Day 49 - INTERVIEW QUESTIONS ON AWS

Hey people, we have listened to your suggestions and we are looking forward to getting more! As you people have asked to put more interview-based questions as part of the Daily Task, So here it is :)

INTERVIEW QUESTIONS

  1. Name 5 aws services you have used and what are the use cases?

    a) Amazon S3 (Simple Storage Service): Used for storing and retrieving data, such as static website files, images, videos, backups, and log files.

    b) Amazon EC2 (Elastic Compute Cloud): Provides scalable virtual servers for running applications, hosting websites, and performing various computing tasks.

    c) Amazon RDS (Relational Database Service): Offers managed relational databases, such as MySQL, PostgreSQL, Oracle, and SQL Server, simplifies database setup, administration, and scaling.

    d) Amazon SNS (Simple Notification Service): Enables the publishing and delivery of messages to subscribed endpoints or clients, allowing for event-driven architecture and communication.

    e) Amazon CloudWatch: Monitors AWS resources and applications, collects and tracks metrics, generates logs, and sets alarms to help manage the performance and health of systems.

  2. What are the tools used to send logs to the cloud environment?

    Common tools used to send logs to the cloud environment are:

    a) AWS CloudWatch Logs Agent: This agent can be installed on your server instances to send logs to Amazon CloudWatch Logs.

    b) AWS CLI (Command Line Interface): It provides commands to push logs to CloudWatch Logs, such as the aws logs put-log-events command.

    c) AWS SDKs (Software Development Kits): Programming language-specific SDKs, like AWS SDK for Python (Boto3) or AWS SDK for Java, provide libraries and APIs to send logs programmatically.

  3. What are IAM Roles? How do you create /manage them?

    IAM (Identity and Access Management) Roles are AWS entities that define a set of permissions for making AWS service requests. They are used to grant permissions to AWS services or trusted entities without the need for long-term access keys. IAM Roles can be assumed by AWS resources like EC2 instances, Lambda functions, or other AWS services.

    To create/manage an IAM Role:

    a) Using the AWS Management Console: Navigate to the IAM service, select "Roles," and click "Create role" to define the role's permissions and trust relationships.

    b) Using AWS CLI: You can use the aws iam create-role command to create a role and aws iam attach-role-policy to manage the role's policies.

  4. How to upgrade or downgrade a system with zero downtime?

    To upgrade or downgrade a system with zero downtime, you can follow a few strategies:

    a) Blue/Green Deployment: Create a new environment (green) with the upgraded/downgraded system while the existing environment (blue) is still running. Route traffic gradually from the blue environment to the green environment.

    b) Load Balancer with Auto Scaling: Use a load balancer in front of your system and configure auto-scaling. Launch new instances with the upgraded/downgraded system version, gradually replace the older instances, and let the load balancer distribute traffic.

    c) Containerization: Use containerization technologies like Docker and Kubernetes to create containerized versions of your system. Deploy new containers with the upgraded/downgraded version while phasing out the older containers.

  5. What is infrastructure as code and how do you use it?

    Infrastructure as Code is an approach to provisioning and managing infrastructure resources using declarative code instead of manual processes. It involves defining infrastructure configurations using a domain-specific language (DSL) or a programming language. Commonly used tools for IaC in AWS are AWS CloudFormation and HashiCorp Terraform.

    To use IaC, you define your desired infrastructure state in code, including resources like EC2 instances, security groups, databases, and networking components. Then, you use the IaC tool to deploy and manage the infrastructure, allowing for version control, reproducibility, and scalability.

  6. What is a load balancer? Give scenarios of each kind of balancer based on your experience.

    A load balancer distributes incoming network traffic across multiple servers to ensure high availability, scalability, and optimal resource utilization. AWS

    provides different types of load balancers:

    a) Application Load Balancer (ALB): Best suited for HTTP/HTTPS traffic and operates at the application layer (Layer 7) of the OSI model. ALB supports advanced routing, content-based routing, and path-based routing.

    b) Network Load Balancer (NLB): Works at the transport layer (Layer 4) and is capable of handling millions of requests per second with ultra-low latency. Suitable for TCP, UDP, and TLS traffic.

    c) Classic Load Balancer (CLB): The original Elastic Load Balancer, now being phased out in favor of ALB and NLB. Suitable for both Layer 4 and Layer 7 traffic.

    Scenarios:

    • ALB: Use ALB when you need advanced routing capabilities, such as routing based on URL paths, hostnames, or HTTP headers. It's ideal for web applications with multiple microservices.

    • NLB: When you require extreme performance, handling high volumes of traffic, or need static IP addresses for your load balancer.

    • CLB: In scenarios where you have existing applications that are already configured to work with CLB or if you require classic EC2 instance-level load balancing.

  7. What is CloudFormation and why is it used for?

    AWS CloudFormation is a service that allows you to define and provision AWS infrastructure resources in a declarative way using templates. With CloudFormation, you can create, update, and delete resources as a stack, ensuring consistent and repeatable deployments.

    AWS Elastic Beanstalk is a platform as a service (PaaS) offering that makes it easy to deploy and manage applications. Elastic Beanstalk handles the underlying infrastructure provisioning and management automatically, abstracting away the complexities of infrastructure configuration.

    While both CloudFormation and Elastic Beanstalk can be used for infrastructure provisioning, there are key differences:

    • CloudFormation: Offers broader control and flexibility for provisioning AWS resources and supports the entire AWS resource portfolio. It's well-suited for complex deployments and managing infrastructure as code.

    • Elastic Beanstalk: Provides a higher-level abstraction focused on deploying applications quickly and easily. It automates many aspects of infrastructure management, making it simpler for developers to deploy their applications without worrying about infrastructure details.

  8. Difference between AWS CloudFormation and AWS Elastic Beanstalk?

    1. AWS CloudFormation: It is an infrastructure-as-code service that enables you to define and provision AWS resources in a declarative template format. CloudFormation templates allow you to describe your infrastructure requirements and dependencies, including Amazon EC2 instances, load balancers, databases, and more. CloudFormation automates the creation, update, and deletion of resources, providing a consistent and repeatable way to manage infrastructure.

    2. AWS Elastic Beanstalk: It is a platform-as-a-service (PaaS) that simplifies the deployment and management of applications. Elastic Beanstalk abstracts away the underlying infrastructure and automates the deployment process, allowing you to focus on writing code. It supports multiple programming languages and provides a managed environment with built-in load balancing, auto-scaling, monitoring, and health management.

In summary, CloudFormation is focused on managing the infrastructure stack, while Elastic Beanstalk is designed for deploying and managing applications.

  1. What are the kinds of security attacks that can occur on the cloud? And how can we minimize them?

    1. Data breaches: Protect sensitive data by implementing strong access controls, encryption mechanisms, and secure storage solutions. Use AWS Identity and Access Management (IAM) to manage user access and permissions.

    2. DDoS attacks: Deploy appropriate network security measures such as AWS Shield, a managed DDoS protection service. Utilize Elastic Load Balancers to distribute traffic and handle volumetric attacks.

    3. Injection attacks: Prevent SQL injection, code injection, or other types of injection attacks by following secure coding practices, input validation, and using parameterized queries or prepared statements.

    4. Unauthorized access: Enforce strong authentication mechanisms, such as multi-factor authentication (MFA), and regularly rotate access keys. Utilize AWS CloudTrail for auditing and monitoring API activity.

    5. Malware and vulnerabilities: Regularly update and patch your systems and applications to mitigate vulnerabilities. Use AWS WAF (Web Application Firewall) to protect against common web exploits and install security patches promptly.

    6. Insider threats: Implement least privilege principles by granting permissions only as necessary. Monitor user activities using logging and auditing tools like AWS CloudTrail and Amazon GuardDuty.

    7. Account compromise: Enable AWS CloudTrail to log all account activity and monitor for any unauthorized changes. Implement strong password policies, enforce password rotation, and utilize AWS Secrets Manager for secure storage and management of credentials.

It's essential to stay updated with the latest security best practices provided by AWS and regularly assess and improve your security measures to mitigate potential risks.

  1. Can we recover the EC2 instance when we have lost the key?

    If you lose the key pair for an EC2 instance, you cannot directly recover it. The key pair is used for SSH access to the instance, and without the private key, you cannot access the instance.

    To regain access, you have a few options:

    • If the instance is in a public subnet and you have an Elastic IP associated with it, you can launch a new instance with a new

key pair and associate the Elastic IP to the new instance.

  • If the instance is in a private subnet without an Elastic IP, you will need to create a new instance with a new key pair and update the necessary configurations (security groups, load balancer settings) to point to the new instance.

In either case, you may need to restore any data or configurations from backups or snapshots if they are available.

  1. What is a gateway?

    In the context of AWS, a gateway is a service that acts as an entry point or connection between different networks or services. It enables communication and data flow between two separate environments.

    For example, AWS provides the following gateways:

    • VPC (Virtual Private Cloud) Gateway: A VPC gateway allows connectivity between your VPC and other networks, such as on-premises data centers or remote networks.

    • API Gateway: API Gateway acts as a front-end for APIs, allowing you to create, publish, and manage APIs that can be accessed securely by clients.

    • Direct Connect Gateway: Direct Connect Gateway enables connectivity between your AWS Direct Connect connections and multiple Virtual Private Gateways.

    • Transit Gateway: Transit Gateway simplifies network connectivity and routing between VPCs, VPNs, and Direct Connect connections within a network architecture.

  2. What is the difference between Amazon Rds, Dynamodb, and Redshift?

    • Amazon RDS: It is a managed relational database service that supports popular database engines like MySQL, PostgreSQL, Oracle, and SQL Server. RDS simplifies database administration tasks such as patching, backups, and scaling while providing high availability and durability.

    • Amazon DynamoDB: It is a fully managed NoSQL database service that offers fast and flexible storage for applications requiring low latency access to large datasets. DynamoDB is known for its scalability, automatic sharding, and seamless replication across multiple regions.

    • Amazon Redshift: It is a fully managed data warehousing service designed for analytics and business intelligence applications. Redshift allows you to efficiently analyze large datasets using SQL queries, parallel processing, and columnar storage.

  3. Do you prefer to host a website on S3? What's the reason if your answer is either yes or no?

    Whether to host a website on Amazon S3 depends on the specific requirements of the website:

    Yes, hosting on S3:

    • If the website is static (HTML, CSS, JavaScript) without server-side processing requirements, S3 provides a simple, cost-effective solution. It offers high availability, scalability, and the ability to distribute content globally using Amazon CloudFront.

No, not hosting on S3:

  • If the website requires server-side processing, dynamic content generation, or a backend database, using a combination of services like EC2, Elastic Beanstalk, or AWS Lambda with Amazon RDS or DynamoDB may be more suitable.

In summary, S3 is an excellent option for hosting static websites, providing simplicity, low cost, and global content delivery capabilities.

Happy Learning :)

Mohammed Muqafamuddin