Table of contents
- INTERVIEW QUESTIONS:
- 1.Name 5 aws services you have used and what's the use cases?
- 2)What are the tools used to send logs to the cloud environment?
- 3)What are IAM Roles? How do you create /manage them?
- 4)How to upgrade or downgrade a system with zero downtime?
- 5)Define and explain the three basic types of cloud services and the AWS products that are built based on them?
- 6)What is the relation between the Availability Zone and Region?
- 7)What are the Storage Classes available in Amazon S3?
- 8)What is infrastructure as code and how do you use it?
- 9)What is a load balancer? Give scenarios of each kind of balancer based on your experience.
- 10)What is CloudFormation and why is it used for?
- Uses Cases:
- 11)Difference between AWS CloudFormation and AWS Elastic Beanstalk?
- 12)What are the kinds of security attacks that can occur on the cloud? And how can we minimize them?
- 13)Can we recover the EC2 instance when we have lost the key?
- 14)What is a gateway?
- 15) What are the different types of Instances?
- 16)What is the difference between the Amazon Rds, Dynamodb, and Redshift?
- 17)Do you prefer to host a website on S3? What's the reason if your answer is either yes or no?
- 18. Is there a way to upload a file that is greater than 100 Megabytes in Amazon S3?
- 19**) Mention what the key components of AWS are?**
- 20**) What are key-pairs in AWS?**
- 21) What is VPC?
- 22) Explain snowball
- 23) What is meant by subnet?
- 24) Can you establish a Peering connection to a VPC in a different region?
- 25) How many subnets can you have per VPC?
- 26) DNS and Load Balancer service comes under which type of cloud service?
- 27) What is the role of AWS CloudTrail?
- 28) When was EC2 officially launched?
- 29) What is SimpleDB?
- 30) Explain Amazon ElasticCache
- 31) What is AWS Lambda?
- 32) Name the types of AMI provided by AWS
- 33) Name the AWS service that exists only to redundantly cache data and images?
- 34) What is Amazon CloudFront?
- 35)What is AWS Lambda?
- Thank you for reading!! Hope you find this helpful.
- #day49challenge#90daysofdevops
- Always open for suggestions..!!
- Thankyou Shubham Londhe !!
INTERVIEW QUESTIONS:
Name 5 aws services you have used and what's the use cases?
What are the tools used to send logs to the cloud environment?
What are IAM Roles? How do you create /manage them?
How to upgrade or downgrade a system with zero downtime?
What is infrastructure as code and how do you use it?
What is a load balancer? Give scenarios of each kind of balancer based on your experience.
What is CloudFormation and why is it used for?
Difference between AWS CloudFormation and AWS Elastic Beanstalk?
What are the kinds of security attacks that can occur on the cloud? And how can we minimize them?
Can we recover the EC2 instance when we have lost the key?
What is a gateway?
What is the difference between the Amazon Rds, Dynamodb, and Redshift?
Do you prefer to host a website on S3? What's the reason if your answer is either yes or no?
Let's share your answer on LinkedIn in best possible way thinking you are in a interview table. Happy Learning !! :)
1.Name 5 aws services you have used and what's the use cases?
Amazon EC2
Businesses no longer worry about looking for money to put into expensive physical services. Instead, they can use Amazon EC2 to create virtual machines and manage critical server functions such as storage and security. This service allows them to spend more time working on their projects instead of server maintenance, making Amazon EC2 the fastest growing and most popular service.
Amazon RDS
Amazon Relational Database Service (RDS) helps make organizational infrastructure user-friendly. The service eases the creation of dedicated database instances. Plus, you can use the instances to support several database engines, such as PostgreSQL, SQL, and SQL Server.
Amazon Simple Storage Service
Amazon Simple Storage Service (S3) provides businesses with storage to handle an increasing amount of big data. The service provides a highly redundant and secure file storage solution in one of three data centers in each region. Included integrations with Amazon S3 offer multiple ways to prevent breaches, for example, through PCI-DSS.
Amazon VPC
This service is suitable for businesses ready to isolate their entire IT infrastructure from exposure. It works by creating a private virtual network, which is only accessible to authorized individuals and systems. Some additional security features include network access control lists and security groups. For extra security, organizations can have dedicated instances created which isolate them at the hardware level from their otherAWSaccounts.
AWS Autoscaling
Businesses seeking growth need to make sure their IT infrastructure can provide the required support. ThroughAWSAutoscaling, organizations can easily manage server fleets and incoming traffic. Businesses can create several instances when required. AWS Autoscaling ensures predictive scaling and provisioning that ensures the right amount of resources available for EC2 instances ahead of seasonal spikes and other future traffic. Plus, machine learning algorithms can detect and adjust to daily and even weekly patterns.
2)What are the tools used to send logs to the cloud environment?
With AWS CloudTrail, you can monitor your AWS deployments in the cloud by getting a history of AWS API calls for your account, including API calls made via the AWS Management Console, the AWS SDKs, the command line tools, and higher-level AWS services. You can also identify which users and accounts called AWS APIs for services that support CloudTrail, the source IP address the calls were made from, and when the calls occurred.
Amazon CloudWatch provides a reliable, scalable, and flexible monitoring solution that you can start using within minutes. You no longer need to set up, manage, and scale your monitoring systems and infrastructure.
Amazon GuardDuty is a threat detection service that continuously monitors malicious activity and unauthorized behaviour to protect your AWS accounts and workloads. Amazon GuardDuty exposes notifications via Amazon CloudWatch so you can trigger an automated response or notify a human
3)What are IAM Roles? How do you create /manage them?
Using AWS IAM roles services to administrate your AWS resources has never been easier to use.
IAM roles helps us to manage our root Amazon Web Services account and provide permissions to different groups or users and assign roles.
IAM--Create users/groups/roles and provide access according to user roles.policies can be attached as per requirements/
4)How to upgrade or downgrade a system with zero downtime?
Blue/Green Deployments:
A blue/green deployment is a deployment strategy in which you create two separate, but identical environments. One environment (blue) is running the current application version and one environment (green) is running the new application version. Using a blue/green deployment strategy increases application availability and reduces deployment risk by simplifying the rollback process if a deployment fails. Once testing has been completed on the green environment, live application traffic is directed to the green environment and the blue environment is deprecated.
Rolling Deployment - A rolling deployment strategy slowly replaces previous versions of an application with new versions by entirely switching out the environment in which the application is running. For example, containers running new versions of an application may take the place of containers running previous versions of an application.
Canary Deployment - To avoid risk, a canary deployment uses a phased approach in which traffic is shifted in increments. With the aid of a router or load balancer, new application code is released to a small group of users so it can be tested. Metrics measure the success of the new iteration.
Once the new version of the application has been accepted, it can be rolled out to the rest of the environment gradually by loading more users. If the new version of the application needs more work, it can be rolled back. Deploying the application slowly prevents the risk of delivering a new version that may negatively impact the workload.
5)Define and explain the three basic types of cloud services and the AWS products that are built based on them?
The three basic types of cloud services are:
Computing Storage Networking
Here are some of the AWS products that are built based on the three cloud service types:
Computing - These include EC2, Elastic Beanstalk, Lambda, Auto-Scaling, and Lightsat.
Storage - These include S3, Glacier, Elastic Block Storage, Elastic File System.
Networking - These include VPC, Amazon CloudFront, Route53
6)What is the relation between the Availability Zone and Region?
AWS regions are separate geographical areas, like the US-West 1 (North California) and Asia South (Mumbai). On the other hand, availability zones are the areas that are present inside the regions. These are generally isolated zones that can replicate themselves whenever required.
7)What are the Storage Classes available in Amazon S3?
Storage Classes available with Amazon S3 are:
Amazon S3 Standard
Amazon S3 Standard-Infrequent Access
Amazon S3 Reduced Redundancy Storage
Amazon Glacier.
8)What is infrastructure as code and how do you use it?
Infrastructure as Code (IaC) is a combination of standards, practices, tools, and processes to provision, configure, and manage computer infrastructure using code and other machine-readable files.i.e.can say services can be created by through programming way or code.
How it works:
Developers write the infrastructure specification in a domain-specific language.
The resulting files are sent to a master server, a management API, or a code repository.
The platform takes all the necessary steps to create and configure the computer resources.
Examples of infrastructure-as-code tools include AWS CloudFormation, Red Hat Ansible, Chef, Puppet, SaltStack and HashiCorp Terraform.
9)What is a load balancer? Give scenarios of each kind of balancer based on your experience.
Load balancing refers to efficiently distributing incoming network traffic across a group of backend servers, also known as a server farm or server pool.
Modern high‑traffic websites must serve hundreds of thousands, if not millions, of concurrent requests from users or clients and return the correct text, images, video, or application data, all in a fast and reliable manner. To cost‑effectively scale to meet these high volumes, modern computing best practice generally requires adding more servers.
In this manner, a load balancer performs the following functions:
Distributes client requests or network load efficiently across multiple servers
Ensures high availability and reliability by sending requests only to servers that are online
Provides the flexibility to add or subtract servers as demand dictates
Load Balancing Algorithms
Different load balancing algorithms provide different benefits; the choice of load balancing method depends on your needs:
Round Robin – Requests are distributed across the group of servers sequentially.
Least Connections – A new request is sent to the server with the fewest current connections to clients. The relative computing capacity of each server is factored into determining which one has the least connections.
Least Time – Sends requests to the server selected by a formula that combines the
fastest response time and fewest active connections. Exclusive to NGINX Plus.Hash – Distributes requests based on a key you define, such as the client IP address or
the request URL. NGINX Plus can optionally apply a consistent hash to minimize redistribution
of loads if the set of upstream servers changes.IP Hash – The IP address of the client is used to determine which server receives the request.
Random with Two Choices – Picks two servers at random and sends the request to the
one that is selected by then applying the Least Connections algorithm (or for NGINX Plus
the Least Time algorithm, if so configured).
4 Types of load balancer in AWS
Classic Load Balancer
Application Load Balancer
Network Load Balancer
Gateway Load Balancer
Classic Load Balancer
The Load Balancer which balances the traffic across multiple instances in multiple availability zones is called a Classic Load Balancer.
It supports both EC2 Classic EC2-VPC and Increases the availability of your application by sending traffic to healthy Instance.
Supports HTTP, HTTPS, TCP, and SSL listeners and supports sticky sessions using application-generated cookies.
To make ensure that your registered instances are able to handle the request load In each AZ, keep approximately the same number of instances In each AZ registered with the load balancer.
Network Load balancer
Network Load Balancer handles sudden and violates traffic across the EC2 Instances in order to avoid any latency.
Connection baseload Balancing and it supports TCP protocol.
Ability to handle volatile workloads and scale to millions of requests per second.
Support for static IP addresses for the load balancer. or assign one Elastic IP address per subnet enabled for the load balancer.
Cross-zone load balancing is disabled by default
If you specify targets using an instance ID, the source IP addresses of the clients are preserved and provided to your applications. If you specify targets by IP address, the source IP addresses are the private IP addresses of the load balancer nodes.
Network Load Balancers support connections from clients over inter-region VPC peering. AWS managed VPN, and third-party VPN solutions.
Application Load balancer
The Load Balancer that distributes the traffic to appropriate target groups on the basis of content is called Application Load Balancer.
New feature-rich, layer 7 load balancing platform.
Supports web sockets, HTTP, HTTPS, and microservices and container-based applications, including deep integration with EC2 container service.
Support for path-based and host-based routing. Also, provide routing requests to multiple applications on a single EC2 instance.
Cross-Zone load balancing is always enabled and you can also specify Lambda functions are targeted to serve HTTP(S) requests.
Supports load balancer-generated cookies only for sticky sessions.
Gateway Load Balancer
It makes it easy to deploy, scale, and manage your third-party virtual appliances.
Provide you one gateway for distributing traffic across multiple virtual appliances, while scaling them up, or down, based on demand.
It eliminates potential points of failure in your network and increases availability.
Users can find, test, and buy virtual appliances from third-party vendors directly in AWS Marketplace.
This integrated experience streamlines the deployment process, so users can see value from your virtual appliances more quickly—whether you want to work with the same vendors you do today, or trying something new.
10)What is CloudFormation and why is it used for?
This is a service provided by AWS that helps you create and manage the resources so that you can spend less time managing those resources and more time focusing on your applications that run in AWS. You just have to create a template which describes all the resources you require, then AWS Cloudformation will take care of managing and provisioning all the resources. AWS provides a Cloudformation designer for designing the template wherein you can put all the resources. You can also define the dependencies of all the resources that are needed. You can also reuse your templates to replicate your infrastructure in multiple environments and regions.
Uses Cases:
AWS CloudFormation automates best practices for the business. As a result, it applies both broadly adopted processes, DevOps and GitOps.
It allows developers to simplify auditing alternatives that help trigger automated deployments.
CloudFormation helps scale the infrastructure globally. It allows users to manage and scale resources across the organization.
It helps meet safety, compliance, and configuration standards throughout the organization, AWS accounts, and regions.
AWS CloudFormation can easily be integrated with other AWS services. Therefore, further automating and managing resources across the organization.
It also manages, provisions, and models third-party and private resources. AWS provides businesses to use an open-source CloudFormation CLI to build resource providers for native cases.
AWS CloudFormation provides open-source projects to enhance its capabilities. It caters to a global community that uses CloudFormation GitHub projects to create resources safely and systematically.
11)Difference between AWS CloudFormation and AWS Elastic Beanstalk?
AWS Elastic Beanstalk is an easy-to-use service for deploying and scaling web applications and services developed with a variety of languages. AWS CloudFormation provides a common language for you to describe and provision all the infrastructure resources in your cloud environment, think Infrastructure As Code (IAC).
Elastic Beanstalk, you don’t need a lot of cloud experience to get started. You can focus on your application and let AWS handle the infrastructure management for you.
CloudFormation, you’re more experienced with how AWS works and you manage your VPCs, SGs, ELBs, EC2 instances, etc through IAC. With CloudFormation, it’s focused primarily on the infrastructure and not so much on the app.
12)What are the kinds of security attacks that can occur on the cloud? And how can we minimize them?
1. Unauthorized Access to Data
Tips to prevent Poor Access Management
Develop a data governance framework for all user accounts. All user accounts should be connected directly to the central directory services like Active Directory that can monitor and revoke access privileges.
You can use third-party security tools to regularly pull lists of users, privileges, groups, and roles from cloud service environments. Then your security team can sort and analyze it.
You should also keep logging and event monitoring mechanisms in place to detect unauthorized changes and unusual activity.
2. Distributed Denial of Service (DDoS) Attacks
Tips to tackle DDoS attacks in the cloud
Have an excess of bandwidth on your enterprise’s internet connection. The more bandwidth you have, the more hackers must do to flood its connection.
Discover vulnerabilities in your system – scan your network and system to determine vulnerabilities with web application scanning tools to find vulnerabilities, which can be exploited to execute DDoS attacks. Implement security controls to fix the detected security issues.
Keep a backup internet connection – a backup connection with a separate pool of IP addresses provides an alternate path in case the primary circuit is flooded with requests.
Configure WAF rules to filter out the malicious IPs – Configure your WAF firewall with custom rules to monitor and filter out traffic based on your requirements.
3. Cloud Misconfiguration
Tips to Overcome Cloud Misconfiguration Error
Get to know your Cloud – Learn all the services, settings, and permissions of your cloud services, and never forgot to leverage the benefits of integrated security features.
Modify credentials and permissions – thoroughly check the default credentials and set up multi-factor authentication to ensure an extra layer of security.
Regularly audit your cloud asset – Don’t assume that properly configured cloud settings will remain the same for a long time. Proper auditing and monitoring can help you to identify the sign of misconfigurations.
Choose the right security solutions – The best cloud security service providers like Indusface can provide a complete package of features, which includes security management, threat detection, and intrusion prevention.
4. Data Leaks and Data Breaches
Tips to avoid the risk of Data Leaks
Encrypt Data – Sensitive data should not be in your cloud environment without being encrypted.
Change Password – Store all your passwords in a safer place. Be smarter while you choose a password and increase the frequency in which they’ve changed.
Set Permissions – Not all employees need the same level of access to your sensitive files. Assign permissions based on a ‘need to know’ basis to prevent the wrong people from accessing.
Educate your staff – Train your staff to prevent them from inadvertently leaking sensitive information.
5. Insecure API
Best Practices for API security
Comprehensive authentication & authorization policies – APIs should be designed with tokens, signatures, quotas, encryption, API gateways, etc., to ensure API security.
Web Application Firewalls – applies web-based vulnerability exploit defense to APIs in the cloud
Choose standard API framework – relay only on APIs which are designed with security in mind. Examine its security aspects and decide whether it is secure enough to integrate 3rd party apps.
13)Can we recover the EC2 instance when we have lost the key?
If you've lost the key pair, you can create an AMI of the existing instance, and then launch a new instance. You can then select a new key pair by following the instance launch wizard.
14)What is a gateway?
A gateway is a node (router) in a computer network, a key stopping point for data on its way to or from other networks.
In a workplace, the gateway is the computer that routes traffic from a workstation to the outside network that is serving up the Web pages. For basic Internet connections at home, the gateway is the Internet Service Provider that gives you access to the entire Internet.
15) What are the different types of Instances?
Following are the types of instances:
Compute Optimized
Memory-Optimized
Storage Optimized
Accelerated Computing
General Purpose
16)What is the difference between the Amazon Rds, Dynamodb, and Redshift?
| Amazon RDS | Amazon Redshift | Amazon DynamoDB | Amazon SimpleDB |
Database engine | Amazon Aurora, MySQL, MariaDB, Oracle Database, SQL Server, PostgreSQL | Redshift (adapted PostgreSQL) | NoSQL | NoSQL (with limited capacity) |
Computing resources | Instances with 64 vCPU and 244 GB RAM | Nodes with vCPU and 244 GB RAM | Not specified, software as a service | Not specified, software as a service |
Data storage facilities (max) | 6 TB per instance, 20.000 IOPS | 16 TB per instance | Unlimited storage size, 40.000 Read/Write per table | 10 GB per domain, 25 Writes/Sec |
Maintenance Windows | 30 minutes per week | 30 minutes per week | No effect | No effect |
Multi-AZ replication | As an additional service | Manual | Built-in | Built-in |
Tables (per basic structural unit) | Defined by the database engine | 9.900 | 256 | 250 |
Main usage feature | Conventional database | Data warehouse | Database for dynamically modified data | Simple database for small records or auxiliary roles |
17)Do you prefer to host a website on S3? What's the reason if your answer is either yes or no?
Yes, if it is a static website. When deploying a new website or application, I want to know that it's always up and available to users while also requiring no attention or maintenance from me. If you want your website to work this way too, use static website hosting. Skip all the hassle of dealing with VPSs, OS updates, patches, certificate expiration, etc. If you are running a small business website or a blog, this should be a no-brainer. AWS S3 provides a super-easy way to deploy a static site that will virtually always be available, never crash, and requires no maintenance.
18. Is there a way to upload a file that is greater than 100 Megabytes in Amazon S3?
Yes, it is possible by using the Multipart Upload Utility from AWS. With the Multipart Upload Utility, larger files can be uploaded in multiple parts that are uploaded independently. You can also decrease upload time by uploading these parts in parallel. After the upload is done, the parts are merged into a single object or file to create the original file from which the parts were created.
19**) Mention what the key components of AWS are?**
The key components of AWS are
Route 53: A DNS web service
Simple E-mail Service: It allows sending e-mail using RESTFUL API call or via regular SMTP
Identity and Access Management: It provides enhanced security and identity management for your AWS account
Simple Storage Device or (S3): It is a storage device and the most widely used AWS service
Elastic Compute Cloud (EC2): It provides on-demand computing resources for hosting applications. It is handy in case of unpredictable workloads
Elastic Block Store (EBS): It offers persistent storage volumes that attach to EC2 to allow you to persist data past the lifespan of a single Amazon EC2 instance
CloudWatch: To monitor AWS resources, It allows administrators to view and collect keys. Also, one can set a notification alarm in case of trouble.
20**) What are key-pairs in AWS?**
Key-pairs are secure login information for your virtual machines. To connect to the instances, you can use key-pairs which contain a public-key and private-key.
21) What is VPC?
VPC stands for Virtual Private Cloud. It allows you to customize your networking configuration. It is a network which is logically isolated from another network in the cloud. It allows you to have your IP address range, internet gateways, subnet, and security groups.
22) Explain snowball
Snowball is a data transport option. It used source appliances to a large amount of data into and out of AWS. With the help of snowball, you can transfer a massive amount of data from one place to another. It helps you to reduce networking costs.
23) What is meant by subnet?
A large section of IP Addresses divided into chunks is known as subnets.
24) Can you establish a Peering connection to a VPC in a different region?
Yes, we can establish a peering connection to a VPC in a different region. It is called inter-region VPC peering connection.
25) How many subnets can you have per VPC?
You can have 200 subnets per VPC.
26) DNS and Load Balancer service comes under which type of cloud service?
DNS and Load Balancer and DNS services come under IAAS-storage cloud service.
27) What is the role of AWS CloudTrail?
CloudTrail is a specially designed tool for logging and tracking API calls. It helps to audit all S3 bucket accesses.
28) When was EC2 officially launched?
EC2 officially launched in the year 2006.
29) What is SimpleDB?
SimpleDB is a data repository of structure record which encourages data doubts and indexing both S3 and EC2are called SimpleDB.
30) Explain Amazon ElasticCache
Amazon Elasticcache is a web service which makes it easy to deploy, scale and store data in the cloud.
31) What is AWS Lambda?
Lambda is an Amazon compute service which allows you to run code in the AWS Cloud without managing servers.
32) Name the types of AMI provided by AWS
The types of AMI provided by AWS are:
Instance store backed
EBS backed
33) Name the AWS service that exists only to redundantly cache data and images?
AWS Edge locations are services that redundantly cache data and images.
34) What is Amazon CloudFront?
Amazon CloudFront is known as the Content Delivery Network (CDN) service. This service provides high security and performance and is a developer-friendly tool. Amazon CloudFront uses a global network with 310+ Points of Presence (PoPs) across the globe, which helps to reduce latency effectively. And this service uses automated mapping and intelligent routing mechanisms to reduce latency. Amazon CloudFront secures data by applying traffic encryption and controlling access to data.
35)What is AWS Lambda?
AWS Lambda is an event-driven, serverless computing platform provided by Amazon as a part of Amazon Web Services. Therefore you don’t need to worry about which AWS resources to launch, or how will you manage them. Instead, you need to put the code on Lambda, and it runs.
In AWS Lambda the code is executed based on the response of events in AWS services such as add/delete files in S3 bucket, HTTP request from Amazon API gateway, etc. However, Amazon Lambda can only be used to execute background tasks.
AWS Lambda function helps you to focus on your core product and business logic instead of managing operating system (OS) access control, OS patching, right-sizing, provisioning, scaling, etc.