AWS Interview Questions

• IAM User: Represents a person/service with long-term credentials (username/password, access keys).
• IAM Role: A set of permissions that can be assumed by users, services, or other AWS accounts. Temporary credentials are issued.

Use Bucket Policies and IAM policies.Enable S3 Block Public Access.Enable server-side encryption (SSE).Use Access Analyzer for S3.Enable logging and versioning.

• ALB (Application Load Balancer): Layer 7, path-based routing, ideal for HTTP/S.
• NLB (Network Load Balancer): Layer 4, extreme performance, static IP.
• CLB (Classic Load Balancer): Legacy, both Layer 4 and 7, not recommended for new apps.

IaC tools like Terraform, AWS CloudFormation, or CDK.

Use CI/CD tools like CodePipeline or GitHub Actions for deployment.

Example :

resource "aws_instance" "web" {   
     ami           = "ami-0abcdef1234567890"   
     instance_type = "t2.micro" 
} 

• Public IP: Auto-assigned to EC2; changes when stopped.
• Elastic IP: Static, can be remapped, chargeable when not attached.
• Private IP: Internal VPC communication.

Auto Scaling Group (ASG): Monitors instances and scales in/out based on CloudWatch alarms, target tracking, or scheduled actions.

• Pending → Running → Stopping → Stopped → Terminated
• Use lifecycle hooks to run custom scripts (e.g., install agents) during transitions.

Check target health and response time metrics.

Inspect ALB logs (enable access logging).

Review CloudWatch metrics for spikes.

Look for slow backend apps or unhealthy targets.

• SNS: Pub/Sub model; sends messages to multiple subscribers.
• SQS: Queue system; messages are stored until consumed by a single consumer.

Separate public and private subnets.

Use NAT Gateway for internet access from private subnets.

Design for high availability (multiple AZs).

Use route tables, NACLs, and security groups properly.

• Use AWS Secrets Manager or SSM Parameter Store (SecureString).
• Avoid storing secrets in code.
• Rotate secrets periodically and control access via IAM.

• AWS is responsible for: Security of the cloud (hardware, infra, global network).
• You are responsible for: Security in the cloud (data, IAM, app-level configs).

• Use Multi-AZ and Multi-Region deployments.
• Implement health checks and auto-healing.
• Use services like Route 53, ELB, Auto Scaling, and S3 Cross-Region Replication.

• EBS: Block storage for EC2, single instance mount.
• EFS: Scalable file system, accessible from multiple instances.

• Amazon CloudWatch (metrics, logs, dashboards).
• AWS X-Ray (tracing).
• Set up alarms and notifications.
• Use CloudTrail for auditing API activity.

• Source: GitHub
• Build: CodeBuild
• Deploy: CodeDeploy or ECS
• Orchestrate via CodePipeline

Example: Push code → trigger build → run tests → deploy to staging → manual approval → deploy to prod.

Cold start: Initial latency when function is invoked after being idle.

Reduce using:

• Provisioned Concurrency
• Smaller packages
• Language optimizations (e.g., Python faster than Java)

• Use IAM roles with sts:AssumeRole.
• Allow access via resource-based policies.

Example: Developer from Account A assumes role in Account B using trusted relationship.

• Use AWS Cost Explorer and budgets.
• Right-size EC2 instances.
• Use Savings Plans or Reserved Instances.
• Turn off unused resources.
• Use S3 lifecycle policies and spot instances.

• ECS: AWS-managed container orchestration.
• EKS: Managed Kubernetes.
• Use ECS for simpler, AWS-native workloads; EKS for portability and Kubernetes ecosystem.