AWS Interview Questions and Answers: Part 1

Q) What is Cloud Computing?
Cloud Computing is the on-demand delivery of computing power, database storage, applications, and other IT service through a cloud services platform with pay-as-you-go pricing. You can provision exactly the right type and size of computing resources you need. You can access as many resources as you need almost instantly.
Cloud Computing is a simple way to access server, storage, databases, and a set of application services.

Q)What is Amazon EC2?

Amazon Elastic Compute Cloud (EC2) provides scalable (resizable) computing capacity in the Amazon Web Services (AWS) cloud. Using Amazon EC2 you can launch as many virtual servers as you need and configure security, networking, and also manage storage.

Q) What is the EC2 Instance?
An EC2 instance is a virtual server in Amazon’s Elastic Compute Cloud (EC2) for running applications on Amazon Web Service (AWS) infrastructure.

Q) Features of EC2?
1. Virtual computing environment known as instances
2. Preconfigured templates for your instances known as Amazon Machine Images (AMI).
3. Various configurations of CPU, Memory, Storage, and networking capacity is known instance types.
4. Secure login information for your instances using the key pair.
5. Storage volumes for temporary data that are deleted when you stop or terminate the instances known as instance store volume.
6. Persistent storage volume for your data using Amazon Elastic Block Store (EBS) known as Amazon EBS volume.
7. Multiple physical locations for your resources such as instances and Amazon EBS volumes known as regions and Availability zones.
8. A Firewall that enables you to specify the protocol, ports, and sources IP ranges that can reach your instances using security groups.
9. Static IP addresses for dynamic cloud computing knows as Elastic IP Addresses.
10. Metadata i.e. tags that you can create and assign to your Amazon EC2 resources.
11. Virtual networks you can create that are logically isolated from the rest of the AWS cloud and that you can optionally connect to your own network know as Virtual Private Cloud (VPC)

Q) What is AMI?
It’s a template that provides information (an operating system, an application server, and applications) required to launch an instance, which is a copy of AMI running as a virtual server in the AWS cloud.
An AMI includes the following:
1. A template for the root volume for instance (an operating system, an application server, and applications)
2. Launch permission that controls which AWS accounts can use the AMI to launch the instances.
3. A block device mapping that specifies the volumes attached to the instance when it is launched.

Q) Types of AMI?
You can select an AMI to use based on the following characters.
1. Regions and availability zones.
2. Operating Systems
3. Architecture (32-bit or 64-bit)
4. Launch permission     
5. Storage for root device

Q) What is an instance type?
When you launch an instance, the instance type that you specify determines the hardware of the host computer used for your instance.
Each instance type offers different compute, memory, and storage capabilities and are grouped into instance families based on these capabilities.

Q) Types of EC2 Instances?

1. General Purpose


2. Compute Optimized


3. Memory Optimized


4. Storage Optimized


5. Accelerated Computing

Q) What is VPC?

Amazon Virtual Private Cloud (VPC) enables you to launch Amazon Web Services (AWS) Resources into the virtual network that you have defined.
A Virtual Private Cloud (VPC) is a virtual network dedicated to your AWS account.
It is logically isolated from other virtual networks in the AWS cloud. You can launch AWS resources such as Amazon EC2 instances into your VPC.
You can configure your VPC; you can select its IP address range, create subnets, and configure route tables, network gateways, and security settings.

Q) Difference between Default and Non-Default VPC in AWS Cloud?
The primary difference between Default and Non-Default VPC is that Default VPC is created by AWS for you when you create a new account, whereas any VPC created by you is called Non-Default VPC.
Default VPC comes with the following pre-configured settings i.e. when AWS creates a default VPC, they do the following settings                  
i. Create a default subnet in each availability zone.
ii. Create an internet gateway and connect it to your default VPC.
iii. Create the main route table and send all the internet traffic from default VPC through an internet gateway.
iv. Create a default security group and associate it with your default VPC.
v. Create a default ACL’s and associate it with your default VPC
vi. Associate default DHCP option set with your default VPC.
Instances that you launch into default subnets will receive both private IP address and public IP address and also receive both private and public DNS hostnames.
Instances that you launch into non-default subnets will not receive a public IP address and DNS hostname.

Q) What is Security group?
A Security group act as a virtual firewall for your instance to control inbound and outbound traffic. When you launch an instance in a VPC, you can assign an instance to up to five security groups.
Security groups act at the instance level, not the subnet level. Therefore each instance in a subnet in your VPC could be assigned to a different set of security groups.
If you don’t specify a particular group at launch time, the instance is automatically assigned to the default security group for the VPC.
For each security group, you add rules that control the inbound traffic to instances and a separate set of rules that control the outbound traffic.

Q) Basic Characteristics of Security group for VPC.
i. You can create up to 500 security groups per VPC. You can add up to 50 inbound and outbound rules to each security group. You can associate up to 5 security groups per network interface.
ii. You can specify allow rules, but not deny rules.
iii. You can specify separate rules for inbound and outbound traffic.
iv. By default, no inbound traffic is allowed until you add inbound rules to the security groups.
v. By default, an outbound rule allows all outbound traffic. You can remove the rule and add outbound rules that allow specific outbound traffic only.
vi. Security groups are stateful means the responses to allowed inbound traffic are allowed to flow outbound regardless of outbound rules and vice versa.
vii. Instances associated with security groups can’t talk to each other unless you add rules allowing it.
Viii. Security groups are associated with network interfaces. After you launch an instance, you can change the security group associated with the instance, which changes the security group’s associated with a primary network interface (eth0).
You can also change the security group associated with any other network interface.

Q) What is Network Access Control List (NACL)?
Network Access Control List (NACL) is an optional layer of security for your VPC that acts as a firewall to control traffic in and out of one or more subnets.
Default VPC comes with modifiable default network ACL, by default it allows all inbound and outbound traffic (IPv4/IPv6).
You can create a custom network ACL and associate it with the subnet. By default, custom ACL denies all the inbound and outbound traffic until you add the rules.
Each subnet in your VPC must be associated with a network ACL. If you don't explicitly associate a subnet with a network ACL, the subnet is automatically associated with the default network ACL.
You can associate a network ACL with multiple subnets; however, a subnet can be associated with only one network ACL at a time. 
Network ACL contains a numbered list of rules which are evaluated in order from lowest to determine whether traffic is allowed in or out of any subnet associated with the network ACL. 
A network ACL has separate inbound and outbound rules, and each rule can either allow or deny traffic.
Network ACLs are stateless; responses to allowed inbound traffic are subject to the rules for outbound traffic (and vice versa).

Reference Link: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html

Q) What is S3?
Amazon S3 is storage for the internet. A Simple Storage Service that offers software developers a high-scalable, reliable and low-latency data storage infrastructure at very low costs. It is designed to make web-scale computing easier for developers.
Amazon S3 provides a web service interface that you can use to store and retrieve any amount of data, at any time, from anywhere on the web.
Using this web service, developers can easily build applications that make use of internet storage.

Q) Amazon EBS Volume?
Amazon Elastic Block Store (Amazon EBS) provides the block-level storage volume for use with Amazon EC2 Instances. EBS volumes are highly available and reliable storage volumes that can be attached to any running instance that is in the same availability zone.
Amazon EBS is recommended when data must be quickly accessible and requires long-term persistence. EBS volumes particularly well suited for use as the primary storage for the file systems, databases, or any applications that require fine granular updates and access to raw, unformatted, and block-level storage.
Amazon EBS is well suited to both database-style applications that rely on random reads and writes and to the throughput-intensive application that performs long, continuous read and writes.
Amazon EBS provides the following volume type:
1. General purpose SSD (gp2,gp3) Volume size: 1GiB to 16TiB
2. Provisioned IOPS SSD (io1,io2,io2 block express) Volume size: 4GiB to 16TiB
3. Throughput Optimized HDD (st1) 125GiB to 16TiB
4. Cold HDD (sc1) Volume size: 125GiB to 16TiB
5. Magnetic (standard) Volume size: 1GiB to 1TiB


Q) Instance store volume?
An Instance store provides temporary block-level storage for your instance. This storage is located on disks that are physically attached to the host computer. Instance store is ideal for the temporary storage of information that changes frequently, such as buffers, cache, scratch data, and other temporary content or for the data that is replicated across a fleet of instances, such as a load-balanced pool of web servers.
The data on an instance store volume persists only during the life of the associated Amazon EC2 instance; if you stop or terminate an instance, any data on instance store volumes is lost.

Q) What is IaaS?
Cloud Infrastructure Service, known as Infrastructure as a Service. IaaS model provides computing infrastructure including servers, storage, networking, and networking services (eg firewall).
IaaS provider offers these cloud servers and their associated resources via dashboard and/or API. IaaS clients have direct access to their servers and storage, just as they would with traditional servers but gain access to a much higher order of scalability. Users of IaaS can outsource and build a “virtual data center” in the cloud and have access to many of the same technologies and resource capabilities of a traditional data center without having to invest in capacity planning or the physical maintenance and management of it.

Examples: Amazon EC2, Windows Azure, Rackspace, Google Compute Engine.

Q) What is PaaS?
Cloud Platform Service or Platform as a Service provides the platform on which software can be developed or deployed. It provides you with computing platforms that typically include an operating system, programming language execution environment, database, web server, etc.

Examples: AWS Elastic Beanstalk, Google App Engine, Apache Stratos.

Q) What is SaaS?
Cloud application services, or Software as a Service (SaaS), is the most popular and known form of cloud service for consumers. SaaS moves the task of managing software and its deployment to third-party services.
In the IaaS model, you are provided with access to application software’s often referred to as on-demand software.
The use of SaaS applications tends to reduce the cost of software ownership by removing the need for technical staff to manage install, manage, and upgrade software, as well as reduce the cost of licensing software.

Examples: Google Apps, Netflix, WebEx, GoToMeeting, and DropBox, Microsoft Office 365.

Q) Regions and Availability zones?
Amazon EC2 is hosted in multiple locations worldwide. These locations are composed of regions and availability zones. Each region is a separate geographic area. Each region has multiple, isolated locations known as Availability zones. Amazon EC2 provides you the ability to place the resources, such as instances and data in multiple locations.
Each region is completely independent. Each availability zone is isolated, but the availability zones in a region are connected through a low-latency link.
Amazon EC2 resources are either global, tied to a region, or tied to an Availability Zone.

Availability zone:
Availability zones are effectively different data centers located within the regions. Each availability zone is completely independent of others which enables them to reside in different areas within the same region providing a level of business continuity in the event of a disaster.
All the Availability zones within the same regions are linked by extremely low latency links providing high availability features for many AWS services such as S3, RDS, etc. to communicate with each other.

Q) What is Edge Location?
A site that CloudFront uses to cache copies of your content for faster delivery to users at any location.
Edge locations are used in conjunction with the AWS CloudFront service which is a global Content Delivery Network service. Edge locations are deployed across the world in multiple locations to reduce the latency for the traffic served over the CDN and as a result, are usually located in highly populated areas.

Q) What is shared instance?
i. Shared instances are Amazon EC2 instances that are running on hardware that is not dedicated to a single AWS account i.e. different instances from different AWS account sharing the same physical host.
ii. In case of stop and start of instances, the underlying hardware (i.e. host) would change

Q) What is dedicated instance?
i. Dedicated instances are Amazon EC2 instances that run in Virtual Private Cloud (VPC) on hardware that is dedicated to a single customer.
ii. Your dedicated instances are physically isolated at the host hardware level from the instances that belong to other AWS account.
iii. Dedicated instances may share hardware with other instances from the same AWS account that is not dedicated instances.
iv. In case of stop and start of instances, the underlying hardware (i.e. host) would change.

Q) What is a Dedicated Host?
i. An Amazon EC2 Dedicated Host is a physical server with EC2 instance capacity fully dedicated to your use. You can use Dedicated Hosts to launch Amazon EC2 instances on physical servers that are dedicated for your use.
ii. Dedicated Hosts give you additional visibility and control over how instances are placed on a physical server.
iii. In case of stop and start of instances, the underlying hardware will not change.

Q) How ENI is attached to an Instance?

Ø  Hot Attach : ENI can be attached to an instance when it’s running.

Ø  Warm Attach:  ENI can be attached to an instance when it’s stopped.

Ø  Cold Attach : ENI can be attached to an instance when it is being launched.



Go for Part 2, 3 and 4 of AWS Interview Question and Answer Series


Part 2 : AWS Interview QnA Part 2

Part 3 : AWS Interview QnA Part 3

Part 4 : AWS Interview QnA Part 4

3 comments: