Top 100 Aws Interview Questions & Answers

Here is the list of top 100 interview questions for AWS to be asked recently in all the top companies with answers.

Frequently asked Aws Interview Questions

Q1. Define AWS?

Answer:Amazon Web Services (AWS) is the world's most comprehensive cloud platform, offering 200 fully featured services from data centers globally. It is a platform to provide secure cloud services, database storage, offerings to compute power, content delivery, and other services to help business level and develop.

Q2. What is EC2?

Answer:Amazon Elastic Compute Cloud (Amazon EC2) provides scalable computing capacity in the Amazon Web Services Cloud.  It is designed to make web-scale cloud computing easier for developers which provides with complete control of the computing resources and run on Amazon's proven computing environment.

Q3. What is Elastic Transcoder?

Answer:Amazon Elastic Transcoder is media transcoding in the cloud which is designed to be a highly scalable, easy to use and a cost effective way for developers and businesses to convert media files from their source format into versions that will playback on devices like smartphones, tablets and PCs.

Q4. What is auto-scaling?

Answer:Auto-scaling is a function that allows providing provision and launching new instances whenever there is a demand. It automatically increase or decrease resource capacity in relation to the demand.

Q5. What is the importance of buffer in Amazon Web Services?

Answer:An Elastic Load Balancer ensures that the incoming traffic is distributed optimally across various AWS instances. A buffer will synchronize different components and makes the arrangement additionally elastic to a burst of load or traffic. The components are prone to work in an unstable way of receiving and processing requests. The buffer creates an equilibrium linking various apparatus and crafts them work at an identical rate to supply more rapid services.

Q6. What is geo-targeting in CloudFront?

Answer: Geo-Targeting is a concept where businesses can show personalized content to their audience based on their geographic location without changing the URL. This helps to create customized content for the audience of a specific geographical area, keeping their needs in the forefront.

Attend a Free Online Mock Interview

Q7. What do you understand by VPC?

Answer: VPC stands for Virtual Private Cloud that allows to customize the networking configuration. It is a network that is logically isolated from other networks in the cloud. It allows to have the private IP Address range, internet gateways, subnets, and security groups.

Q8. What are the Storage Classes available in Amazon S3?

Answer: Storage Classes available with Amazon S3 are:

  • Amazon S3 Standard
  • Amazon S3 Standard-Infrequent Access
  • Amazon S3 Reduced Redundancy Storage
  • Amazon Glacier

Q9. Why do we make subnets?

Answer: To create subnet, divide a large network into smaller ones that can be created for several reasons. It helps to reduce congestion by making sure that the traffic destined for a subnet stays in that subnet and improve efficiently routing the traffic coming to the network that reduces the network’s load.

Q10. Define and explain the three basic types of cloud services and the AWS products that are built based on them?

Answer: (i)Computing
Computing - include EC2, Elastic Beanstalk, Lambda, Auto-Scaling, and Lightsat.
Storage - include S3, Glacier, Elastic Block Storage, and Elastic File System.
Networking - include VPC, Amazon CloudFront, and Route53.

Q11. What are Key-Pairs in AWS?

Answer: Key-Pairs are secure login information for the Virtual Machines. Key-Pairs contain a Public Key and a Private Key that can be used to connect to the instances.

Q12. List different types of Cloud Services?

Answer: Different types of Cloud Services are:
(i)Software as a Service (SaaS)
(ii)Data as a Service (DaaS)
(iii)Platform as a Service (PaaS)
(iv)Infrastructure as a Service (IaaS)

Q13. What does AMI include?

Answer: An AMI includes,
(i)A template for the root volume for the instance.
(ii)Launch permissions to decide which AWS accounts can avail the AMI to launch instances.
(iii)A block device mapping that determines the volumes to attach to the instance when it is launched.

Q14. What is S3?

Answer:S3 stands for Simple Storage Service used to store and retrieve any amount of data, at any time and from anywhere on the web. For S3, the payment model is “pay as you go”.

Q15. What is the relation between the Availability Zone and Region?

Answer: AWS regions are separate geographical areas, like the US-West 1 (North California) and Asia South (Mumbai). Availability zones are the areas that are present inside the regions. These are isolated zones that can replicate themselves whenever required.

Q16. What is a DDoS attack, and what services can minimize them?

Answer: DDoS is a cyber-attack in which the perpetrator accesses a website and creates multiple sessions so that the other legitimate users cannot access the service. The native tools that can help to deny the DDoS attacks on the AWS services are:

  • AWS Shield
  • Amazon Route53
  • Amazon CloudFront
  • ELB
  • VPC

Q17. What are the advantages of AWS IAM?

Answer: AWS IAM enables an administrator to provide granular level access to different users and groups. Different users and user groups may need different levels of access to different resources created. With IAM, roles can be created with specific access-levels and assign the roles to the users. 
It also allows to provide access to the resources to users and applications without creating the IAM Roles, which is known as Federated Access.

Q18. Explain what T2 instances are?

Answer: T2 Instances are designed to provide moderate baseline performance and the capability to burst to higher performance as required by the workload.

Q19.How does Amazon Route 53 provide high availability and low latency?

Answer: Amazon Route 53 uses the following to provide high availability and low latency:

  • Globally Distributed Servers - Amazon is a global service and consequently has DNS Servers globally. Any customer creating a query from any part of the world gets to reach a DNS Server local to them that provides low latency.
  • Dependency - Route 53 provides a high level of dependability required by critical applications.
  • Optimal Locations - Route 53 serves the requests from the nearest data center to the client sending the request. AWS has data-centers across the world. The data can be cached on different data-centers located in different regions of the world depending on the requirements and the configuration chosen. Route 53 enables any server in any data-center which has the required data to respond. This way, it enables the nearest server to serve the client request, thus reducing the time taken to serve.

Q20. What are the different types of Instances?


  • Compute Optimized
  • Memory-Optimized
  • Storage Optimized
  • Accelerated Computing
  • General Purpose

Q21. What are the different types of EC2 instances based on their costs?

Answer:The three types of EC2 instances based on the costs are:
On-Demand Instance -are prepared as and when needed. Whenever we need a new EC2 instance, create an on-demand instance. It is cheap for the short-time but not when taken for the long term.
Spot Instance - can be bought through the bidding model which are comparatively cheaper than On-Demand Instances.
Reserved Instance - On AWS, create instances that can be reserved for a year or so. These types of instances are especially useful when we know in advance that will need an instance for the long term. It helps to create a reserved instance and save heavily on costs.

Q22. What are the steps involved in a CloudFormation Solution?


  • Create or use an existing CloudFormation template using JSON or YAML format.
  • Save the code in an S3 bucket, that serves as a repository for the code.
  • Use AWS CloudFormation to call the bucket and create a stack on the template. 
  • CloudFormation reads the file and understands the services that are called, their order, the relationship between the services, and provisions the services one after the other.

Q23. How can we save the data on root volume on an EBS-backed machine?


  • Create a snapshot of the root volume.
  • Register a new AMI using the snapshot.
  • Launch a new instance from the new AMI.
  • Detach the remaining Amazon EBS volumes from the old instance.
  • Reattach the Amazon EBS volumes to the new instance.
  • /div>

    Q24. Mention what the key components of AWS are?

    Answer: The key components of AWS are

  • Route 53:A DNS web service
  • Simple E-mail Service: allows sending e-mail using RESTFUL API call or via regular SMTP
  • Identity and Access Management: provides enhanced security and identity management for your AWS account
  • Simple Storage Device or (S3):is a storage device and the most widely used AWS service
  • Elastic Compute Cloud (EC2): provides on-demand computing resources for hosting applications in case of unpredictable workloads
  • Elastic Block Store (EBS): offers persistent storage volumes that attach to EC2 to allow to persist data past the lifespan of a single Amazon EC2 instance
  • CloudWatch: To monitor AWS resources, it allows administrators to view and collect key can set a notification alarm in case of trouble.
  • Q25. Mention what the relationship between an instance and AMI is?

    Answer: From a single AMI, launch multiple types of instances in which an instance type defines the hardware of the host computer used for the instance. Each instance type provides different computer and memory capabilities.  Once we launch an instance, it looks like a traditional host, and we can interact with it as we would with any computer.

    Q26. How can you send a request to Amazon S3?

    Answer:Amazon S3 is a REST service which helps to send a request by using the REST API or the AWS SDK wrapper libraries that wrap the underlying Amazon S3 REST API.

    Q27. What are the Roles?

    Answer: Roles are used to provide permissions to entities which we can trust within the AWS account. Roles are very similar to users. However with roles, username and password are not required to create to work with the resources.

    Q28. How do we monitor Amazon VPC?

    Answer: We can monitor Amazon VPC using:

  • CloudWatch
  • VPC Flow Logs
  • Q29. What do we understand by a Security Group?

    Answer: When we create an instance in AWS, we want the instance to be accessible from some networks and not from others.
    Security Groups are a type of rule-based Virtual Firewall using which we can control access to the instances. To create rules defining the Port Numbers, Networks, or protocols from which we want to allow access or deny access.

    Q30. How many Elastic IPs is allowed to be created by AWS?

    Answer: 5 VPC Elastic IP addresses are allowed for each AWS account

    Q31. What are the edge locations?

    Answer:Edge location is the area where the contents will be cached. So, when a user is trying to accessing any content, the content will automatically be searched in the edge location.

    Q32. Explain Connection Draining?

    Answer: Connection Draining is a feature provided by AWS which enables the servers which are either going to be updated or removed, to serve the current requests. 
    If Connection Draining is enabled, the Load Balancer will allow an outgoing instance to complete the current requests for a specific period but will not send any new request to it. Without Connection Draining, an outgoing instance will immediately go off and the requests pending on that instance will error out.

    Q33. What is a Power User Access in AWS?

    Answer: A Power User Access provides Administrator Access without the capability to manage the users and permissions. A user with Power User Access can create, delete, modify or see the resources, but he cannot grant permissions to other users.

    Q34. What does an AMI include?

    Answer: An AMI includes the following things

    • A template for the root volume for the instance
    • Launch permissions decide which AWS accounts can avail the AMI to launch instances
    • A block device mapping that determines the volumes to attach to the instance when it is launched

    Q35. Is there any other alternative tool to log into the cloud environment other than console?


    • AWS CLI for Linux
    • AWS CLI for Windows
    • AWS CLI for Windows CMD
    • AWS SDK
    • Eclipse

    Q36. Name some of the AWS services that are not region-specifi?

    Answer: AWS services that are not region-specific are:

    • IAM
    • Route 53
    • Web Application Firewall 
    • CloudFront

    Q37. What is the difference between stopping and terminating an EC2 instance? 

    Answer: When we stop an EC2 instance, it performs a normal shutdown on the instance and moves to a stopped state. However, when we terminate the instance, it is transferred to a stopped state, and the EBS volumes attached to it are deleted and can never be recovered.

    Q38. Is there a way to upload a file that is greater than 100 megabytes in Amazon S3?

    Answer: Yes, it is possible by using multipart upload utility from AWS. With multipart upload utility, larger files can be uploaded in multiple parts that are uploaded independently. You can also decrease upload time by uploading these parts in parallel. After the upload is done, the parts will be merged into a single object or file to create the original file from which the parts were created.

    Q39. How will you configure an Amazon S3 bucket to serve static assets for your public web application?

    Answer: By configuring the bucket policy to provide public read access to all objects That is all we have in our section on basic Amazon Web Services interview questions section. Let’s move onto the next section on AWS interview questions for experienced professionals.

    Q40. What are the common types of AMI designs?


    • Fully Baked AMI
    • FJust Enough Baked AMI (JeOS AMI)
    • FHybrid AMI

    Q41. How do you allow a user to gain access to a specific bucket?


    • The four steps processes to gain access to a specific bucket are:
    • Categorize your instances
    • Define how authorized users can manage specific servers.
    • Lockdown your tags
    • Attach your policies to IAM users

    Q42. Name and explain some security products and features available in VPC?


    • Security groups - acts as a firewall for the EC2 instances, controlling inbound and outbound traffic at the instance level.
    • Network access control lists - acts as a firewall for the subnets, controlling inbound and outbound traffic at the subnet level.
    • Flow logs - capture the inbound and outbound traffic from the network interfaces in the VPC.

    Q43. What are the factors to consider while migrating to Amazon Web Services?


    • Operational Costs - includes the cost of infrastructure, ability to match demand and supply, transparency, and others.
    • Workforce Productivity
    • Cost avoidance
    • Operational resilience
    • Business agility

    Q44.How can you automate EC2 backup using EBS?

    Answer: Use the following steps in order to automate EC2 backup using EBS:
    (i)Get the list of instances and connect to AWS through API to list the Amazon EBS volumes that are attached locally to the instance.
    (ii)List the snapshots of each volume, and assign a retention period of the snapshot. Later on, create a snapshot of each volume.
    (iii)Make sure to remove the snapshot if it is older than the retention period.

    Q45. What are the different types of load balancers in AWS?


    • Application Load Balancer
    • Network Load Balancer
    • Classic Load Balancer

    Q46. How can we use AWS WAF in monitoring your AWS applications?

    Answer: AWS WAF or AWS Web Application Firewall protects the web applications from web exploitations. It helps to control the traffic flow to the applications. With WAF, create custom rules that block common attack patterns. It can be used for three cases: allow all requests, prevent all requests, and count all requests for a new policy.

    Q47. What are the different uses of the various load balancers in AWS Elastic Load Balancing?

    Answer: Application Load Balancer
    Used if we need flexible application management and TLS termination.
    Network Load Balancer
    Used if we require extreme performance and static IPs for your applications.
    Classic Load Balancer
    Used if we application is built within the EC2 Classic network

    Q48. What is the difference between Latency Based Routing and Geo DNS?

    Answer: The Geo Based DNS routing takes decisions based on the geographic location of the request. Whereas, the Latency Based Routing utilizes latency measurements between networks and AWS data centers. Latency Based Routing is used when we want to give the customers the lowest latency possible. Geo Based routing is used when we want to direct the customer to different websites based on the country or region they are browsing from.

    Q49. What is a maintenance window in Amazon RDS? Will your DB instance be available during maintenance events?

    Answer: RDS maintenance window helps to decide when DB instance modifications, database engine version upgrades, and software patching have to occur. The automatic scheduling is done only for patches that are related to security and durability. By default, there is a 30-minute value assigned as the maintenance window and the DB instance will still be available during these events though you might observe a minimal effect on performance.

    Q50. What are the different AWS IAM categories that you can control?

    Answer: Using AWS IAM,

    • Create and manage IAM users
    • Create and manage IAM groups
    • Manage the security credentials of the users
    • Create and manage policies to grant access to AWS services and resources

    Q51. WHow do you upgrade or downgrade a system with near-zero downtime?

    Answer: You can upgrade or downgrade a system with near-zero downtime using the following steps of migration:

    • Open EC2 console
    • Choose Operating System AMI
    • Launch an instance with the new instance type
    • Install all the updates
    • Install applications
    • Test the instance to see if it’s working
    • If working, deploy the new instance and replace the older instance
    • Once it’s deployed, you can upgrade or downgrade the system with near-zero downtime.

    Q52. What are the native AWS Security logging capabilities?

    Answer: Most of the AWS services have their logging options. Also, some of them have an account level logging, like in AWS CloudTrail, AWS Config, and others. Let’s take a look at two services in specific:
    AWS CloudTrail
    This is a service that provides a history of the AWS API calls for every account. It lets you perform security analysis, resource change tracking, and compliance auditing of your AWS environment as well. The best part about this service is that it enables you to configure it to send notifications via AWS SNS when new logs are delivered.
    AWS Config 
    This helps to understand the configuration changes that happen in your environment. This service provides an AWS inventory that includes configuration history, configuration change notification, and relationships between AWS resources. It can also be configured to send information via AWS SNS when new logs are delivered.

    Q53. What are the different types of virtualization in AWS, and what are the differences between them?

    Answer: The three major types of virtualization in AWS are: 

    • Hardware Virtual Machine (HVM)
    • It is a fully virtualized hardware, where all the virtual machines act separate from each other. These virtual machines boot by executing a master boot record in the root block device of your image.
    • Paravirtualization (PV)
    • Paravirtualization-GRUB is the bootloader that boots the PV AMIs. The PV-GRUB chain loads the kernel specified in the menu.
    • Paravirtualization on HVM
    • PV on HVM helps operating systems take advantage of storage and network I/O available through the host.

    Q54.How do you set up SSH agent forwarding so that you do not have to copy the key every time you log in?


    • Go to your PuTTY Configuration
    • Go to the category SSH -> Auth
    • Enable SSH agent forwarding to your instance

    Q55. What is the use of lifecycle hooks is Autoscaling?

    Answer:Lifecycle hooks are used for Auto-scaling to put an additional wait time to a scale-in or a scale-out event.

    Q56. What are Recovery Time Objective and Recovery Point Objective in AWS?

    Answer: Recovery Time Objective is the maximum acceptable delay between the interruption of service and restoration of service. This translates to an acceptable time window when the service can be unavailable. Recover Point Objective is the maximum acceptable amount of time since the last data restore point. It translates to the acceptable amount of data loss which lies between the last recovery point and the interruption of service.

    Q57. What is a Power User Access in AWS?

    Answer: An Administrator User will be similar to the owner of the AWS Resources. He can create, delete, modify or view the resources and also grant permissions to other users for the AWS Resources.
    A Power User Access provides Administrator Access without the capability to manage the users and permissions. In other words, a user with Power User Access can create, delete, modify or see the resources, but he cannot grant permissions to other users.

    Q58. What is a Stateful and a Stateless Firewall?

    Answer: A Stateful Firewall is the one that maintains the state of the rules defined. It requires defining only inbound rules. Based on the inbound rules defined, it automatically allows the outbound traffic to flow. 
    A Stateless Firewall requires to explicitly defining rules for inbound as well as outbound traffic. For example, if you allow inbound traffic from Port 80, a Stateful Firewall will allow outbound traffic to Port 80, but a Stateless Firewall will not do so.

    Q59. What are an Instance Store Volume and an EBS Volume?

    Answer: An Instance Store Volume is temporary storage that is used to store the temporary data required by an instance to function. The data is available as long as the instance is running. As soon as the instance is turned off, the Instance Store Volume gets removed and the data gets deleted.
    An EBS Volume represents a persistent storage disk and he data stored will be available even after the instance is turned off.

    Q60. How does Amazon Route 53 provide high availability and low latency?

    Answer:Amazon Route 53 uses the following to provide high availability and low latency:
    Globally Distributed Servers - Amazon is a global service and consequently has DNS Servers globally. Any customer creating a query from any part of the world gets to reach a DNS Server local to them that provides low latency.
    Dependency - Route 53 provides a high level of dependability required by critical applications.
    Optimal Locations - Route 53 serves the requests from the nearest data center to the client sending the request. AWS has data-centers across the world. The data can be cached on different data-centers located in different regions of the world depending on the requirements and the configuration chosen. Route 53 enables any server in any data-center which has the required data to respond. This way, it enables the nearest server to serve the client request, thus reducing the time taken to serve.

    Q61. What does AMI include?


    • A template for the root volume for the instance.
    • Launch permissions to decide which AWS accounts can avail the AMI to launch instances.
    • A block device mapping that determines the volumes to attach to the instance when it is launched.

    Q62. What are the consistency models for modern DBs offered by AWS?

    Answer: Eventual Consistency - It means that the data will be consistent eventually that will serve the client requests faster, but chances are that some of the initial read requests may read the stale data. This type of consistency is preferred in systems where data need not be real-time. Strong Consistency - It provides an immediate consistency where the data will be consistent across all the DB Servers immediately. Accordingly, this model may take some time to make the data consistent and subsequently start serving the requests again. However, in this model, it is guaranteed that all the responses will always have consistent data.

    Q63. What are Spot Instances and On-Demand Instances?

    Answer: When AWS creates EC2 instances, there are some blocks of computing capacity and processing power left unused. AWS releases these blocks as Spot Instances. Spot Instances run whenever capacity is available. These are a good option if you are flexible about when your applications can run and if your applications can be interrupted.
    On the other hand, On-Demand Instances can be created as and when needed. The prices of such instances are static. Such instances will always be available unless you explicitly terminate them.

    Q64. Can you change the Private IP Address of an EC2 instance while it is running or in a stopped state?

    Answer: No, a Private IP Address of an EC2 instance cannot be changed. When an EC2 instance is launched, a private IP Address is assigned to that instance at the boot time. This private IP Address is attached to the instance for its entire lifetime and can never be changed.

    Q65. Explain various types of cloud service models in brief?


    • IaaS – Infrastructure as a Service (IaaS) allows users to access virtual computing resources with the help of the internet. A service provider hosts server, storage, hardware, etc. on behalf of the users via IaaS. It offers high scalability and can adapt according to the workload. IaaS providers also manage tasks of their users like system maintenance, backup, resilience, etc.
    • PaaS – Platform as a Service (PaaS) helps service providers to deliver software and hardware tools to their users. It is especially used for the application development process, and one can receive applications from the service provider via the internet using PaaS. Users do not have to own in-house software/hardware for application development/testing as they can do it with the help of PaaS.
    • SaaS – Software as a Service (SaaS) is a widely sold model by service providers for software distribution. On-demand computing software can be delivered using SaaS to the users/customers. The SaaS model is preferred as it is easy to administer and manage patches.

    Q66. What do you know about NAT gateways in AWS?

    Answer: NAT (Network Address Translation) is an AWS service that helps in connecting an EC2 instance to the internet. The EC2 instance used via NAT should be in a private subnet. Not only the internet but NAT can also help in connecting an EC2 instance to other AWS services.
    Since we are using the EC2 instance in a private subnet, connecting to the internet via any other means would make it public. NAT helps in retaining the private subnet while establishing a connection between the EC2 instance and the internet. Users can create NAT gateways or NAT instances for establishing a connection between EC2 instances and internet/AWS services.
    NAT instances are single EC2 instances, while NAT gateways can be used across various availability zones. If you are creating a NAT instance, it will support a fixed amount of traffic decided by the instance’s size.

    Q67. What are the main differences between AWS and OpenStack?

    Answer: Both AWS and OpenStack are indulged in providing cloud computing services to their users. AWS is owned and distributed by Amazon, whereas OpenStack is an open-source cloud computing platform. AWS offers various services in cloud computing and offers IaaS, PaaS, etc., whereas OpenStack is an IaaS cloud computing platform. You can use OpenStack for free as it is open source, but you have to pay for AWS services as you use it.
    Another significant difference between AWS and OpenStack is in terms of performing repeatable operations. While AWS performs repeatable functions via templates, OpenStack does it via text files. OpenStack is good for understanding and learning cloud computing, but AWS is better and equipped for businesses. AWS also offers business development tools that OpenStack does not offer.

    Q68. What do you know about AWS Lambda?

    Answer: AWS Lambda is a computing platform provided as a part of the AWS services that do not need servers to perform activities. Any code compiled on AWS Lambda will run in response to events, and it identifies the resources required for code compilation automatically. AWS Lambda supports various coding languages like Node.js, Python, Java, Ruby, etc. With AWS Lambda, you will pay only for the time your code is being executed. You will not be charged any amount when you are not using any computer time.

    Q69. Explain an AWS service that one can use for protecting the AWS infrastructure from DDoS attacks?

    Answer: For safeguarding the applications running on AWS from any kind of DDoS (Distributed Denial of Service) attacks, we can use AWS Shield. AWS Shield can automatically identify a DDoS attack and will reduce the application downtime and latency. A firm doesn’t have to contact Amazon tech support as all the protective measures can be automated via AWS Shield. All the AWS users are subjected to automatic protections against DDoS attacks via AWS Shield Standard. However, for protection against large/organized DDoS attacks, one can use the AWS Shield Advanced services. 
    AWS Shield Advanced protects the AWS-based applications against various sophisticated DDoS attacks on the network and transport layer. It also provides real-time visibility and monitoring at the time of any DDoS attack on the AWS applications.

    Q70. Explain the various types of virtualization in AWS in brief?

    Answer: HVM – HVM (Hardware Virtual Machine) helps in full virtualization of hardware where all the virtual hardware machines act as an individual unit. Once AWS AMI virtualization is done, the virtual machines execute the master boot record to boot themselves. The root block device of the created AWS machine image contains the master boot record executed by virtual machines.
    PV – PV (Paravirtualization) is virtualization to a lighter degree as compared to HVM. The guest OS in PV will require some modifications before performing anything. These modifications help users to export a scalable and modified version of hardware to the virtual machines.
    PV on HVM – Paravirtualization on HVM can also be done for increased functionality. Operating systems can get access to storage and network I/O through the host via PV on HVM.

    Q71.Explain what you know about CloudFront CDN?

    Answer: CloudFront CDN (Computer Delivery Network) is a group of distributed servers used to deliver web content like webpages, etc. The delivery done by CloudFront CDN is based on the geographic region of the user, webpage origin, and the server being used for content delivery. The origin of all the files that are to be distributed by the CDN needs to be defined. An origin for CDN can be an S3 bucket, an AWS instance, or an elastic load balancer. Two types of distribution are done by CloudFront CDN that is web distribution, and RTMP. Web distribution is used for websites, whereas RTMP is used for media streaming. There are around 50 edge locations distributed in various parts of the world. Edge locations are sites where the web content is cached during the delivery process.

    Q72. What is the Simple Notification Service offered by AWS?

    Answer: Simple Notification Service (SNS) offered by AWS is a means of sending messages from one application to another. It is a cost-effective solution that helps users publish messages from any particular application and forward them to other applications. SNS can also send push notifications to various mobile devices like Apple, Google, Windows phones, etc. One can also send an email/SMS to an HTTP endpoint using AWS SNS.
    The best feature of SNS is that multiple types of endpoints can be grouped. SNS also supports various types of endpoints under one topic. For example, one can group Apple and Android recipients using SNS and send messages to all subscribers. SNS stores the messages already published in various availability zones to prevent any type of data loss.

    Q73.What do you know about the S3 transfer acceleration service offered by Amazon?

    Answer: S3 transfer acceleration is used to make uploads to S3 quickly. S3 transfer acceleration does not upload directly to an S3 bucket as it uploads the file to the nearest edge location. A distinct URL is used by S3 transfer acceleration to upload the file to the nearest edge location and then transfer it to the required S3 bucket.
    CloudFront edge network is utilized by S3 transfer acceleration to make uploads quickly, and it also optimizes the transfer process. The edge location to which the file is uploaded will automatically transfer the file to the S3 bucket in less time. The data between clients and S3 buckets can be securely transferred using the S3 transfer acceleration service by Amazon.

    Q74. Explain some of the advantages of using AWS RDS?

    Answer: The benefits of using AWS RDS are as follows:

    • While using AWS RDS, you can control/tweak various database services like CPU, storage, etc., individually.
    • AWS RDS helps you in enabling automatic backup and updating your database servers to the latest configuration.
    • AWS RDS also creates a backup instance that can be used at the time of failover and prevents data loss.
    • You can distribute the read traffic by creating RDS read replicas from the source database.

    Q75. What do you understand by volume & snapshot in AWS?

    Answer: In AWS, volume is block-level storage that we can assign to an EC2 instance. We can compare this to a hard disk from where the user can read or write the data. You pay for the data used by volumes as it is a way of measuring the storage section.
    A snapshot is formed when we have a volume as it is a single point in time view of a volume. When the data stored in a volume is copied to another location at a single point in time, a snapshot is formed.

    Q76. Mention the differences between security groups and a network access control list?

    Answer: AWS interview questions can be related to cloud access, security, customer service, and many more topics. One should practice AWS interview questions from diverse topics related to AWS services for cracking the interview.
    Security groups are used to control access to instances, while the network access control list is concerned with controlling the access at the subnet level. Network access control list can add rules for both ‘allow’ and ‘deny,’ whereas security groups can add only rules for ‘allow.’

    Q77. What is Cross Region Replication?

    Answer: Cross Region Replication is a service available in aws that enables to replicate the data from one bucket to another bucket which could be in a same or different region. It provides asynchronous copying of objects, i.e., objects are not copied immediately

    Q78. What are Regions and Availability Zones in aws?

    Answer:Regions: A region is a geographical area which consists of 2 or more availability zones. A region is a collection of data centers which are completely isolated from other regions.
    Availability zones: An Availability zone is a data center that can be somewhere in the country or city. Data center can have multiple servers, switches, firewalls, load balancing. The things through which you can interact with the cloud reside inside the Data center.

    Q79. What are EBS Volumes?

    Answer: Elastic Block Store is a service that provides a persistent block storage volume for use with EC2 instances in aws cloud. EBS volume is automatically replicated within its availability zone to prevent from the component failure. It offers high durability, availability, and low-latency performance required to run your workloads.

    Q80. What is an EIP?

    Answer: EIP (Elastic IP address) is a service provided by an EC2 instance. It is basically a static IP address attached to an EC2 instance. This address is associated with your AWS account not with an EC2 instance. You can also disassociate your EIP address from your EC2 instance and map it to another EC2 instance in your AWS account.

    Q81. What are policies?

    Answer: Policy is an object which is associated with a resource that defines the permissions. AWS evaluate these policies when user makes a request. Permissions in the policy determine whether to allow or to deny an action. Policies are stored in the form of a JSON documents.

    Q82. What is VPC peering connection?


    • A VPC peering connection is a networking connection that allows you to connect one VPC with another VPC through a direct network route using private IP addresses.
    • By using VPC peering connection, instances in different VPC can communicate with each other as if they were in the same network.
    • You can peer VPCs in the same account as well as with the different AWS account

    Q83. Differences between Amazon S3 and EC2?

    Answer: S3 is a storage service where it can store any amount of data which consists of a REST interface and uses secure HMAC-SHA1 authentication keys.
    EC2 is a web service used for hosting an application. It is a virtual machine which can run either Linux or Windows and can also run the applications such as PHP, Python, Apache or other databases.

    Q84. What is Amazon Kinesis Firehose?

    Answer: An Amazon Kinesis Firehose is a web service used to deliver real-time streaming data to destinations such as Amazon Simple Storage Service, Amazon Redshift, etc.

    Q85. Differences between horizontal scaling and vertical scaling?

    Answer: Vertical scaling means scaling the compute power such as CPU, RAM to your existing machine while horizontal scaling means adding more machines to your server or database. Horizontal scaling means increasing the number of nodes, and distributing the tasks among different nodes.

    Q86. What are the basic structures of the Amazon EC2 service?

    Answer: Amazon EC2 service is a cloud facility which has entirely all the cloud features. Amazon EC2 delivers the subsequent features:

    • Virtual computing atmosphere (popular as instances)
    • Pre-configured patterns
    • Amazon Machine Images 

    Q87. What is multi-AZ RDS?

    Answer: Multi-AZ (Availability Zone) RDS enables you to have a copy of your generation database in another accessibility zone. Multi-AZ (Availability Zone) database is utilized for calamity recuperation. You will have a precise of your database. So when your essential database goes down, your application will consequently fail over to the backup database.

    Q88. What Is Configuration Management?

    Answer:Configuration management has been around for quite a while in web tasks and frameworks organization. However, its social ubiquity has been constrained. Most frameworks head design machines as programming were created before adaptation control – that is physically making changes on servers. Every server can look at that point and for the most part, is somewhat extraordinary.
    Investigating, however, is clear as you log in to the crate and work on it legitimately. Setup the executives brings a huge robotization instrument in the image, overseeing servers like strings of a manikin.
    This powers institutionalization, best practices, and reproducibility as all configs are formed and oversaw. It likewise presents another method for working, which is the greatest obstacle to its reception.

    Q89. If my AWS Direct Connect flops, will I lose my connection?

    Answer: If a gridlock AWS Direct connects has been arranged, on the occasion of a let-down it will change over to the second one. It is optional to permit Bidirectional Forwarding Detection (BFD) when arranging your influences to safeguard faster recognition and failover. On the other hand, if you have ];]lmhj
    ‘organized a backup IPsec VPN joining as an alternative, all VPC traffic will failover to the backup VPN connection routinely.

    Q90. What is the role of a Route Table?

    Answer: Route Table is utilized to network the system pockets. By and a large one-course table would be accessible in each subnet. Course table can have any no. of records or data, subsequently appending different subnets to a course table is additionally conceivable.

    Q91. Which instance will you use for deploying a 4-node Hadoop cluster in AWS?

    Answer: We can utilize a c4.8x large instance or i2. large for this, yet utilizing a c4.8x will require a superior configuration on PC.

    Q92. What is a redshift?

    Answer: Redshift is a major information distribution center item. It is quick and incredible, completely overseen information distribution center administration in the cloud.

    Q93. What are the parameters for S3 pricing?

    Answer: The parameters of pricing model for S3 are

    • Storage used
    • Number of requests you make
    • Storage management
    • Data transfer
    • Transfer acceleration

    Q94.Does Clustering need to be turned on to use GSLB?

    Answer: Yes, we should turn on grouping and design it to utilize Global Server Load Balancing. Every single intermediary must gain a similar design so that every bit of hardware can go about as a DNS server if it turns into the master for the site. Every one of the destinations will have a special SLB/GSLB/Cluster design, and utilize the GSLB site flood order with the goal that the remote GSLB site can be added to the nearby machine.

    Q95. Explain what happens when rebooting a running EC2 instance?

    Answer: Rebooting a running EC2 instance is just similar to rebooting a PC. We cannot return to the image’s original state, but, the contents of the hard disk are going to remain the same.

    Q96.What are the important features of Amazon cloud search?

    Answer: Important features of the Amazon cloud are:

    • Boolean searches
    • Prefix Searches
    • Range searches
    • Entire text search
    • AutoComplete advice

    Q97. How to Disable Password-based Logins for Root in Amazon Ec2 Instance?

    Answer: Utilizing a fixed root secret key for an open AMI is a security chance that can rapidly become known. Notwithstanding depending on clients to change the password after the first login opens a lucky little opening for potential maltreatment.

    Q98. Explain the AWS Certificate Manager?

    Answer: AWS Certificate Manager deals with the unpredictability of broadening, giving, and controlling the endorsements, which are conceded over ACM to the client's AWS-based forms and websites.
    Individuals deal with ACM to keep up and appeal the endorsements and practice other Amazon web administrations for the site's motivation. ACM authentications can't be dealt with outside of AWS.

    Q99. Mention the work of an Amazon VPC router?

    Answer: Empowering of Amazon EC2 cases that is inside the subnet so it can speak with Amazon EC2 occurrences on different subnets that are in the equivalent VPC is finished by an Amazon VPC switch. It helps in empowering Internet portals, subnets, and virtual private passages so they can speak with one another. You are qualified to get arrange utilization measurements from the cases which are utilizing Amazon cloud watch. 

    Q100. Are you allowed to run multiple websites on an EC2 server while using a single IP address?

    Answer: Yes we can run multiple websites on an EC2 server with the help of more than one elastic IP.