Day 49 - INTERVIEW QUESTIONS ON AWS (Jan 14, 2024)
01. Name 5 AWS services you have used and what’s the use cases?
Here are five AWS services I have used and their use cases:
Amazon EC2 (Elastic Compute Cloud) — Used to launch and manage virtual servers in the cloud. I have used EC2 for various use cases such as web hosting, data processing, and machine learning.
Amazon S3 (Simple Storage Service) — Used to store and retrieve data objects in the cloud. I have used S3 for storing and serving static website files, as well as for storing and sharing data among different applications.
Amazon RDS (Relational Database Service) — Used to set up, operate, and scale relational databases in the cloud. I have used RDS for various use cases such as setting up WordPress websites, running business applications, and managing customer data.
Amazon SQS (Simple Queue Service) — Used to manage message queues that decouple the components of a cloud application. I have used SQS to enable asynchronous processing and messaging between different parts of a cloud application.
Amazon CloudFront — Used to deliver static and dynamic web content, including streaming video and audio, at high speeds and low latency. I have used CloudFront for various use cases such as serving static website files, distributing software updates, and streaming media content.
02. What are the tools used to send logs to the cloud environment?
There are several tools that can be used to send logs to the cloud environment. Some popular ones are:
AWS CloudWatch Logs: A service provided by AWS that can collect, monitor, and store log data from various sources.
AWS Elastic Beanstalk: A platform-as-a-service (PaaS) that can automatically collect and aggregate logs from applications running on it.
AWS Lambda: A serverless computing service that can be used to run scripts to collect and process logs.
Fluentd: An open-source data collector that can collect, parse, and forward log data to different destinations, including cloud services.
Logstash: An open-source tool that can collect, parse, and transform log data before forwarding it to a destination, such as a cloud service.
03. What are IAM Roles? How do you create /manage them?
AWS Identity and Access Management (IAM) Roles are a secure way to grant permissions to entities that you trust. IAM roles are similar to users, but instead of being associated with a specific person, they are associated with an AWS service or resource, or an external identity such as an application running outside of AWS.
To create an IAM role, you can follow these steps:
Sign in to the AWS Management Console and open the IAM console.
In the navigation pane, choose “Roles”, and then choose “Create role”.
Choose the type of trusted entity that you want to give access to your AWS resources. For example, you can choose AWS service, another AWS account, or a web identity provider.
Depending on the trusted entity type you choose, select the appropriate policy to define the permissions for the role.
Give the role a name and description.
Review the role details and choose “Create role” to create the role.
To manage IAM roles, you can use the IAM console, CLI, or API. In the IAM console, you can manage roles by editing their policies, adding or removing trusted entities, and viewing role usage. You can also use AWS CloudFormation or AWS CloudTrail to manage and audit your IAM roles. Additionally, IAM roles can be managed programmatically using the AWS SDKs or APIs.
04. How to upgrade or downgrade a system with zero downtime?
To upgrade or downgrade a system with zero downtime, you can use the following steps:
Set up a load balancer in front of your system.
Deploy the new version of your system to a new set of servers.
Add the new servers to the load balancer and verify that they are healthy.
Remove the old servers from the load balancer.
Monitor the system to ensure that everything is running smoothly.
By following this process, you can ensure that your system remains available throughout the upgrade or downgrade process.
05. What is infrastructure as code and how do you use it?
Infrastructure as code (IaC) is the process of managing and provisioning computing infrastructure through machine-readable definition files instead of physical hardware configuration or interactive configuration tools. It allows for the automated provisioning, management, and deployment of infrastructure resources.
To use IaC, you typically use a tool or framework such as AWS CloudFormation or Terraform to define the desired infrastructure in a code file. This code is then checked into version control and used to automate the creation and management of the infrastructure. Changes to the infrastructure are made by updating the code, which can then be tested and deployed with the same automation. This helps to ensure consistency and reduces errors that can occur with manual configuration.
06. What is a load balancer? Give scenarios of each kind of balancer based on your experience.
A load balancer is a device or service that distributes network traffic across multiple servers to prevent any one server from becoming overwhelmed. There are three main types of load balancers:
Application Load Balancers (ALBs) distribute traffic based on content at the application layer (HTTP/HTTPS).
Network Load Balancers (NLBs) distribute traffic at the transport layer (TCP/UDP).
Classic Load Balancers (CLBs) distribute traffic across multiple EC2 instances and can be used with both HTTP and HTTPS protocols.
In my experience, I have used ALB to distribute traffic across multiple servers hosting a web application. I have also used NLB to distribute traffic across multiple servers hosting a backend service, where low latency and high throughput were critical.
07. What is CloudFormation and why is it used for?
CloudFormation is a service provided by AWS that allows you to create and manage AWS infrastructure as code. It allows you to create templates in either JSON or YAML format, which describe the AWS resources you want to create, configure, and connect to each other.
CloudFormation is used to automate the deployment of AWS infrastructure, making it faster and more efficient. It also enables you to version control your infrastructure and apply changes in a controlled and repeatable manner. Additionally, it provides a consistent and standardized way to deploy infrastructure, which reduces the chance of configuration errors and ensures that resources are created in a consistent state.
08. Difference between AWS CloudFormation and AWS Elastic Beanstalk?
AWS CloudFormation and AWS Elastic Beanstalk are both services provided by AWS, but they serve different purposes:
AWS CloudFormation is an Infrastructure as Code (IaC) service that allows you to define and provision AWS infrastructure and resources using a template. It is used to manage infrastructure resources such as EC2 instances, S3 buckets, and RDS databases.
AWS Elastic Beanstalk, on the other hand, is a Platform as a Service (PaaS) that simplifies the deployment and management of web applications. It abstracts away the underlying infrastructure and allows developers to focus on writing code. Elastic Beanstalk automatically provisions and deploys the necessary resources like EC2 instances, load balancers, and databases.
In summary, CloudFormation is used for infrastructure management and automation, while Elastic Beanstalk is used for application deployment and management.
09. What are the kinds of security attacks that can occur on the cloud? And how can we minimize them?
The kinds of security attacks that can occur on the cloud include DDoS attacks, phishing attacks, data breaches, and insider attacks. To minimize them, it is important to use strong authentication methods, implement proper access control and monitoring, encrypt data, keep systems up to date with security patches, and regularly conduct security audits and training for employees.
10. Can we recover the EC2 instance when we have lost the key?
Yes, it is possible to recover an EC2 instance when you have lost the key. You can create a new key pair and then use it to connect to the instance. Alternatively, you can also use other authentication methods such as user name and password, or even IAM roles to access the instance. However, if you have encrypted the root volume of the instance using the lost key pair, you will not be able to recover the data on that volume.
11. What is a gateway?
A gateway refers to a network component that acts as an entry or exit point for traffic entering or leaving a cloud environment. It serves as a bridge between different networks or systems and enables communication and data transfer between them. Gateways can be used for various purposes, such as security, monitoring, load balancing, and routing. Examples of cloud gateways include API gateways, database gateways, and messaging gateways.
12. What is the difference between the Amazon Rds, Dynamodb, and Redshift?
Amazon RDS: Relational database service that allows you to set up, operate, and scale a relational database in the cloud easily.
DynamoDB: Fully-managed NoSQL database that provides fast and predictable performance with seamless scalability.
Redshift: Data warehousing service that provides fast querying and analysis of data using SQL and business intelligence tools.
13. Do you prefer to host a website on S3? What’s the reason if your answer is either yes or no?
Yes, it can be a good option to host a website on S3. Hosting a website on S3 is a cost-effective solution for static websites that don’t require server-side processing. S3 is a reliable and scalable storage service that offers high availability and durability.
However, hosting a dynamic website with server-side processing on S3 is not recommended as it lacks the necessary compute resources and scalability to handle such websites. In such cases, it’s better to use other AWS services like EC2 or Elastic Beanstalk.