk would be recommended and since master does all the processing, a higher RAM and a much better CPU is required. Therefore, the user can select the configuration of the user machine depending on the user workload. For e.g. – In this case c4.8xlarge will be preferred for master machine whereas for slave machine we can select i2.large instance. If the user don’t want to deal with configuring the user instance and installing Hadoop cluster manually, the user can straight away launch an Amazon EMR (Elastic Map Reduce) instance which automatically configures the servers for the user. The user dump the user data to be processed in S3, EMR picks it from there, processes it, and dumps it back into S3.

107) When designing an architecture for a solution, how can the user use an AMI?

Answer : All forms of AMI (Amazon Machine Images) are like templates of virtual machines and an instance is derived from an AMI. AWS offers pre-baked AMIs which the user can choose while the user are launching an instance, some AMIs are not free, therefore can be bought from the AWS Marketplace. The user can also choose to create the user own custom AMI which would help the user save space on AWS. For example if the user don’t need a set of software on the user installation, the user can customize the user AMI to do that. This makes it cost efficient, since the user are removing the unwanted things.

108) Can one Elastic IP Address be used for all instances?

Answer : Every instance comes with its own private and public address. The private address is associated exclusively with the instance and is returned to Amazon EC2 only when it is stopped or terminated. Similarly, the public address is associated exclusively with the instance until it is stopped or terminated. However, this can be replaced by the Elastic IP address, which stays with the instance as long as the user doesn’t manually detach it. But what if the user are hosting multiple websites on the user EC2 server, in that case the user may require more than one Elastic IP address.

109) Mention the best practices of implementing Security in Amazon EC2.

Answer : The following are the usual practices that can be used to implement security in Amazon EC2:

  • Use AWS Identity and Access Management (IAM) to control access to the userr AWS resources.
  • Restrict access by only allowing trusted hosts or networks to access ports on the userr instance.
  • Review the rules in the userr security groups regularly, and ensure that the user apply the principle of least
  • Privilege – only open up permissions that the user require.
  • Disable password-based logins for instances launched from the userr AMI. Passwords can be found or cracked, and are a security risk.

110) In order to make use of making routing decisions at the application layer or transport layer that supports either VPC or EC2, which load balancer should be used?

Answer : The Classic Load Balancer can be used to make routing decisions at the application layer or transport layer that supports either VPC or EC2.

111) How to launch the instance under the free usage tier with a snapshot size of 50GB?

Answer : It is not possible to launch such an instance under the free usage tier due to the size which is also not allowed.

112) Can the user modify the private IP address of an EC2 instance while it is running in a VPC?

Answer : No, it is not possible to change the primary private IP addresses. However, the secondary IP addresses can be assigned, unassigned or moved between instances at any given point.

113) When the user launches instances in Amazon VPC, what changes take place?

Answer : Each instance has a default IP address when the instance is launched in Amazon VPC. This approach is considered ideal when the user need to connect cloud resources with the data centers.

114) How can the user reduce the load on EC2 instance when it is approaching 100% CPU utilization?

Answer : The load on EC2 instance can be reduced by attaching a load balancer to an auto scaling group to efficiently distribute load among all instances.

115) What actually takes place when the user reboots an EC2 instance?

Answer : Rebooting an instance is just similar to rebooting a PC. The user do not return to image’s original state, however, the contents of the hard disk are same as before the reboot.

116) Mention the various connection issues that occurs when an EC2 instance is connected.

Answer : The various connection issues that might come up when connecting to an EC2instance:

  • Unprotected private key file
  • Server refused key
  • Connection timed out
  • No supported authentication method available
  • Host key not found, permission denied.
  • User key not recognized by the server, permission denied.

117) How can the user bind a user session with a specific instance in ELB (Elastic Load Balancer)?

Answer : Any user session can be bound with a specific instance in ELB by enabling Sticky Session.

118) How does a user send a request to Amazon S3?

Answer : A user can successfully send a request to Amazon S3 by using the REST API or the AWS SDK wrapper libraries which wrap the underlying Amazon S3 REST API.

119) How does the user send encryption for S3?

Answer : It is better to consider encryption for sensitive data on S3 as it is a proprietary technology.

120) What are the parameters required for choosing an availability zone?

Answer : The following need to be considered while choosing an availability zone:

  • Performance,
  • pricing,
  • latency, and
  • Response time

121) Mention the important features of a classic load balancer in EC2.

Answer : The important features of a classic load balancer in EC2:

  • The high availability feature ensures that the traffic is distributed among EC2 instances in single or multiple availability zones. This ensures high scale of availability for incoming traffic.
  • Classic load balancer can decide whether to route the traffic or not based on the results of health check.
  • The user can implement secure load balancing within a network by creating security groups in a VPC.
  • Classic load balancer supports sticky sessions which ensure that the traffic from a user is always routed to the same instance for a seamless experience.

122) Mention the key best practices for security in Amazon EC2.

Answer : Below are mentioned some of the best practices for security in Amazon EC2:

  • Create individual IAM (Identity and Access Management) users to control access to the user AWS recourses. Creating separate IAM user provides separate credentials for every user making it possible to assign different permissions to each user based on the access requirements.
  • Secure the AWS Root account and its access keys.
  • Harden EC2 instances by disabling unnecessary services and applications by installing only necessary software and tools on EC2 instances.
  • Grant least privileges by opening up permissions that are required to perform a specific task and not more than that. Additional permissions can be granted as required.
  • Define and review the security group rules on a regular basis.
  • Have a well-defined strong password policy for all the users.
  • Deploy anti-virus software on the AWS network to protect it from Trojans, Viruses, etc.

123) How does one safeguard EC2 instances being executed on VPC?

Answer : AWS Security groups associated with EC2 instances can help the user safeguard EC2 instances running in a VPC by providing security at the protocol and port access level. The user can configure both INBOUND and OUTBOUND traffic to enables secured access for the EC2 instance. AWS security groups are much similar to a firewall-they contain set of rules which filter the traffic coming into and out of an EC2 instance and deny any kind of unauthorized access to EC2 instances.

124) How can a user configure an instance with the application and its dependencies and make it traffic-ready?

Answer : The user can achieve this with the use of lifecycle hooks. They are powerful as they let the user pause the creation or termination of an instance so that he/she can sneak peak in and perform custom actions like configuring the instance, downloading the required files, and any other steps that are required to make the instance ready. Every auto scaling group can have multiple lifecycle hooks.

125) What do you know about Cloud Computing?

Answer : Practice of using a network of the remote servers, hosted on the Internet to store, manage, and process data,

Rather more than a local server or a personal computer is called Cloud Computing.

Companies offering the computing services are called “cloud providers” and typically charge for cloud.

Computing services based on the usage, similar to how you are billed for water or electricity at home.


This cloud model is composed of the five essential characteristics, three service models and four deployment models.

The primary reasons for the moving to the cloud are: –

  • It will never run out of the capacity, since it is a virtually infinite.
  • You can access your cloud-based on applications from anywhere, you just need a device which can connect to the Internet.

126) What are the merits of cloud computing?

Answer : The following are the merits of cloud computing:

  • Totally free from Maintenance i.e., the user does not have to maintain or administer any infrastructure for the same.
  • Lower Computing Cost.
  • Improved Performance.
  • Reduced Software Cost.
  • Instant Software Updates.
  • Unlimited Storage Capacity i.e., It will never run out of the capacity, since it is virtually infinite.
  • Increased Data Reliability.
  • Device Independence and the “always on! Anywhere and any of place” i.e., you can access your Cloud – based on applications from anywhere, you just need a device which can connect to the Internet. Cloud Computing is the fastest growing part of the network-based computing. It provides to tremendous. Benefits to customers of the all sizes: simple users, developers, enterprises and all types of organizations.

127) Mention the advantages of Cloud Computing.

Answer : The following are the most useful features of the Cloud Computing System:

  • Pay as you Go Model.
  • Increased Mobility.
  • Less or No CAPEX.
  • High Availability.
  • Easy to Manage.
  • High Productivity.
  • Environment Friendly.
  • Less Deployment Time.
  • Dynamic Scaling.
  • Shared Resources.

128) Mention the steps to be followed while disabling Password-based logins for the root in Amazon EC2 instance.

Answer : The following steps are to be followed to carry out this extremely important procedure:

  • Using a fixed for the root password for a public AMI is a security risk that can be quickly become known. Even Relying on users to change the password after to the first login opens a small window of the opportunity for potential abuses.
  • Following are the steps to disable password-based on remote logins for the root users.
  • Open the /etc/ssh/sshd config  file with an text editor and locate to the following line:
  • #PermitRootLogin yes.
  • Change to the line to:
  • PermitRoot Login without-password.

129) Differentiate between Volume and Snapshot in Amazon Web Services.

Answer : In Amazon Web Services, a Volume is durables, block level storage can device that can be attached to a singles EC2 instance. In plain words it is like a hard disk on which we can be write or read from. A Snapshot is created by copying the data of volume to another location at a specific time. We can even replicate same of Snapshot to multiple availability zones. So, Snapshot is the single point in time view of a volume. We can create a Snapshot only when we have a Volumes. Also, from a Snapshot we can create a Volumes. In AWS, we have to pay for the storage that is used by Volume as well as the one used by a Snapshots.

130) How can one update AMI tools at Boot Time?

Answer : AWS is recommends that your AMIs downloads and upgrade to the Amazon EC2 AMI creation tools during the startup. This ensures that a new AMIs based on your shared AMIs have to the latest AMI tools.

131) How does AWS lambda handle failure during event processing?

Answer : In AWS Lambda we can run a function of synchronous or asynchronous modes. In synchronous mode, if AWS Lambda function is fails, then it will just give on the exception to the calling application. In asynchronous modes, if AWS Lambda function is fails then it will retry to the same function at least 3 times. If AWS Lambda is running in response to an event in the Amazon DynamoDB or Amazon Kinesis, then event will be retried till that Lambda function succeeds or the data expires. In DynamoDB or Kinesis, AWS maintains data for at least 24 hours.

132) Mention the storage of classes in Amazon.

Answer : The following are the storage forms of classes in Amazon:

  • Amazon S3
  • Scalable Storage in Cloud
  • Amazon EBS
  • Block Storage for EC2
  • AWS Elastic File System
  • Managed File Storage for EC2
  • Amazon Glacier
  • Low-cost Achieve Storage in the
  • cloud
  • AWS Storage Gateway
  • Hybrid Storage Integration
  • Amazon Snowball
  • Petabyte-Scale Data Transport
  • AWS Snowball Edge
  • Petabyte-scale Data to Transport with
  • On-Demand Compute
  • AWS Snowmobile
  • Exabyte-scale Data to Transport

133) Mention the process in which a file greater than 100 MB is uploaded in Amazon S3.

Answer : Amazon S3 supports of storing objects or files up to 5 terabytes. To upload a file greater than 100 megabytes, we have to use of Multipart upload utility from AWS. By using Multipart upload we can upload a large file in multiple parts. Each part will be independently to be uploaded. It doesn’t matter in what order to each part is uploaded. It even to supports uploading these parts of parallel to decrease overall time. Once of all the parts are uploaded, this utility makes these as one single objects or file from which the parts were do created.

134) Mention the features of Cloud Computing.

Answer : The following are the features of Cloud Computing are:

  • Lower TCO.
  • Reliability, Scalability & Sustainability.
  • Secure Store Management.
  • Low Capital Expenditure.
  • Frees from Internal Resources.
  • Utility Based.
  • Easy & Agile Deployment.
  • Device & Location Independent.
  • 24 * 7 Support.
  • Pay As You Use.

135) Mention the messaging service available within AWS and mention its uses.

Answer : Simple Notification Services is a complete messaging service to deliver the messages end to end. It is shortly referred to as SNS. A real time use case would be a banking system where SNS will be sending a real time message (Email, SMS etc.,) to the end users who debits his account by withdrawing some amount of money.

136) What are the features of S3 buckets?

Answer : The following are the features of S3 buckets are:

  • Static web hosting
  • Versioning
  • Encryption
  • Object lifecycle management
  • Unlimited storage

137) Differentiate between availability and durability in S3.

Answer : Availability and durability are closely related to each other, but they are not the same. Availability refers to the uptime of the service i.e.., S3 storage system’s uptime and can able to deliver the requests and data. Durability on the other hand, refers to the data that is stored should not suffer from degradation and corruption.

138) What do you know about auto scaling and what are its benefits?

Answer : Auto scaling is a service that automatically scales EC2 instance capacity out and in based on the criteria’s that we are going to set. Auto scaling benefits its use for dynamic workloads like web spikes, retail shop flash sales, ticket booking system on the vacations etc.

139) How does one automate resource provisioning in AWS?

Answer : We can use the native service tool called AWS Cloud Formation for automation. It is also a good option to consider the third-party tools like Ansible, Chef, Puppet etc. to automate the services.

140) Name some of the native database engines available in RDS services.

Answer : Some of the database engines that are natively available in the RDS services are:

  • MSSQL server
  • Oracle DB
  • Postgres DB
  • Amazon AURORA
  • Maria DB

141) Differentiate between S3 and Glacier storage in terms of storage.

Answer : S3 is a simple storage service, which is used to store and retrieve data. We can store any amount of data and any type of data. Data that we are storing here are referred as objects. Whereas the Glacier storage is an archival store which is used to store infrequently accessed data or cold data. Major use case of glacier is data archiving and backup.

142) Mention the different categories of instances based on pricing.

Answer : The following are the different categories of instances on the basis of pricing:

On-demand Instances: On-demand instances are the virtual servers that are provisioned by AWS EC2 service at an hourly price basis.
Reserved Instances: Instances which are reserved for a time, 1 year or 3 years, is called reserved Instances. Hourly prices are reduced significantly compared to on-demand Instances with reservation.
Spot Instances: Spot Instances are the special instance category where you request the unused resources of EC2 from the datacenter for steep discounts. Spot prices are fixed by AWS EC2 and you need to bid the spot price more than the pricing of AWS EC2.

143) What do you mean by Lifecycle Hooks?

Answer : Lifecycle Hooks are used in Auto Scaling. Lifecycle hooks enable you to perform custom actions by pausing instances as an Auto Scaling group launches or terminates them. Each Auto Scaling group can have multiple lifecycle hooks.

144) How can a user Simulate Perimeter Security Using the Amazon Web Services Model?

Answer : Traditional perimeter security that we’re already familiar with using firewalls and so forth is not supported in the Amazon EC2 world.  AWS supports security groups. One can create a security group for a jump box with ssh access – only port 22 open. From there a webserver group and database group are created. The webserver group allows 80 and 443 from the world, but port 22 *only* from the jump box group. Further the database group allows port 3306 from the webserver group and port 22 from the jump box group. Add any machines to the webserver group and they can all hit the database.  No one from the world can, and no one can directly ssh to any of your boxes.

145) How is a user supposed to use Amazon SQS?

Answer : Amazon SQS (Simple Queue Service) is a message passing mechanism that is used for communication between different connectors that are connected with each other. It also acts as a communicator between various components of Amazon. It keeps all the different functional components together. This functionality helps different components to be loosely coupled, and provide an architecture that is more failure resilient system.

146) What do you mean by Configuration Management?

Answer : Configuration management has been around for a long time in web operations and systems administration.  Yet the cultural popularity of it has been limited.  Most systems administrators configure machines as software was developed before version control – that is manually making changes on servers.  Each server can then and usually is slightly different.  Troubleshooting though, is straightforward as you login to the box and operate on it directly.  Configuration management brings a large automation tool in the picture, managing servers like strings of a puppet.  This forces standardization, best practices, and reproducibility as all configs are versioned and managed.  It also introduces a new way of working which is the biggest hurdle to its adoption.

147) Why is configuration management critical for Cloud system?

Answer : Configuration management is very critical for the Cloud. That’s because virtual servers such as amazons EC2 instances are much less reliable than physical ones. You absolutely need a mechanism to rebuild them as-is at any moment. This pushes best practices like automation, reproducibility and disaster recovery into center stage.

148) What are the automation tools that can be used to use the Spin up Services?

Answer : The most obvious way is to roll-your-own scripts, and use the AWS API tools.  Such scripts could be written in bash, Perl or another language or your choice.

The next option is to use a configuration management and provisioning tools like puppet or better its successor Opscode Chef. You might also look towards a tool like Scalr. Lastly, you can go with a managed solution such as Rightscale.

149) Can an Amazon Instance be scaled vertically? If yes, then how?

Answer : Yes, an Amazon Instance can be scaled vertically. This is an incredible feature of AWS and cloud virtualization.  Spin up a new larger instance than the one you are currently running.  Pause that instance and detach the root EBS volume from this server and discard.  Then stop your live instance, detach its root volume.  Note down the unique device ID and attach that root volume to your new server. And then start it again.

150) What is Elastic Block Storage?

Answer : EBS is a virtualized SAN or storage area network.  That means it is RAID storage to start with, so it’s redundant and fault tolerant.  If disks die in that RAID you don’t lose data.  It is also virtualized, so you have the provision and can allocate storage, and attach it to your server with various API calls. There is no need to call the storage expert and asking him or her to run specialized commands from the hardware vendor.

151) What is the performance level of the EBS? Can it be improved?

Answer : Performance on EBS can exhibit variability.  That is, it can go above the SLA performance level, then drop below it.  The SLA provides you with an average disk I/O rate you can expect. This can frustrate performance experts who expect reliable and consistent disk throughout on a server.  Traditional physically hosted servers behave that way. Virtual AWS instances do not. Yes, the performance of the EBS can be improved by using Linux software raid and striping across four volumes.

152) What do you know about storage for Amazon EC2 Instances?

Answer : Amazon EC2 provides many data storage options for your instances. Each option has a unique combination of performance and durability. These storages can be used independently or in combination to suit your requirements.

There are mainly four types of storages provided by AWS:

Amazon EBS: Its durable, block-level storage volumes can attached in running Amazon EC2 instance. The Amazon EBS volume persists independently from the running life of an Amazon EC2 instance. After an EBS volume is attached to an instance, you can use it like any other physical hard drive. Amazon EBS encryption feature supports encryption feature.

Amazon EC2 Instance Store: Storage disk that is attached to the host computer is referred to as instance store. The instance storage provides temporary block-level storage for Amazon EC2 instances. The data on an instance store volume persists only during the life of the associated Amazon EC2 instance; if you stop or terminate an instance, any data on instance store volumes is lost.

Amazon S3: Amazon S3 provides access to reliable and inexpensive data storage infrastructure. It is designed to make web-scale computing easier by enabling you to store and retrieve any amount of data, at any time, from within Amazon EC2 or anywhere on the web.

Adding Storage: Every time you launch an instance from an AMI, a root storage device is created for that instance. The root storage device contains all the information necessary to boot the instance. You can specify storage volumes in addition to the root device volume when you create an AMI or launch an instance using block device mapping.

153) What are the possible connections issue that might occur while connecting to an instance?

Answer : The possible connection errors one might encounter while connecting instances are:

  • Connection timed out
  • User key not recognized by the server
  • Host key not found, permission denied
  • Unprotected private key file
  • Server refused our key or No supported authentication method available
  • Error using MindTerm on Safari Browser
  • Error using Mac OS X RDP Client

154) Explain the components of AWS in detail.

Answer : The key components of AWS are:

Route 53: A DNS web service

Simple E-mail Service: It allows sending e-mail using RESTFUL API call or via regular SMTP

Identity and Access Management: It provides enhanced security and identity management for your AWS account

Simple Storage Device or (S3): It is a storage device and the most widely used AWS service

Elastic Compute Cloud (EC2): It provides on-demand computing resources for hosting applications. It is very useful in case of unpredictable workloads

Elastic Block Store (EBS): It provides persistent storage volumes that attach to EC2 to allow you to persist data past the lifespan of a single EC2

CloudWatch: To monitor AWS resources, it allows administrators to view and collect key Also, one can set a notification alarm in case of trouble.

155) How can we reduce the volume of EBS?

Answer : No, the volume of EBS cannot be altered at all.

156) What do you mean by a subnet?

Answer : A subnet can be defined as a large section of IP Address that is divided in to chunks.

157) Differentiate between a classic load balancer and an application load balancer.

Answer : Dynamic port mapping and multiple port multiple listeners are used in Application Load Balancer.

A one port one listener is used in the Classic Load Balancer

158) What do you mean by parameter group in RDS? Why is it used in RDS?

Answer : Since RDS is a managed service AWS offers a wide set of parameter in RDS as parameter group which is modified as per requirement.

159) Which Virtual Network interface can be attached to an instance in VPC?

Answer : The Elastic Network Interface is used to attach an Instance in VPC.

160) How can the user specify the maximum number of instances with Auto scaling commands?

Answer : The Auto Scaling Launch Configuration can be used by the user to maximum number of instances with Auto Scaling commands.

161) Mention the various types of AMI provided by AWS.

Answer : The various types of AMI provided by AWS are:   Instance Store backed and EBS Backed.



AWS is one of the latest technologies emerging in the marketing with excellent career opportunities. As more and more customers adopt cloud technologies, the demand for AWS is only going to grow. Please go through the 161 AWS Interview questions listed above to crack the Job interview easily.

Share this: