AWS Interview Questions

300 AWS Interview Questions and Answers [2023]

If you’re looking for  Frequently asked AWS Interview Questions and Answers for Experienced or Freshers, you are in the right place.

There are a lot of opportunities from many reputed companies in the world.Get prepared for your AWS interview with these top questions and answers. Cloud Computing is going to be the future of IT and many other industries as well. AWS is the most commonly used cloud platform at present. Various companies have adopted AWS to build their infrastructure and store data. These 300 AWS Interview Questions and Answers will help you guaranteed success in your AWS Interview Questions!

AWS Interview Questions:

Q1. What is AWS?

Amazon Web Services (AWS) is a Comprehensive Cloud platform that offers more than 165 services such as database storage, content delivery, security infrastructure, etc., from data centers worldwide. The robust infrastructure and agility at low costs are important reasons for its adoption from startups to large scale enterprises.

Q2. What is Cloud Computing?

Cloud computing provides various features of a computer in a comprehensive platform via the internet. Cloud computing offers computing power, database, software, storage, applications, security, etc. at reduced costs and improves performance. With Cloud computing, huge investments in hardware and software are reduced drastically and pay only for the services utilized.

Q3. What are the main components of AWS?

The key components of AWS are:

  • Amazon EC2
  • Simple Storage Service (S3)
  • Amazon VPC 
  • AWS database like RDS, Redshift, DynamoDB etc
  • AWS Cloudfront 
  • Amazon Route 53 

Q4. What is EC2?

Amazon EC2 or Amazon Elastic Compute Cloud is a cloud service that enables secure and resizable compute capacity. It makes web-scale cloud computing simpler for developers.

Q5. What is S3?

S3 implies the Simple Storage Service. S3 refers to a storage service capable of storing volumes of data from anywhere around the globe. For utilising S3 one can pay only for the usage in the Pay-as-you-go model of payment. AWS Course helps students to clearly understand key components of AWS such as S3.

Q6. What is AWS Lambda?

AWS Lambda is a compute service that runs your code without managing servers. Lambda function runs your code whenever needed. You need to pay only when your code is running.

Q7. What is VPC?

Amazon VPC or Virtual Private Cloud is an Amazon service that enables AWS resources to be in a logically isolated virtual network.

Q8. What are Regions and Availability Zones in aws?

Regions: A region is a geographical area which consists of 2 or more availability zones. A region is a collection of data centers which are completely isolated from other regions.

Availability zones: An Availability zone is a data center that can be somewhere in the country or city. Data center can have multiple servers, switches, firewalls, load balancing. The things through which you can interact with the cloud reside inside the Data center.

Q9. What is SnowBall?

SnowBall is a small application that enables you to transfer terabytes of data inside and outside of the AWS environment.

Q10. What is CloudWatch?

CloudWatch helps you to monitor AWS environments like EC2, RDS Instances, and CPU utilization. It also triggers alarms depending on various metrics.

Q11. What is AMI?

AMI stands for Amazon Machine Image.  It’s a template that provides the information (an operating system, an application server, and applications) required to launch an instance, which is a copy of the AMI running as a virtual server in the cloud.  You can launch instances from as many different AMIs as you need.

Q12. Mention what the relationship between an instance and AMI is?

From a single AMI, you can launch multiple types of instances.  An instance type defines the hardware of the host computer used for your instance. Each instance type provides different computer and memory capabilities.  Once you launch an instance, it looks like a traditional host, and we can interact with it as we would with any compute.

Q13. What does an AMI include?

An AMI includes the following things

  • A template for the root volume for the instance
  • Launch permissions decide which AWS accounts can avail the AMI to launch instances
  • A block device mapping that determines the volumes to attach to the instance when it is launched

Q14. What is auto-scaling?

Auto-scaling is a function that allows you to provision and launch new instances whenever there is a demand. It allows you to automatically increase or decrease resource capacity in relation to the demand.

Q15. Is Amazon EC2 IaaS or PAAS?

AWS Elastic Compute Service or EC2 is IaaS(Infrastructure as a Service). This is due to the fact that Amazon manages networking, storage, server, and virtualization, while the user is responsible for managing the Operating System, middleware, runtime, data and application.

Q16. How are instances categorised in AWS EC2?

Instances are classified into three categories.

  1. On-Demand Instances
  2. Reserved Instances (RI)
  3. Spot instances

Q17. What is On-Demand Instances in AWS EC2?

In case of On-Demand, there are no long-term contracts. They bill you per hour for the compute capacity you use. Companies may scale up or down the capacity of their application based on demand, and they only pay for the hourly rate of the instance they select.

Q18. What is Reserved Instances (RI) in AWS EC2?

There is the ability to adjust operating system types and tenancy agreements in Reserved Instances. For EC2 instances, RI offers an optional capacity reservation. When the attributes of an EC2 instance’s usage match those of an active RI, AWS Billing applies discounted RI rates. If an Availability Zone (AZ) is defined, EC2 reserves capacity that matches the attributes of RI.

Q19. What is Spot instances in AWS EC2?

With the support of Spot Instances, one can increase the application’s compute capacity and throughput for the same budget, as well as allow new types of cloud computing applications by lowering the cost of the same. These instances allow you to bid on spare AWS EC2 computing capacity and, as a result, are often cheaper than On-Demand pricing.

Q20. List types of EC2 instances available in AWS?

The types of EC2 instances available in AWS are listed below:

  1. General-Purpose instances.
  2. Compute Optimized instances.
  3. Memory Optimized instances.
  4. Accelerated Computing instances.
  5. Storage Optimized instances

Q21. What is the Security Group In Amazon EC2 ?

Security Groups is a firewall on our EC2 instances and contains only allow groups. Security groups are locked down to regions or VPC.

Q22. Explain Elastic Block Storage?

Amazon Elastic Block Store (EBS) is an easy to use, high-performance, block-storage service designed for use with Amazon Elastic Compute Cloud (EC2) for both throughput and transaction intensive workloads at any scale. A broad range of workloads, such as relational and non-relational databases, enterprise applications, containerized applications, big data analytics engines, file systems, and media workflows are widely deployed on Amazon EBS.

Q23. What is EC2 User Data?

The EC2 User Data Script runs with the root user to bootstrap our instances. bootstrapping means launching commands when a machine starts. That script is only run once at the instance first start.

Q24. What is EC2 Connect?

EC2 connect is used to connect to your EC2 instance with browser. Port 22 needs to be open to access EC2 instance via EC2 connect

Q25. What are EC2 purchasing options?

1)On-Demand Instances – short workload, predictable pricing, pay by second. It has the highest cost but no upfront payment.

2)Reserved (1 & 3 years): Up to 72% discount compared to On-demand. You reserve a specific instance attributes (Instance Type, Region, Tenancy, OS)

3)Savings Plans (1 & 3 years) –commitment to an amount of usage, long workload. Commit to a certain type of usage ($10/hour for 1 or 3 years). Usage beyond EC2 Savings Plans is billed at the On-Demand price.

4)Spot Instances – short workloads, cheap, can lose instances (less reliable). Upto 90% discount. The MOST cost-efficient instances in AWS. Not suitable for critical jobs or databases,

5)Dedicated Hosts – book an entire physical server, control instance placement

6)Dedicated Instances – no other customers will share your hardware. The most expensive option, allows you address compliance requirements and use your existing server bound software licenses. Useful for software that have complicated licensing model or for companies that have strong regulatory or compliance needs.

7)Capacity Reservations – reserve capacity in a specific AZ for any duration. Combine with Regional Reserved Instances and Savings Plans to benefit from billing discounts.

Q26. What is EBS – Delete on Termination attribute?

 EBS – Delete on Termination attribute: If enabled, default EBS volume is lost and any other attached EBS volume is not deleted. 

Q27. What is EC2 Instance Store?

 EC2 Instance Store: If you need a high-performance hardware disk, use EC2 Instance Store. EC2 Instance Store has Better I/O performance and lose their storage if they’re stopped (ephemeral). Good for buffer / cache / scratch data / temporary content.

Q28. What is Elastic File System (EFS)?

 Elastic File System (EFS):  Managed NFS (network file system) that can be mounted on 100s of EC2. EFS works with Linux EC2 instances in multi-AZ. EFS is highly available, scalable, expensive (3x gp2), pay per use, no capacity planning. 

Q29. What Is Shared Ami ?

A shared AMI is an AMI that a developer created and made available for other developers to use.

Q30. What is Spot Fleet?

Spot fleet: set of spot instances + (optional) on demand instances. Allows us to automatically request spot instances with lowest price. 

Q31. What are EC2 Placement Groups and types? 

Placement Groups in AWS determines how instances are placed on underlying hardware

AWS now provides three types of placement groups

1) Cluster – clusters instances into a low-latency group in a single AZ

2) Partition– spreads instances across logical partitions, ensuring that instances in one partition do not share underlying hardware with instances in other partitions

3) Spread– spreads instances across underlying hardware

Q32. What is Elastic Network Interface (ENI)?

Elastic Network Interface (ENI) is a logical component in VPC that represent virtual network card. ENI are bound to specific AZ. ENI consists of primary private IP, one or more secondary IP, one public IPV4, one elastic IP per IPV4, one or more security groups and a mac address. 

Q33. What is EC2 Hibernate?

With EC2 hibernate -The in-memory RAM is preserved. – The instance boot is faster. – Under the hood the RAM state is written in EBS. – The root volume must be enough. An instance can not be hibernated for more than 60 days. 

Q34. What is EC2 connect? 

EC2 connect let you connect your EC2 with browser. Need port 22 open and work only for Amazon Linux.

Q35. Explain EC2 metadata? 

EC2 metadata lets you find details about EC2. 

metadata= information about EC2. 

It allows EC2 instances to learn about themselves without using any IAM roles.

Q36. What are EBS volume types?

1) General Purpose SSD: gp2/gp3 (SSD)

2) Provisioned IOPS SSD: io1/io2

3) Hard Drive Disk (HDD): st1/sc1

Q37. What is Elastic Load Balancer(ELB)?

Elastic Load Balancer distributes incoming application or network traffic across multiple targets, such as EC2 instances, containers (ECS), Lambda functions, and IP addresses, in multiple Availability Zones.

Q38. What are ELB types? 

 AWS has 4 kinds of managed Load Balancers

  1. Classic Load Balancer
  2. Application Load Balancer
  3. Network Load Balancer
  4. Gateway Load Balancer 

Q39. Explain Classic Load Balancer (CLB).

Classic Load Balancer  supports HTTP, HTTPS, TCP. Supports TCP (layer 4) and  HTTP-HTTPS (layer 7)

Q40. Explain Application Load Balancer (ALB)

ALB Supports HTTP, HTTPS, WebSocket. ALB is layer 7 (HTTP). Supports redirects from HTTP to HTTPS.

ALB are a great fit for micro services & container-based application. For example: Docker & Amazon ECS.

Q41. Explain Network Load Balancer (NLB)

NLB supports TCP, TLS (secure TCP) & UDP. Network load balancers (Layer 4) allow to:

Forward TCP & UDP traffic to your instances. Handle millions of request per seconds

Q42. Explain Gateway Load Balancer. 

Gateway Load Balancer operates at layer 3 – IP packets. Deploy, scale and manages a fleet of 3rd party network appliance in AWS. Uses GENEVE protocol on 7081 port. Target groups are EC2 Instances and IP addresses. 

Q43. Explain Auto Scaling Groups – Scaling Policies.

Auto Scaling Groups – Scaling Policies are : 

1) Target Tracking Scaling: Most simple and easy to set-up. For example: I want the average ASG CPU to stay at around 40%

2) Simple / Step Scaling: This scaling plan lets the user define parameters that control the scaling procedure such as CPU utilization, memory, etc.

3) Scheduled Actions: This scaling plan comes in handy in situations where the user can predict when the traffic on the application is going to increase. In such cases, the user can schedule the time when AWS auto scaling should be executed.

Q44. What is Amazon S3 Bucket?

Amazon S3 stores data as objects within buckets. An object consists of a file containing the data and optionally metadata regarding the file

Q45. How many buckets can you create in AWS by default?

By default, you can create up to 100 buckets in each of your AWS accounts.

Q46. What type of storage is S3?

Amazon S3 (Amazon Simple Storage Service) is an object storage service.

Q47. What are S3 Storage classes?

1) Amazon S3 Standard -General Purpose: Acts as a default storage class, if none specified during upload. S3 standard has 99.999999999 (9 9’s) of availability.

2) Amazon S3 Standard – Infrequent Access (IA): Helps in accessing data less frequently but needs rapid access.

3) Amazon S3 One Zone-Infrequent Access: Less frequently access but will be stored in only one zone. If that zone goes down, all data will be gone. It is used to store data which  less important or easily recreatable like image thumbnail. 

4) Amazon S3 Glacier Instant Retrieval : Helps in providing storage for data archiving and backup.millisecond Retrieval. Minimum storage duration is 90.

5) Amazon S3 Glacier Flexible Retrieval : formerly known as Amazon S3 Glacier. Minimum storage duration is 90.

    Expedited – 1 to 5 mins

    Standard – 3 to 5 hours

    Bulk – 5 to 12 hours (free)

6) Amazon S3 Glacier Deep Archive: for long term storage. Minimum storage duration is 180.

    Standard– 12 hours

    Bulk – 48 hours

7) Amazon S3 Intelligent Tiering: Move objects automatically between access tiers based on access patterns.

Q48. What is S3 Versioning?

The Amazon S3 Versioning feature allows you to keep multiple variants of the same object in the same bucket. Objects stored in S3 buckets can be preserved, retrieved, and restored with Simple Storage Service Versioning. It is easy to recover from both unintentional user actions and application failures.

Q49. What are the benefits of AWS Simple Storage Service?

  •     Durability: It gives 99.999999999 percent SLA.
  •     Cheaper: It supports a variety of storage classes. They range from those files that need to be accessed more frequently, like caching, to files that rarely change, like snapshots.
  •     Scalability: Storage resources can be easily scaled up or down based on your organisation’s needs.
  •     Availability: The availability of objects on S3 is 99.99 percent
  •     Security: It offers a robust suite of tools for access management and encryption that provide enhanced security.
  •     Flexibility: The Simple Storage Service is perfect for a wide range of uses, including data storage, backups, software delivery, archiving, disaster recovery, hosting websites, mobile applications, IoT devices, and much more.

Q50. What is Amazon S3 Glacier?

Amazon S3 Glacier is Amazon’s data backup and archival storage service, which costs extremely low compared to the regular S3 storage.

You can store data in Amazon S3 Glacier on an ad-hoc basis depending on your application and functional rules.

Q51. What are the types of S3 Encryption?

  •     SSE-S3: key handled and managed by AWS. Server side encryption with AES-256 as encryption type. Must set header as “x-amz-server-side-encryption”:”AES-256″
  •     SSE-KMS: Keys handled and managed by KMS. Server side encryption and must set header as “x-amz-server-side-encryption”:”aws:kms”
  •     SSE-C: server side encryption with the keys fully managed by customer outside aws. S3 does not store encryption key in it. HTTPS must be used.
  •     Client side encryption: Customer fully manages key and encryptions. client library such as Amazon S3 encryption client. Clients must encrypt the object before sending and decrypt it when retrieving.

Q52. What is the default storage class in AWS S3?

Amazon S3 STANDARD is the default storage class in AWS S3.

Q53. What is S3 Analytics? 

S3 Analytics is used to determine when to transition objects from standard to standard_IA. It does not work for S3 Glacier and one zone IA. After enabling, reports are updated daily. S3 analytics can be setup to help determine when to transition objects from standard to standard IA

Q54. Explain Object Lock feature in AWS S3?

S3 object lock allows us to store objects using the WORM model (write-once-read-many). The feature allows a S3 user to protect his data from being overwritten or deleted for a certain amount of time or indefinitely.

Object retentions: 

A) Retention period: specifies fixed period 

B) Legal Hold: same protection, no expiry date

Q55. What is S3 CORS?

Cross-origin resource sharing (CORS) defines a way for client web applications that are loaded in one domain to interact with resources in a different domain. With CORS support, you can build rich client-side web applications with Amazon S3 and selectively allow cross-origin access to your Amazon S3 resources.

Q56. What is the S3 Lifecycle Rule?

Moving objects between s3 tiering can be automated using S3 lifecycle rules. Transaction Action=Moving object. Expiration Action= Removing objects. Can be used to delete old versions of file.

Q57. What is multi part upload in S3?

Multipart Upload allows you to upload a single object as a set of parts. After all parts of your object are uploaded, Amazon S3 then presents the data as a single object.

Q58. What is S3 Transfer Acceleration? 

Increase transfer speed by transferring file to AWS edge location which will forward data to S3. Compatible with multi-part upload.

Q59. What Are Pre-Signed S3 URLs?

Pre-signed URLs are used to provide short-term access to a private object in your S3 bucket. They work by appending an AWS Access Key, expiration time, and Sigv4 signature as query parameters to the S3 object.

Q60. What are the components of Amazon VPC?

The Amazon VPC contains various elements:

  1. A Virtual Private Cloud: A logically isolated virtual network in the AWS cloud. You define a VPC’s IP address space from ranges you select.
  2. Subnet: A segment of a VPC’s IP address range where you can place groups of isolated resources.
  3. Internet Gateway: The Amazon VPC side of a connection to the public Internet.
  4. NAT Gateway: A highly available, managed Network Address Translation (NAT) service for your resources in a private subnet to access the Internet.
  5. Hardware VPN Connection: A hardware-based VPN connection between your Amazon VPC and your datacenter, home network, or co-location facility.
  6. Virtual Private Gateway: The Amazon VPC side of a VPN connection.
  7. Customer Gateway: Your side of a VPN connection.
  8. Router: Routers interconnect subnets and direct traffic between Internet gateways, virtual private gateways, NAT gateways, and subnets.
  9. Peering Connection: A peering connection enables you to route traffic via private IP addresses between two peered VPCs.
  10. VPC Endpoints: Enables private connectivity to services hosted in AWS, from within your VPC without using an Internet Gateway, VPN, Network Address Translation (NAT) devices, or firewall proxies.
  11. Egress-only Internet Gateway: A stateful gateway to provide egress only access for IPv6 traffic from the VPC to the Internet.

Q61. What are Internet Gateways in VPC?     

An Internet Gateway is a highly available, horizontally scaled VPC component. Gateways establish coherent connections between your Amazon VPC network and the internet.

Q62. What is a NAT Device?

A NAT device in your VPC will enable instances in the private subnet to trigger outbound IPv4 traffic to other AWS services/internet while hindering inbound traffic initiated on the internet.

Q63. What is PrivateLink from AWS?

PrivateLink provides utmost availability and scalability for AWS customers to access their services maintaining the traffic within the AWS network.

Q64. What is a subnet in VPC?

Subnetwork or subnet is a logical subdivision of an IP network. The practice of dividing a network into two or more networks is called subnetting.

Q65. What Is Ipsec?

IPsec is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a data stream.

Q66. What are the features available in AWS VPC?

This AWS VPC provides the given below features:

  • IPv4 and IPv6 address books.
  • Internet connectivity.
  • Subnet creation.
  • Route tables.
  • Elastic IP addresses.
  • Network/ Subnet security.
  • Additional networking services.

Q67. Difference between VPC and VPN?

VPC is from Amazon Web Services. It has been created as per zone for giving access to clients. It depends on multiple Subnet. But a VPN is a gateway, actually. This is the access point of the VPN network.

Q68. What is direct connect, direct connect gateway?

Direct Connect (DX) provides dedicated private connections from a remote network to your VPC. Dedicated connection must be set up between the data center and AWS direct connect locations. Supports both IPV4 and IPV6. Requires around 1 month to setup.

Direct Connect Gateway: need to setup direct connect to one or more VPC in many different region then you must use Direct Connect Gateway.

Q69. What is a Transit gateway?

Transit Gateway: used for transitive peering between thousands of VPC and on-premises. Hub and spoke connections. Supports multicast IP. Works with direct connect GW and VPN connections. Route tables limit which VPC can talk with other VPC. Share cross account using RAM (Resource Access Manager). 

Q70. What is VPC traffic Mirroring?

VPC Trafic Mirroring: allows you to capture and inspects network traffic in your VPC. Capture traffics from ENI and to ENI or NLB.

Q71. What is Egress-Only Internet Gateway?

Egress-Only Internet Gateway is used for only IPV4. Similar to NAT GW but for only IPV6. Allows instances in your VPC to outbound connections over IPV6. Must update route table.

Q72. What is AWS Network Firewall ?

AWS Network Firewall: Protects your entire amazon VPC. Layer 3 to layer 7 protection. Internally AWS Network Firewall uses AWS Gateway Load Balancers. Rules can be centrally managed across accounts by AWS firewall managers to apply to many VPC. Fine grain controls, supports 1000 of rules.

Q73. What is the AWS Route 53?

AWS’s Route 53 is a scalable and easy-to-use domain name system (DNS) hosting service.

Q74. Explain Features of Amazon Route 53.

Features of Amazon Route 53:

  1. Traffic flow—routes end users to the endpoint that should provide the best user experience
  2. Latency-based routing—routes users to the AWS region that provides the lowest latency
  3. Geo DNS—routes users to an endpoint, depending on detected user geography
  4. Private DNS—for users of Amazon VPC, defines custom domain names without exposing DNS information publicly
  5. DNS failover—automatically redirects users to an alternative service in case of outage
  6. Health checks—monitors health and performance of applications
  7. Domain registration—AWS acts as a domain registrar, allowing you to select domain names and register for them with the AWS console
  8. Weighted round-robin load balancing—spreads traffic between several services via a round-robin algorithm.

Q75. Why is it called Route 53?

The name AWS Route 53 is derived from Port 53, which handles DNS for both TCP and UDP traffic requests; the phrase Route could relate to routing or a common highway naming convention.

Q76. What is a resource record?

A resource record is a DNS entry (like and a value such as that you want to link to a name server in a hosted zone. These are sometimes referred to as record sets in AWS Route 53.

Q77. What are “A” and “Cname” record?

 A – This resource record set is used when you want to map a unique hostname (e.g., ) or alias (e.g., ) to a single IPv4 address or the associated private IP addresses with an Elastic IP Address or Auto Scaling group.

CNAME – This resource record set is used when you want to map multiple hostnames (e.g., www1, www2, www3…) to a single DNS entry (e.g.,

Q78. What are Amazon Route 53 Routing Policies? 

1) Simple Routing Policy

2) Weighted Routing Policy

3) Latency Routing Policy

4) Failover Routing Policy

5) Geo Location Routing Policy

6) Multi Value Routing Policy

Q79. What is Simple Routing Policy?

In simple routing policy, you can have only one record with multiple IP addresses. If you specify multiple values in record, Route53 returns all values in random order to the user.

Q80. What is Weighted Routing Policy?

Weighted Routing Policy controls the percentage % of the requests that go to specific endpoints. It’s helpful to test 1% of traffic on new app version.

Q81. Explain Latency Routing Policy.

It allows you to route your traffic based on lowest network latency for your end user. It redirects to the server that has the least latency close to us also helpful when latency of users is a priority.

Q82. What is Failover Routing Policy?

Failover routing lets you route traffic to a resource when the resource is healthy or to a different resource when the first resource is unhealthy. The primary and secondary records can route traffic to anything from an Amazon S3 bucket that is configured as a website to a complex tree of records.

Q83. Explain Geo Location Routing Policy.

Geolocation routing lets you choose the resources that serve your traffic based on the geographic location of your users, meaning the location that DNS queries originate from.

Q84. Explain Multi Value Routing Policy.

Multi value Routing Policy helps distribute DNS responses across multiple resources. For example, use multi value answer routing when you want to associate your routing records with a Route 53 health check.

Q85. What is AWS CloudFront?

Amazon CloudFront is an Amazon Web Services content delivery network. Easily cached content, like web videos or other hefty files, can be accessed more quickly with content delivery networks.

Q86. What is the Content Delivery Network (CDN)?

Content delivery network (CDN) is a network of distributed servers that delivers websites and diverse types of internet material to user-selected geographic locations, as well as a content delivery server.

Q87. What are the benefits of AWS CloudFront?

  • Security to the Content – It is a highly content delivery network which has each network and application level protection.It defends our applications from a lot of refined threats and DDoS attacks.
  • Integrating Network – This construct on the increasing international AWS infrastructure.It helps the applications by delivering availability, scalability and performance for everyone.
  • Great Performance – It directly connects with many end users ISPs and the AWS backbone network to accelerate the delivery of the content end to end.
  • Economical – By this the users pays just for the information transfer and requests accustomed delivery content to the customers.

Q88. What are the Uses AWS CloudFront? 

AWS CloudFront:

  • Static Quality Caching helps in speding up the process of delivery of the content.
  • Live and On-Demand Video Streaming helps in streaming the media with Amazon CloudFront.
  • Security and DDoS Protection defends the layer of DDoS mitigation and also AWS WAF for seven layers protection.
  • Dynamic and Customized Content improves the performance, responsibility, and updates dynamic parts of the application.
  • API Acceleration accelerates the API calls.
  • Software Distribution globally distributes and transfers software updates.

Q89. What are Cloud Types:

Private Cloud–> used by a single organization, not exposed to the public.

PublicCloud–> like AWS, GCP, Microsoft Azure

Hybrid Cloud–> on-premise + public cloud offerings

Q90. What is AWS GovCloud? 

AWS GovCloud is an isolated data center region of the Amazon Web Services (AWS) cloud designed to meet strict compliance requirements as defined by the U.S. Government.

Q91. Characteristics of Cloud Computing.

  • On-demand self service:Users can provision resources and use them without human interaction from service providers.
  • Broad network access:Resources available over the network
  • Multi-tenancy and resource pooling:Multiple customers can share the same infrastructure and applications with security and privacy.
  • Rapid Elasticity and scalability:quickly and easily scale based on demand.
  • Measured service:Usage is measured, users pay correctly for what they have used.

Q92. Six Advantages of Cloud Computing.

1) Trade capital expense (CAPEX) for operational expense (OPEX)

    Pay On-Demand: don’t own hardware

    Reduced Total Cost of Ownership (TCO) & Operational Expense (OPEX)

2) Benefit from massive economies of scale: Prices are reduced as AWS is more efficient due to large scale

If more people started using aws then prices will be reduced by AWS.

3) Stop guessing capacity: Scale based on actual measured usage

4) Increase speed and agility.

5) Stop spending money running and maintaining data centers

6) Go global in minutes: leverage the AWS global infrastructure

Q93. What are Cloud Computing Types?

Infrastructure as a Service (Iaas):Provide building blocks for cloud IT. • Provides networking, computers, data storage space. Example: Amazon EC2

Platform as a Service(Paas):Removes the need for your organization to manage the underlying infrastructure. Focus on deployment and management of applications. Example:  Elastic Beanstalk

Software as a Service(Saas):Completed product that is run and managed by service provider. Example: Rekognition for ML and gmail, dropbox etc.

Q94. Explain Desktop as a Service(DaaS)

 Desktop as a Service (Daas): Provides desktops as a service example is Amazon workspaces.

 Q95. Pricing of the Cloud.

1) Compute: Pay for compute time

2) Storage: Pay for data stored in the Cloud

3) Data transfer OUT of the Cloud: Data transfer IN is free

Q96. What is AWS CloudShell?

AWS CloudShell is a browser-based shell that makes it easy to securely manage, explore, and interact with your AWS resources.

Q97. What is a security Group? 

Security Groups is a firewall on our EC2 instances and contains only allow group. Security groups are locked down to region or VPC.

Q98. What is EFS?

Elastic File System (EFS):  Managed NFS (network file system) that can be mounted on 100s of EC2. EFS works with Linux EC2 instances in multi-AZ.

Q99. What are S3 bucket policies?

S3 Bucket policies are JSON documents like IAM policies.

Q100. What is AWS Policy Generator? 

AWS Policy Generator is used to generate policies which JSON documents.

Q101. What is AWS Snowcone?

AWS Snowcone is Small, portable computing, anywhere, rugged & secure, withstands harsh environments. 8 TBs of usable storage. Can be sent back to AWS offline, or connect it to Internet and use AWS DataSync to send data.

Q102. What is Snowball Edge?

Snowball Edge (for data transfers): Physical data transport solution: move TBs or PBs of data in or out of AWS. Provide block storage and Amazon S3-compatible object storage

A) Snowball Edge Storage Optimized: 80 TB of HDD capacity for block volume and S3 compatible object storage

B) Snowball Edge Compute Optimized: 42 TB of HDD capacity for block volume and S3 compatible object storage

Q103. What AWS Snowmobile?

AWS Snowmobile: Transfer exabytes of data. Each Snowmobile has 100 PB of capacity. Better than Snowball if you transfer more than 10 PB.

Q104. What is AWS OpsHub?

AWS OpsHub is a software that you install on your computer to manage your snow family.

Q105. What is AWS Storage Gateway and types?

AWS Storage Gateway is Bridge between on-premise data and cloud data in S3. Hybrid storage service to allow on-premises to seamlessly use the AWS Cloud

3 types are : 1) File Gateway 2) Volume Gateway 3) Tape Gateway

Q106. Explain AWS RDS.

  • Relational Database service, SQL, 1) MYSQL 2) Postgres 3) MariaDB 4) Oracle 5)Aurora
  • RDS is managed service. Automated provision of OS patching, continuous backup & point-in-time recovery.
  • Read replicas for improved read performance and Multi-AZ for disaster recovery.
  • Scaling capacity- Horizontal & Vertical
  • Storage is backed by EBS (Elastic Block Store)
  • You can’t SSH into your RDS instances & have a monitoring dashboard.

Q107. What is RDS CUSTOM?

RDS Custom lets you managed Oracle & Microsoft SQL servers database with OS and database customizations. Can configure settings, install patches and access underlying EC2 instances. Need to deactivate automation mode to perform customizations.

Q108. What is RDS proxy?

RDS Proxy is a fully managed database proxy for RDS. Allows apps to pool and share database connections with database. Improves database efficiency by reducing stress on database. Serverless, autoscaling, high availability. Reduces RDS & Aurora failover time by 66%. Supports RDS – Postgres, MySQL & MariaDB. Supports Aurora – Postgres and MySQL. RDS proxy is never publicaly accessible, must be accessed from VPC.

Q109. Explain Amazon Aurora.

Amazon Aurora:

  • Relational Database, SQL
  • AWS proprietary database
  • Postgres and MySQL supported by Aurora Database.
  • Aurora is AWS Cloud Optimized
  • 5x performance improvement over MySQL in RDS
  • 3x performance improvement over Postgres in RDS.
  • Aurora cost more than RDS (20%) but it is more efficient.
  • Aurora storage grows automatically in increment of 10GB upto 128 TB.
  • Aurora – 15 read replicas and replication is faster (10ms replication lag)
  • Failure in Aurora is instantaneous.
  • Aurora is HA (High availability) native, has self healing capacity.

Q110. What are Amazon Aurora Features?

1) Automatic Failover 

2) Backup & Recovery 

3) Isolation & Security 

4) Industry compliance 

5) Push button scaling 

6) Automated patching with zero downtime 

7) Advanced monitoring 

8) Routine Maintenance 

9) Backtrack – restoring data at any time without using backup.

Q111. What is Aurora Multi master?

Aurora Multi master means having multiple writer master and an immediate failure for writer node, every node does R/W.

Q112. Explain Aurora Serverless

Aurora Serverless is good for infrequent, intermittent and unpredictable workload. No capacity planning is needed. Automatic database instantiation and auto scaling based on actual usage. Pay per second, can be more cost effective.

Q113. Explain Global Aurora

Global Aurora is used for Aurora cross region read replicas for DR and as Aurora Global Database

1 primary region for R/W. Upto 5 secondary read only regions. Replication lag is less than 1 sec. Upto 16 read replicas per secondary region. Helps in decreasing latency. Promoting another region for DR has RTO < 1 min.

Q114. Explain Amazon Elasticache.

Amazon Elasticache:

  • In-memory database with really high performance and low latency.
  • Managed Redis or Memcached
  • Helps reduce the load of database for read incentive workload.
  • Helps make your application stateless.
  • AWS takes care of – OS maintenance, patching, setup, configuration, monitoring, failure recovery & backup.
  • It requires heavy application code changes.

Q115. Explain ElastiCache – Redis vs Memcached.

Redis – Multi AZ with auto failover. Read replicas to scale read & have HA. Data durability using AOF persistence. Backup and restore feature. 

Memcached – Multi-node for partitioning of data (shrading). No High-availability. Non persistence. No backup and restore. Multi-threaded Architecture.

Q116. Explain Elastic Cache Security.

1) All caches in ElastiCache: Do not support IAM authentication. IAM policies on elastic cache used only for AWS API level security.

2) Redis Auth: can set “password/token” when creating Redis cluster. This is extra level of security for cache.

3) Memcached:  supports SAML-based authentication

Q116. What is DynamoDB?

DynamoDB is a fully managed NoSQL database service. It is backed by AWS and provides exciting features like seamless scalability, fast performance, and high reliability over data. DynamoDB supports both key-value and document data structures. In addition, this service comes with different pricing tiers to suit varying user requirements.

NoSQL, Non-relational, key-value databases. Fully Managed Highly available with replication across 3 AZ. Scales to massive workloads, distributed “serverless” database. Millions of requests per seconds, trillions of row, 100s of TB of storage

Fast and consistent in performance. Single-digit millisecond latency – low latency retrieval. Standard & Infrequent Access (IA) Table Class.

10x performance improvement – single digit millisecond latency to microseconds latency – when accessing your DynamoDB tables.

Q117. What are NoSQL databases?

NoSQL or non-relational databases focus on different data storing models rather than a tabular structure. There are four types of NoSQL databases:

  • Key-value stores
  • Document stores
  • Graph store
  • Colum stores
  • DynamoDB supports both document and key-value structures.

Q118. What are the key features of DynamoDB?

  • Highly Scalable without any intervention from the user.
  • It has a latency of microseconds.
  • Serverless and enterprise-ready.
  • Encryption at Rest.
  • On-demand backup and restore.
  • Point-in-time recovery.

Q119. What are some benefits of using DynamoDB?

  1. Managed service − Amazon DynamoDB is a managed service. There is no need to hire experts to manage NoSQL installation. Developers need not worry about setting up, configuring a distributed database cluster, managing ongoing cluster operations, etc. It handles all the complexities of scaling, partitions and re-partitions data over more machine resources to meet I/O performance requirements.
  2. Scalable − Amazon DynamoDB is designed to scale. There is no need to worry about predefined limits to the amount of data each table can store. Any amount of data can be stored and retrieved. DynamoDB will spread automatically with the amount of data stored as the table grows.
  3. Fast − Amazon DynamoDB provides high throughput at very low latency. As datasets grow, latencies remain stable due to the distributed nature of DynamoDB’s data placement and request routing algorithms.
  4. Durable and highly available − Amazon DynamoDB replicates data over at least 3 different data centers’ results. The system operates and serves data even under various failure conditions.
  5. Flexible: Amazon DynamoDB allows creation of dynamic tables, i.e. the table can have any number of attributes, including multi-valued attributes.
  6. Cost-effective: Payment is for what we use without any minimum charges. Its pricing structure is simple and easy to calculate.

Q120. What is DynamoDB Accelerator (DAX).

DynamoDB Accelerator is in-memory solution for DynamoDB only. Fully managed, highly available, seamless in-memory cache for DynamoDB. Helps to solve read congestion by caching. Microsecond latency for cached data. 5 minutes TTL by default. Does not require any application logic modification.

Q121. What are DynamoDB Read/Write Capacity Modes?

Provisioned Mode (default): The capacity planning needed. Need to specify number of read/writes per second. Pay for provisioned read capacity unit (RCU) and write capacity unit (WCU). Good for predictable workload.

On-demand Mode: Read/Write automatically scales up/down with workload. No capacity planning needed. Pay for what you use and more expensive. Good for unpredictable workload and sudden spikes.

Q122. What are DynamoDB Global Tables?

DynamoDB Global table makes a DynamoDB table accessible with low latency in the multiple region. Active-Active replication. Application can read and write to table in any region. Must enable DynamoDB streams as pre-requisites.

Q123. Explain Amazon Redshift. 

Amazon Redshift: It’s OLAP – online analytical processing used for analytics and data warehousing. Columnar storage of data, Massively Parallel Query Execution (MPP), highly available.Provides 10x better performance than other data ware houses and Scales to PBs of data.

Q124. Explain Amazon Redshift Spectrum.

Amazon Redshift Spectrum query data that is already in S3 without loading it. Must have redshift cluster available to start the query. The query is then submitted to thousands of Redshift spectrum nodes.

Q125. What is Amazon EMR -Elastic Map Reduce?

EMR helps creating Hadoop clusters (Big Data) to analyze and process vast amount of data.

Also supports Apache Spark, HBase, Presto, Flink. Use cases: data processing, machine learning, web indexing, big data.

Q126. What is Amazon Athena?

Amazon Athena is a serverless query service to analyze data stored in Amazon S3. Uses standard SQL language to query the files.

Built on Presto, use compressed or columnar data for cost-savings. Use cases: Business intelligence / analytics / reporting, analyze & query VPC Flow Logs, ELB Logs, CloudTrail trails, etc.

Tip: analyze data in S3 using serverless SQL, use Athena

Q127. What is Amazon QuickSight? 

Amazon QuickSight is a serverless machine learning-powered business intelligence service to create interactive dashboards. Fast, automatically scalable, embeddable, with per-session pricing.

Use cases: Business analytics, building visualizations, perform ad-hoc analysis, Get business insights using data.

Q128. What is Amazon DocumentDB?

Document DB is “AWS implementation” of MongoDB which is NoSQL. MongoDB is used to store, query and index JSON data.

Similar deployment as Amazon Aurora.Fully managed, highly available with replication across 3 AZ.

Storage grows automatically in increment of 10GB upto 64TB.

Automatically scales workload with millions of request per second.

Q129. What is Amazon Neptune?

Amazon Neptune:

  • Fully managed “Graph database”.
  • Social media – Facebook
  • Highly available across 3 AZ.
  • Upto 15 read replicas.
  • Can store upto billions of relations and query the graph within milliseconds.
  • Wikipedia, fraud detection and social networking.

Q130. What is Amazon QLDB (Quantum Ledger Database)?

Amazon QLDB is used for recording financial transactions (no decentralization component). Used to review history of all the changes made to your application data over time.

Immutable system: no entry can be removed or modified, cryptographically verifiable.

Q131. What is Amazon Managed Blockchain?

Amazon managed Blockchain makes it possible to build applications where multiple parties can execute transactions without the need for a trusted, central authority.

Amazon Managed Blockchain is a managed service to: Join public blockchain networks Or create your own scalable private network.

Compatible with the frameworks Hyperledger Fabric & Ethereum.

Q132. What is AWS Glue? 

Amazon Glue is am anaged extract, transform, and load (ETL) service, fully serverless service. Glue Data Catalog: catalog of datasets.

Q133. What is Amazon Keyspaces?

Amazon Keyspaces:

  • For Apache Cassendra which is an open sources NoSQL database.
  • A managed Apache Cassendra database service.
  • Serverless, scalable, highly available and fully managed by AWS.
  • Tables are replicated 3 times across AZs.
  • Automatically scales table up/down based on traffic.
  • Single digit millisecond latency. 1000s of requests per second.
  • Capacity – on-demand or provisioned with auto scaling
  • Using Cassendra Query Language (CQL).
  • Encryption, backup PITR upto 35 days.
  • Use cases: Store IoT devices info, time series data

Q134. What is Amazon Timestream?

Amazon Timestream:

  • Fully Managed, fast, scalable, serverless, time series database
  • Automatically scales up/down to adjust
  • Store and analyze trillions of events per day.
  • 1000s times faster and 1/10th the cost of a relational database.
  • Data storage tiering -1) recent data are kept in memory. 2) historic data kept in cost-optimized storage.
  • Built-in time series analytics functions help in identifying patterns in your data in real time.
  • IoT app, Operational application real time analytics.

Q135. What is Amazon QuickSight?

Amazon QuickSight is a serverless, machine learning powered business intelligence service to create interactive dashboards.

Fast, automatically scalable, embeddable per session pricing.

Q136. Explain Amazon Open Search. 

Amazon Open Search:

  • Successor to Amazon Elastic Search.
  • With Open search , you can search any field and even partially matches.
  • Open Search requires cluster of instances i.e. not serverless
  • Does not support SQL. It has it’s own language.
  • Security through IAM, Cognito, KMS, encryption and TLS
  • Comes with Open Search dashboard.
  • Ingestion from 1) Kinesis Data Firehouse 2) AWS IoT 3) Cloud watch logs.

Q137. What is DMS – Database Migration Service?

Database Migration Service is used to quickly and securely migrate databases to AWS, resilient, self-healing. The source database remains available during the migration. 

Q138. What is AWS Lambda?

AWS Lambda: Function as a Service(FaaS), serverless. Virtual functions – no servers to manage. for short executions, runs on demand and scaling is automatic. Invocation time is up to 15 mins.

Q139. Explain Farget?

Fargate: Serverless offering, used to launch containers. You do not provision the infrastructure (no EC2 instances to manage)

Q140. What is Elastic Container Service(ECS)?

Elastic Container Service is used to Launch Docker containers on AWS. You must provision & maintain the infrastructure (the EC2 instances).

Q141. What is Elastic Container Registry(ECR)?

Elastic Container Registry where containers are stored. This is Private Docker Registry on AWS.

Q142. What is Amazon API Gateway?

Amazon API Gateway:

  • Serverless, scalable, fully managed service for developers to easily create, publish, maintain, monitor, and secure APIs
  • Supports RESTful APIs and WebSocket APIs. Support for security, user authentication, API throttling, API keys, monitoring.

Q143. What is AWS Batch?

AWS Batch is Fully managed batch processing at any scale. Batch will dynamically launch EC2 instances or Spot Instances. A “batch” job is a job with a start and an end. Batch jobs are defined as Docker images and run on ECS.

Q144. What is Amazon Lightsail? 

Amazon Lightsail is Virtual servers, storage, databases, and networking, low & predictable pricing. Simpler alternative to using EC2, RDS, ELB, EBS, Route 53. Great for people with little cloud experience.

Q145. What is CloudFormation?

CloudFormation is a declarative way of outlining your AWS Infrastructure, for any resources. For example, within a CloudFormation template, you say: I want a security group, two EC2 instances using this security group, an S3 bucket and I want a load balancer (ELB) in front of these machines. CloudFormation is IaaS. Then CloudFormation creates those for you, in the right order, with the exact configuration that you specify.

Q146. What is AWS Cloud Development Kit (CDK)?

AWS Cloud Development Kit (CDK) is used to define your cloud infrastructure using a familiar language: • JavaScript/TypeScript, Python, Java, and .NET. The code is “compiled” into a CloudFormation template (JSON/YAML). You can therefore deploy infrastructure and application runtime code together.

Q147. What is AWS Elastic Beanstalk?

AWS Elastic Beanstalk is a developer centric view of deploying an application on AWS. Beanstalk is Platform as a Service (PaaS) and is free but you pay for the underlying instances.

Q148. Explain AWS CodeDeploy. 

AWS CodeDeploy is a hybrid service which deploy our application on EC2 instances and on-premise servers.

Q149. Explain AWS CodeCommit. 

AWS CodeCommit is a Source-control service that hosts Git-based repositories to store code.

Q150. AWS CodeBuild.

AWS Code building service in the cloud. It compiles source code, run tests, and produces packages that are ready to be deployed.

Q151. Explain AWS CodePipeline.

AWS CodePipeline Orchestrate the different steps to have the code automatically pushed to production. Code => Build => Test => Provision => Deploy. Basis for CICD (Continuous Integration & Continuous Delivery)

Fast delivery & rapid updates. Fully managed, compatible with CodeCommit, CodeBuild, CodeDeploy, Elastic Beanstalk, CloudFormation, GitHub, 3rd-party services (GitHub…) & custom plugins.

Q152. Explain AWS CodeArtifact.

AWS CodeArtifact is a secure, scalable, and cost-effective artifact management for software development. Storing and retrieving code dependencies is called artifact management.Developers and CodeBuild can then retrieve dependencies straight from CodeArtifact.

Q153. Explain AWS CodeStar.

AWS CodeStar is Unified UI to easily manage software development activities in one place. “Quick way” to get started to correctly set-up CodeCommit, CodePipeline, CodeBuild, CodeDeploy, Elastic Beanstalk, EC2, etc.

Q154. Explain AWS Cloud9.

AWS Cloud9 is a cloud IDE (Integrated Development Environment) for writing, running and debugging code. A cloud IDE can be used within a web browser, meaning you can work on your projects from your office, home, or anywhere with internet with no setup necessary. AWS Cloud9 also allows for code collaboration in real-time (pair programming)

Q155. AWS Systems Manager (SSM).

AWS Systems Manager (SSM) is a hybrid service, helps you manage your EC2 and On-Premises systems at scale. Get operational insights about the state of your infrastructure. 

Features are- Patching automation for enhanced compliance, Run commands across an entire fleet of servers

Systems Manager – SSM Session Manager: hybrid service, allows you to start a secure shell on your EC2 and on-premises servers.

Q156. What is AWS Shield?

AWS Shield is a managed distributed denial of service (DDoS) protection service that safeguards applications running on AWS.

1) AWS Shield Standard: Free service that is activated for every AWS customer. Provides protection from attacks such as SYN/UDP Floods, Reflection attacks and other layer 3/layer 4 attacks

2) AWS Shield Advanced: 24/7 premium DDoS protection, AWS DDoS response team (DRP). Optional service. Protect against higher fees during usage spikes due to DDoS.

Protect against more sophisticated attack on Amazon EC2, Elastic Load Balancing (ELB), Amazon CloudFront, AWS Global Accelerator, and Route 53

Q157. What is AWS WAF(Web Application Firewall)?

AWS WAF is a web application firewall that helps protect web applications from attacks by allowing you to configure rules that allow, block, or monitor (count) web requests based on conditions that you define.

Filter specific requests based on rules. Protects your web applications from common web exploits (Layer 7-HTTP). Deploy on Application Load Balancer, API Gateway, CloudFront. Protects from common attack – SQL injection and Cross-Site Scripting (XSS). Size constraints, geo-match (block countries).

Q158. What is AWS KMS- Key Management Service?

AWS KMS is a managed service that enables you to easily create and control the keys used for cryptographic operations. The service provides a highly available key generation, storage, management, and auditing solution.

Q159. Explain CloudHSM.

CloudHSM provision encryption hardware which can be used by customer to store keys. HSM device is tamper resistant, FIPS 140-2 Level 3 compliance.

Q160. What is AWS Certificate Manager (ACM)?

AWS Certificate Manager is a service that lets you easily provision, manage, and deploy public and private Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with AWS services and your internal connected resources.

Q161. What is AWS Secrets Manager?

AWS Secrets Manager is a newer service, meant for storing secrets. Capability to force rotation of secrets every X days. Automate generation of secrets on rotation (uses Lambda).

Q162. What is AWS Artifact?

AWS Artifact is a Portal that provides customers with on-demand access to AWS compliance documentation and AWS agreements. Can be used to support internal audit or compliance

1) Artifact Reports– Allows you to download AWS security and compliance documents from third-party auditors, like AWS ISO certifications, Payment Card Industry (PCI), and System and Organization Control (SOC) reports.

2) Artifact Agreements– Allows you to review, accept, and track the status of AWS agreements such as the Business Associate Addendum (BAA) or the Health Insurance Portability and Accountability Act (HIPAA) for an individual account or in your organization.

Q163. What is Amazon GuardDuty?

Amazon GuardDuty is an Intelligent Threat discovery to Protect AWS Account. Uses Machine Learning algorithms, anomaly detection, 3rd party data.

Q164. Explain AWS Config.

AWS config helps with auditing and recording compliance of your AWS resources. Helps record configurations and changes over time.

Q165. Explain Amazon Macie. 

Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to discover and protect your sensitive data in AWS. Macie helps identify and alert you to sensitive data, such as personally identifiable information (PII).

Q166. What is AWS Security Hub?

AWS Security Hub:

  • Central security tool to manage security across several AWS accounts and automate security checks
  • Integrated dashboards showing current security and compliance status to quickly take actions
  • Automatically aggregates alerts in predefined or personal findings formats from various AWS services & AWS partner tools:
  • GuardDuty, Inspector, Macie, IAM Access Analyzer, AWS Systems Manager, AWS Firewall Manager, AWS Partner Network Solutions
  • Must first enable the AWS Config Service
  • Can protect against CryptoCurrency attacks (has a dedicated “finding” for it)

Q167. What is Amazon Detective?

Amazon Detective analyzes, investigates, and quickly identifies the root cause of security issues or suspicious activities (using ML and graphs). Automatically collects and processes events from VPC Flow Logs, CloudTrail, GuardDuty and create a unified view

Produces visualizations with details and context to get to the root cause

Q168. What is AWS Abuse?

AWS Abuse is a report of suspected AWS resources used for abusive or illegal purposes.

Q169. Explain AWS acceptable use policy(aup).

The AWS acceptable use policy(aup) is a policy that is applicable to all the customers of AWS cloud services. The policy states:

  • No illegal, Harmful or Offensive use or Content
  • No security violations
  • No Network abuse
  • No E-mail or Message Abuse
  • Every organization will have to adhere to these rules when shifting their organization and it’s applications to AWS cloud.

Q170. Explain NACL (Network ACL). 


  • Stateless, subnet rules for inbound and outbound
  • A firewall which controls traffic from and to subnet
  • Can have ALLOW and DENY rules.
  • Are attached at the Subnet level
  • Rules only include IP addresses

Q171. Explain Security Groups.

Security Groups:

  • Stateful, operate at the EC2 instance level or ENI
  • A firewall that controls traffic to and from an ENI / an EC2 Instance
  • Can have only ALLOW rules
  • Rules include IP addresses and other security group

Q172. What is VPC Peering?

VPC Peering: Connect two VPC, privately using AWS’ network. Must not have overlapping CIDR (IP address range).

VPC Peering connection is not transitive (must be established for each VPC that need to communicate with one another).

Q173. What are VPC Endpoints?

VPC Endpoints allow you to connect to AWS Services using a private network instead of the public www network

This gives you enhanced security and lower latencyto access AWS services

1) VPC Endpoint Gateway: S3 & DynamoDB

2) VPC Endpoint Interface: the rest of aws services.

Q174. Explain Site to Site VPN.

Site to Site VPN: 

  • A VPN over public internet between on-premises DC and AWS
  • Connect an on-premises VPN to AWS
  • The connection is automatically encrypted
  • Goes over the public internet
  • On-premises: must use a Customer Gateway (CGW) and AWS: must use a Virtual Private Gateway (VGW) for Site-to-site VPN.

Q175. Explain Direct Connect (DX).

Direct Connect (DX):  

  • a direct private connection to AWS
  • Establish a physical connection between on-premises and AWS
  • The connection is private, secure and fast
  • Goes over a private network
  • Takes at least a month to establish

Q176. What is a Transit Gateway? 

Transit Gateway is used for having transitive peering between thousands of VPC and on-premises, hub-and-spoke (star) connection. Works with Direct Connect Gateway, VPN connections.

Q177. What is AWS Global Accelerator?

AWS Global Accelerator:

Improve global application availability and performance using the AWS global network

Leverage the AWS internal network to optimize the route to your application(60% improvement)

2 Anycast IP are createdfor your application and traffic is sent through Edge Locations

The Edge locations send the traffic to your application

Q178. What is AWS Outposts?

AWS Outposts are “server racks” that offers the same AWS infrastructure, services, APIs & tools to build your own applications on-premises just as in the cloud

AWS will setup and manage “Outposts Racks” within your on-premises infrastructureand you can start leveraging AWS services on-premises

You are responsible for the Outposts Rack physical security.

Q179. Explain AWS WaveLength.

AWS WaveLength Zones are infrastructure deployments embedded within the telecommunications providers’ datacenters at the edge of the 5G networks.Brings AWS services to the edge of the 5G networks

Use cases: Smart Cities, ML-assisted diagnostics, Connected Vehicles, Interactive Live Video Streams, AR/VR, Real-time Gaming, …

Q180. What are AWS Local Zones?

AWS Local Zones places AWS compute, storage, database, and other selected AWS services closer to end users to run latency-sensitive applications. Extend your VPC to more locations – “Extension of an AWS Region”

Q181. What is Amazon EventBridge (Formerly known as CloudWatch Events)?

EventBridge is the next evolution of CloudWatch Events

    1) Default event bus: generated by AWS services (CloudWatch Events)

    2) Partner event bus: receive events from SaaS service or applications (Zendesk, DataDog, Segment, Auth0…)

    3) Custom Event buses: for your own applications

Schema Registry:model event schema

EventBridge has a different name to mark the new capabilities

Q182. What is AWS CloudTrail?

AWS CloudTrail: 

  • Provides governance, compliance, and auditfor your AWS Account. CloudTrail is enabled by default!
  • Get an history of events / API callsmade within your AWS Account by: • Console, • SDK, • CLI, • AWS Services
  • Can put logs from CloudTrail into CloudWatch Logs or S3
  • A trail can be applied to All Regions (default) or a single Region.
  • If a resource is deleted in AWS, investigate CloudTrail first!

Q183. What is Amazon CodeGuru?

Amazon CodeGuru:

An ML-powered service for automated code reviews and application performance recommendations

Provides two functionalities

CodeGuru Reviewer: automated code reviews for static code analysis (development)

Identify critical issues, security vulnerabilities, and hard-to-find bugs

Example: common coding best practices, resource leaks, security detection, input validation

Q184. Explain AWS Organizations.

AWS Organizations:

Global service, Allows to manage multiple AWS accounts

The main account is the master accountand other accounts called child accounts.

Cost Benefits:

1) Consolidated Billing across all accounts– single payment method

2) Pricing benefits from aggregated usage(volume discount for EC2, S3…)

3) Pooling of Reserved EC2 instances for optimal savings

4) API is available to automate AWS account creation

5) Restrict account privileges using Service Control Policies (SCP)

Q185. What is AWS Control Tower?

AWS Control Tower:

Easy way to set up and govern a secure and compliant multi-account AWS environment based on best practices.AWS Control Tower runs on top of AWS Organizations:It automatically sets up AWS Organizationsto organize accounts and implement SCPs (Service Control Policies)


1) Automate the set up of your environmentin a few clicks

2) Automate ongoing policy managementusing guardrails

3) Detect policy violations and remediate them

4) Monitor compliance through an interactive dashboard

Q186. What is AWS Compute Optimizer?

AWS Compute Optimizer:

  • Reduce costs and improve performance by recommending optimal AWS resources for your workloads
  • Helps you choose optimal configurations and rightsizeyour workloads (over/under provisioned)
  • Uses Machine Learningto analyze your resources’ configurations and their utilization CloudWatch metrics
  • Supported resources – EC2 instances, EC2 Auto Scaling Groups, EBS volumes, Lambda functions
  • Lower your costs by up to 25%

Q187. Explain Cost Explorer.

AWS Cost Explorer: 

Visualize, understand, and manage your AWS costs and usage over time. Create custom reports that analyze cost and usage data. Analyze your data at a high level: total costs and usage across all accounts Or Monthly, hourly, resource level granularity

Choose an optimal Savings Plan(to lower prices on your bill)

Forecast usage up to 12 months based on previous usage

Q188. What is Trusted Advisor?

AWS Trusted Advisor: provides high level AWS account assessment. Analyze your AWS accounts and provides recommendationon 5 categories

1) Cost optimization

2) Performance

3) Security

4) Fault tolerance

5) Service limits (Service Quotas)

Q189. What are Well Architected Framework  pillars?

The AWS Well-Architected Framework describes key concepts, design principles, and architectural best practices for designing and running workloads in the cloud. Well Architected Framework -6 Pillars:

1) Operational Excellence

2) Security

3) Reliability

4) Performance Efficiency

5) Cost Optimization

6) Sustainability

Q190. Explain AWS Well-Architected Tool.

AWS Well-Architected Tool is a free tool to review your architectures against the 6 pillars Well-Architected Framework and adopt architectural best practices.

Q191. What is AWS Marketplace?

AWS Marketplace: Digital catalog with thousands of software listings from independent software vendors (3rd party).

If you buy through the AWS Marketplace, it goes into your AWS bill. You can sell your own solutions on the AWS Marketplace.

Q192. Explain Elasticity. 

Elasticity refers to the ability to acquire resources as you need and release when they are no longer needed is termed as Elasticity of the Cloud.

Q193. Explain Reliability.

Reliability refers to the ability of a system to recover from infrastructure or service disruptions, by dynamically acquiring computing resources to meet demand, and mitigate disruptions.

Q194. Explain Scalability.

Scalability is the measurement of a system’s ability to grow to accommodate an increase in demand or shrink down to a diminishing demand.

Q195. What are IAM Security Tools?

1) IAM Credential Reports (Account Level): a report that lists all your account’s users and the status of their various credentials.

2) IAM Access Advisor (User Level): Access advisor shows the service permissions granted to a user and when those services were last accessed.

Q196. What is AWS STS? 

AWS STS (Security Token Service): Center of AWS. Enables you to create temporary, limited-privilege credentials to access your AWS services.

Q197. What is AWS Cognito?

AWS Cognito -Identity for your web and mobile application users. Example: Login with google,Facebook or twitter which will redirect to main application.

Q198. What is Cognito User Pools?

Cognito User Pools- helps with Sign in functionality for app users. Integrate with API Gateway & Application Load Balancer.Create a serverless database of user for your web & mobile apps. Federated Identities: users from Facebook, Google, SAML.

Q199. What is Cognito Identity Pools (Federated Identity)?

Cognito Identity Pools– Provide AWS credentials to users so they can access AWS resources directly. Integrate with Cognito User Pools as an identity provider. Users can then access AWS services directly or through API Gateway.

Q200. What is Single Sign-On(SSO)?

Single Sign-On: Centrally managed Single Sign-On to access multiple accounts and 3rd party business applications. Integrated with AWS organizations and on-premises Active Directory. Supports SAML2.0.Centralized permission management. Centralized auditing with CloudTrail.

Q201. What is storage gateway in aws?

AWS Storage Gateway is a hybrid cloud storage service that gives you on-premises access to virtually unlimited cloud storage. Types of AWS Storage gateway are – S3 File Gateway, FSx File Gateway, Volume Gateway and Tape Gateway. 

Q202. Explain S3 File Gateway.

S3 File Gateway: configured s3 buckets are accessible using NFS and SMB protocol. Supports S3 standard, S3 standard IA, S3 one zone IA and S3 intelligent tiering. Most recently used data is cached in the file gateway. Transition into S3 glacier using life cycle policies.

Q203. Explain FSx File Gateway.

FSx File Gateway: Native access to amazon FSx for windows file server. Local cache for frequently accessed data. Windows native capabilities like SMB, NFTS, AD etc. Useful for group file shares and home directories.

Q204. Explain Volume Gateway.

Volume Gateway: Block storage using iSCSI protocol and backed by S3. Backed by EBS snapshot which can help restore on-premise volume.

A) Cached Volume: low latency, access to most recent data.

B) Stored Volume: Entire data set is on-premise & scheduled backup to S3

Q205. Explain Tape Gateway. 

Tape Gateway: Backup data using existing tape based processes in the cloud. Virtual Tape Library (VTL) backed by S3 & glacier. iSCSI interface.

Q206. Explain Amazon EKS.

Amazon EKS is a Elastic Kubernetes Service and Managed kubernetes on AWS

Amazon EKS is an alternative to ECS.

Supports: 1) EC2 – to deploy worker node 2) Fargate – to deploy serverless architecture.

Kubernetes is cloud agnastic.

Q207. What is AWS Step Functions?

AWS Step Functions:

Build serverless visual workflow to orchestrate your lambda functions. Possibility of implementing human approval features. Features are sequence, parallel conditions, timeout, error handling etc. Use cases: order fulfilment, data processing etc.

Q208. What is Amazon Kinesis?

Amazon Kinesis is used for real-time big data streaming. Managed service to collect, process and analyze the real-time streaming at any scale.

  • Kinesis data stream–> low latency streaming to ingest data at high scale from hundreds of thousands of sources.
  • kinesis Data firehose–> load streams into S3, Redshift, elastic search etc.
  • Kinesis Data Analytics –> performs real-time analytics on streams using SQL.
  • Kinesis Video Streams –> monitor real-time video stream for analytics or ML.

Q209. What is AWS Resource Access Manager(RAM)?

AWS Resource Access Manager (RAM):

RAM is a service that enables you to share AWS resources easily and securely with any AWS account or within your AWS Organization. 

You can share AWS Transit Gateways, Subnets, AWS License Manager configurations, and Amazon Route 53 Resolver rules resources with RAM.

Key benefits: 1) Reduce Operational Overhead 2) Improve Security and Visibility 3) Optimize Costs

Q210. What is AWS Automatic Scaling Group (ASG)?

An Amazon EC2 Auto Scaling group (ASG) contains a collection of EC2 instances that share similar characteristics and are treated as a logical grouping for the purposes of fleet management and dynamic scaling.

Vertical Scalability –> Increasing in EC2 instance like from t2.micro to m5.large (scale up or down)

Horizontal Scalability –> Adding more similar type of Instance (scale in/out)

Q211. Explain AWS Migration Hub.

AWS Migration Hub provides a central location to collect server and application inventory data for the assessment, planning, and tracking of migrations to AWS. Migration Hub can also help accelerate application modernization following migration.

Use cases: 1) Assess and plan your migration 2) Automate lift-and-shift migrations to AWS 3) Refactor legacy applications

Q212. Explain AWS Server Migration Service.

AWS Server Migration Service (AWS SMS) automates the migration of your on-premises VMware vSphere, Microsoft Hyper-V/SCVMM, and Azure virtual machines to the AWS Cloud.

AWS SMS incrementally replicates your server VMs as cloud-hosted Amazon Machine Images (AMIs) ready for deployment on Amazon EC2.

An agentless service for migrating thousands of on-premises workloads to AWS. This is the enhanced replacement of Amazon EC2 VM Import service.

Q213. Explain AWS Data Sync.

AWS Data Sync:

  • Is used to move large amount of data to and from AWS.
  • On premise/other cloud to AWS: needs data sync agent.
  • AWS to AWS: no data sync agent needed.
  • Can synchronize to – Amazon S3, Amazon EFS and Amazon FSx.
  • Replication can be scheduled hourly, daily, or weekly.
  • File permissions and metadata are preserved.

Q214. Explain AWS Transfer Family.

AWS Transfer Family: 

A fully managed service for file transfer in and out of S3 or EFS using FTP protocol.

Managed infrastructure, scalable, reliable, and highly available.

Pay per provisioned endpoint per hour + data transferred in GB.

Supported protocol are:

  • AWS transfer for FTP.
  • AWS transfer for FTPS.
  • AWS transfer for SFTP.

Q215. Explain AWS Snow Family?

AWS Snow Family is a Highly secure, portable devices to collect and process data at the edge and migrate data in and out of AWS.

Data Migration: 1) Snowcone 2) Snowball Edge 3) Snowmobile

Edge Computing: 1) Snowcone2)Snowball Edge

Q216. Explain some Machine Learning Services in AWS. 

  • Amazon Rekognition: Face detection, recognizing objects, celebrity.
  • Amazon Transcribe: Converts speech to text. For example, subtitle.
  • Amazon Polly: Opposite of Amazon Transcribe, converts text to speech.
  • Amazon Lex: Amazon Alexa. Converts speech to text.
  • Amazon Connect: Cloud contact center, virtual contact center.
  • Amazon Translate: Same as google translator, translate in different languages.
  • Amazon Kendra: Document search service.
  • Amazon Comprehend: NLP-Natural Language Processing.
  • Amazon Sagemaker: Build machine learning service.
  • Amazon forecast: Forecasting, future sales of rain coat.
  • Amazon Personalize: for personalization.
  • Amazon Textract: Extracting data from any documents.

Q217. What is AWS IAM? 

The Amazon Web Services Identity and Access Management service is like a security guard at the door to Amazon Web Services. This is where Azure Services and its environment are authenticated and authorised. The basic building blocks of AWS IAM are IAM roles, IAM users, groups and policies.

Q218. What are some best practices to manage access to AWS resources?

Following are some best practices to manage access to AWS resources.

  1. Do not use root account – Your root account has access to all your AWS resources and services, hence it is a best practice to not share or use it.
  2. Use Groups – Instead of giving access to AWS resources and services for individual users – create groups, give needed access to the groups, and add users to the groups – so that all users within a group has the same access.
  3. Enable Multi-factor Authentication (MFA) – It is a best practice to enable MFA for privileged users such as admins. MFA adds an extra layer of protection on top of basic user-id and password based authentication.
  4. Grant least privileges – Grant only the minimum required permissions for the user or group.

Q219. Explain some IAM Benefits. 

AWS IAM provides a number of benefits, including:

  1. Improved security: IAM allows you to manage access to your AWS resources more securely by controlling who can access what resources and what actions they can perform.
  2. Centralized control: IAM allows you to centrally manage users, groups, and permissions across your AWS accounts.
  3. Scalability: IAM is designed to scale with your organization, allowing you to easily manage access for a large number of users and resources.
  4. Integration with other AWS services: IAM integrates with many other AWS services, making it easy to manage access to those services.
  5. Cost-effective: Since IAM is a free service, it can help you reduce costs associated with managing access to AWS resources.
  6. Compliance: IAM can help you meet compliance requirements by providing detailed logs of all IAM activity, including who accessed what resources and when.

Q220. What are least-privilege permissions?

When you set permissions with IAM policies, grant only the permissions required to perform a task. This practice is known as  granting least privilege. You can apply least-privilege permissions in IAM by defining the actions that can be taken on specific resources under specific conditions.

Q221. List some Amazon rds alternatives?

Some of the better alternatives to the Amazon RDS are,

  • Amazon Aurora
  • Azure SQL Database
  • Microsoft SQL Server
  • Snowflake
  • Oracle Database
  • Google Cloud SQL
  • MongoDB Atlas
  • Oracle Exadata
  • Oracle Database Cloud Service

Q223. Is Amazon RDS IaaS or PaaS?

Amazon RDS is a PaaS as it only provides a platform or a set of tools to manage your database instances. AWS is Iaas, but the RDS provided by the AWS is PaaS.

Q224. What is a AWS Redshift Cluster?

Each Amazon Redshift data warehouse contains a collection of computing resources (nodes) organized in a cluster. Each Redshift cluster runs its own Redshift engine and contains at least one database.

Q225. What is AWS Lambda@Edge?

AWS Lambda@Edge is an extension of AWS Lambda that grants greater flexibility and lower latency to distributed Lambda functions. You can run Lambda@Edge functions with Node.js and Python. 

Q226. Explain Lambda with RDS Proxy.

Lambda function must be deployed in your VPC because RDS proxy is never publicly accessible. With RDS proxy, it improves scalability by pooling and sharing DB connection. Improve availability by reducing 66% failover time by storing connection. 

Q227. Explain CloudFront events that can be used to trigger Lambda@Edge.

Your functions will automatically trigger in response to the following Amazon CloudFront events:

Viewer Request – This event occurs when an end-user or a device on the Internet makes an HTTP(S) request to CloudFront, and the request arrives at the edge location closest to that user.

Viewer Response – This event occurs when the CloudFront server at the edge is ready to respond to the end-user or the device that made the request.

Origin Request – This event occurs when the CloudFront edge server does not already have the requested object in its cache, and the viewer request is ready to be sent to your backend origin web server (e.g. Amazon EC2 or Amazon S3).

Origin Response – This event occurs when the CloudFront server at the edge receives a response from your backend origin web server.

Q228. Explain Amazon Workspace. 

Amazon Workspace is a Managed Desktop as a Service (Daas) solution to easily provision Windows and Linux desktops. Great to eliminate management of on-premise VDI (virtual desktop infrastructure), pay as you go on monthly or hourly rates. Minimizing latency – 2 uses in multiple regions then deploy the workspace near to user1 and another workspace to near user2.

Q229. Explain Appstream 2.0.

Amazon Appstream 2.0 is a Desktop Application Streaming Service. The application is delivered from within web browser. Deliver to any computer without acquiring and provisioning infrastructure.

Q230. Explain Sumerian.

AWS Sumerian is used to created virtual reality (AR), augumented reality (AR) and 3D applications. can be used to quickly create 3D module with animations. Accessible via web browser or on popular hardware of AR and VR.

Q231. What is Elastic Transcoder?

AWS Elatstic Transcoder is used to convert media files stored in S3 into media files in the format required by consumer playback devices such as phone.

Q232. What are Disaster Recovery Strategies?

AWS Elastic disaster Recovery Service is a service that helps you to do better disaster recovery. Formerly known as CloudEndure Disaster Recovery

1) Backup and Restore (cheapest):

2) Pilot Light:Core functions of the app, ready to scale but minimal setup only. Little expensive than Backup and Restore.

3) Warm Standby:More expensive. Full version of the app ready in the cloud but at minimum size.

4) Multi-site/Hot-site (most expensive):Full version of the app ready in the cloud with full size.

Q233. Explain AWS Fault Injection Simulator (FIS).

AWS Fault Injection Simulator (FIS):A fully managed service for running fault injection experiment on AWS workloads. Based on Chaos Engineering

Q234. What AWS SQS?

AWS SQS (Simple Queue Service):Fully managed service used to decouple the application. Default retention of messages is 4 days maximum up to 14 days.

Q235. What is AWS SNS?

AWS SNS (Simple Notification Service):pub-sub module with topic features.

Q236. Explain Amazon MQ.

Amazon MQ can be used only if company is migrating to cloud and it used protocol like MQTT, AMQP, STOMPS, Openwire, WSS etc. The Amazon MQ does not scale like SQS and SNS and runs of dedicated machine. Amazon MQ has both queue feature (like SQS) and topic features (like SNS).

Q237. List Types of cloud in cloud computing.

Cloud Types:

Private Cloud–> used by a single organization, not exposed to the public.

PublicCloud–> like AWS, GCP, Microsoft Azure

Hybrid Cloud–> on-premise + public cloud offerings

Q238. What is AWS GovCloud?

AWS GovCloud is an isolated data center region of the Amazon Web Services (AWS) cloud designed to meet strict compliance requirements as defined by the U.S. Government

Q239. List Cloud Computing types.

Cloud Computing Types:

Infrastructure as a Service (Iaas): Provide building blocks for cloud IT. • Provides networking, computers, data storage space. Example: Amazon EC2

Platform as a Service(Paas): Removes the need for your organization to manage the underlying infrastructure. Focus on deployment and management of applications. Example:  Elastic Beanstalk

Software as a Service(Saas): Completed product that is run and managed by service provider. Example: Rekognition for ML and gmail, dropbox etc.

Q240. Explain Amazon FSx.

Amazon FSx: Fully managed service, Launch 3rd party high-performance file systems on AWS

1) Amazon FSx:For windows.  Supports SMB protocol & Windows NTFS

2) Amazon Lusture: Linux + Cluster. For Linux only. A fully managed, high-performance, scalable file storage for High Performance Computing (HPC)

3) FSx for NetApp ONTAP

Q241. Explain Locks in AWS S3. 

S3 Object Lock: Adopt a WORM (Write Once Read Many) model. Block an object version deletion for a specified amount of time.

Glacier Vault Lock: Adopt a WORM (Write Once Read Many) model. Lock the policy for future edits (can no longer be changed). Helpful for compliance and data retention.

Q242. What are the edge locations?

Edge location is the area where the contents will be cached. So, when a user is trying to access any content, the content will automatically be searched in the edge location.

Q243. What are the advantages of auto-scaling?

Following are the advantages of autoscaling

  • Offers fault tolerance
  • Better availability
  • Better cost management

Q244. How can you secure the access to your S3 bucket?

S3 bucket can be secured in two ways:

ACL (Access Control List):

ACL is used to manage the access of resources to buckets and objects. An object of each bucket is associated with ACL. It defines which AWS accounts have granted access and the type of access. When a user sends the request for a resource, then its corresponding ACL will be checked to verify whether the user has granted access to the resource or not.

When you create a bucket, then Amazon S3 creates a default ACL which provides a full control over the AWS resources.

  • Bucket Policies:

Bucket policies are only applied to S3 bucket. The bucket policies define what actions are allowed or denied. Bucket policies are attached to the bucket not to an S3 object but the permissions define in the bucket policy are applied to all the objects in S3 bucket.

Q245. What is the maximum size of messages in SQS?

The maximum size of message in SQS IS 256 KB

Q246. What is Amazon Kinesis Firehose?

An Amazon Kinesis Firehose is a web service used to deliver real-time streaming data to destinations such as Amazon Simple Storage Service, Amazon Redshift, etc.

Q247. What is the use of Amazon Transfer Acceleration Service?

An Amazon Transfer Acceleration Service is a service that enables fast and secure transfer of data between your client and S3 bucket.

Q248. Differences between horizontal scaling and vertical scaling?

Vertical scaling means scaling the compute power such as CPU, RAM to your existing machine while horizontal scaling means adding more machines to your server or database. Horizontal scaling means increasing the number of nodes, and distributing the tasks among different nodes.

Q249. What is Amazon Elastic Transcoder?

Amazon Elastic Transcoder is a fully managed media transcoding service that converts media files from their original source format into versions that will playback on devices like smartphones, tablets, PCs, and smart TVs.

Q250. What is Amazon Lex?

Amazon Lex is a service for building conversational interfaces into any application using voice and text.

Q251. What is Amazon Polly?

Amazon Polly is a service that turns text into lifelike speech, allowing you to create applications that talk, and build entirely new categories of speech-enabled products.

Q252. What is Amazon Rekognition?

Amazon Rekognition is a service that makes it easy to add image and video analysis to your applications.

Q253. What is Amazon Transcribe?

Amazon Transcribe is a service that automatically transcribes speech to text.

Q254. What is Amazon Translate?

Amazon Translate is a neural machine translation service that delivers fast, high-quality, and affordable language translation.

Q255. What is Amazon Comprehend?

Amazon Comprehend is a natural language processing (NLP) service that uses machine learning to find insights and relationships in a text.

Q256. What is AWS Glue?

Customers can easily prepare and load their data for analytics with AWS Glue, a fully managed extract, transform, and load (ETL) service.

Q257. What is AWS Data Pipeline?

AWS Data Pipeline is a web service that helps you reliably process and move data between data stores and AWS compute and storage services.

Q258. What is AWS IoT?

AWS IoT is a managed cloud platform that enables linked devices to communicate with other gadgets and cloud applications. Between Internet-connected gadgets like sensors, actuators, embedded microcontrollers, or smart appliances and the AWS Cloud, it enables safe, bidirectional communication.

Q259. What is AWS Greengrass?

AWS Greengrass is a service that allows you to run AWS Lambda functions, along with a small subset of the AWS IoT service, on connected devices, such as gateways, edge devices, and other IoT devices.

Q260. What is AWS AppSync?

The development of GraphQL APIs is made simple by AWS AppSync, a fully managed service that handles the laborious task of securely connecting to data sources.

Q261. What are Spot Instances and On-Demand Instances?

Spot Instances are unused computing capacity blocks released by AWS when EC2 instances are created.

On-Demand Instances are virtual servers in the AWS EC2 used while testing and developing applications on EC2.

Q262. What is Connection Draining?

Connection Draining enables the servers to serve their current requests before they are updated or removed. Connection draining helps re-route the traffic from the Instances and is in a queue to be updated.

Q263. What are an Instance Store Volume and an EBS Volume?

Instance Store Volume is temporary storage to store temporary data by an instance to a function.

EBS Volume is a persistent storage disk that is available even when the instances are turned off.

Q264. What are Recovery Time Objective and Recovery Point Objective?


Recovery Time Objective is the maximum delay that is acceptable between the interruption and restoration of service.

Recovery Point Objective is the maximum delay that is acceptable since the last data restore point.

Q265. Explain the Relation between Availability Zone and Region?

AWS regions are individual geographic areas like Asia South (Mumbai) and US-west 1 (North California).

Availability Zones are isolated locations within the regions that can replicate whenever needed.

Q266. What are DDoS attacks, and What Services can minimize them?

DDoS or Distributed Denial of Service is a cyber attack that disrupts the normal traffic to a web property. It attacks online services and websites by giving them more traffic than they can handle. The AWS Shield is a managed service for DDoS protection.

Q267. What are some of the AWS Services that are global?

Some of the non-region-specific AWS services are:

  • IAM
  • Route 53
  • Web Application Firewall
  • CloudFront

Q268. What is Amazon Elastic File System for Lustre (EFS-Lustre)?

Amazon Elastic File System for Lustre (EFS-Lustre) is a fully managed file system that uses the high-performance Lustre file system. It is optimized for large-scale workloads, such as compute-intensive, high-performance computing, machine learning, and big data.

Q269. Can you explain the concept of “serverless” computing and how it relates to AWS?

Serverless” computing refers to the ability to run code without having to provision or manage servers. With AWS Lambda, customers can run their code without thinking about servers, and only pay for the computing time consumed.

Q270. How does AWS ensure data security and compliance?

AWS provides multiple security features and compliance programs to ensure the security of customer data. These include security controls, compliance certifications, and attestations, and a shared security responsibility model.

Q271. Can you explain the concept of “hybrid cloud” and how it relates to AWS?

Hybrid cloud” refers to the use of a combination of on-premises, private cloud, and public cloud services to meet the specific needs of an organization. AWS offers services such as AWS Direct Connect and AWS VPN to facilitate hybrid cloud deployments.

Q272. How does AWS compare to other cloud computing providers?

AWS is considered one of the leading cloud computing providers, along with Microsoft Azure and Google Cloud Platform. Each provider offers a wide range of services and has its own strengths and weaknesses. AWS is known for its large selection of services and its ability to handle a wide range of workloads and use cases.

Q273. How to auto-delete old Snapshots?

Auto-deleting old snapshots:

  • Taking snapshots of EBS volumes on Amazon S3
  • Using AWS Ops Automator to handle snapshots automatically.
  • This creates, copies, and deletes Amazon EBS snapshots.

Q274. What are the factors to consider while Migrating to AWS?

Considered factors while migrating to AWS are:

  • Operational Costs
  • Workforce Productivity
  • Cost avoidance
  • Operational resilience
  • Business agility

Q275. Can you explain the concept of “multi-cloud”?

Multi-cloud” refers to the use of multiple cloud computing providers by an organization. AWS offers services such as AWS Resource Access Manager and AWS Organizations to facilitate multi-cloud deployments.

Q276. What is Cloudwatch?

Cloudwatch is helpful to monitor various features of the AWS such as networks, storage, applications, the health of the systems, etc.

Q277. What are the types in cloudwatch?

  • Basic- Free service
  • Detailed – Charged service

Q278. List the cloudwatch metrics that are available for EC2 instances.

Various Cloudwatch metrics available for EC2 instances are mentioned below.

  • CPU utilisation
  • CPU credit usage
  • CPU credit balance
  • networkIn
  • networkOut
  • Diskreads
  • Diskwrites

Q279. List various parameters involved in S3 pricing.

The parameters determining the S3 pricing are listed below.

  • Data transfer
  • Storage utilised
  • Transfer acceleration
  • Storage management
  • Number of requests

Types of Storage Classes in S3 is the basic question asked in the AWS interview.

Q280. What is the prerequisite for Cross-region replication in S3?

The source and destination buckets should be in different regions and versioning must be enabled at both the source and destination.

Q281. What is archive storage capacity in Glacier?

Individual archives can be stored up to a maximum of 40 TB in Glacier.

Q282. What are the database types in RDS?

The Database types in RDS are listed below:

  • MYSQL server
  • Oracle
  • SQL server
  • Postgresql
  • Aurora
  • MariaDB

Q283. What is multi-AZ RDS?

Multi-AZ RDS is helpful to make a replica of the production database to be available in other availability zones. They come handy in case of disaster recovery and primary database shutdown, to have a complete set of database as a backup.

Q284. What are the types of backups in the RDS database?

Types of backups in the RDS database.

  • Automated
  • Manual (also known as snapshots)

Q285. Explain the usage of Classic Load Balancer and Application Load Balancer.

Classic Load Balancer is designed for simple load balancing of traffic whereas Application Load Balancer helps in intelligent load balancing of traffic across various EC2 instances.

Application Load Balancer is utilised to route traffic to multiple instances.

Q286. Differentiate between vertical and horizontal scaling in AWS.

Vertical Scaling refers to the process of increasing the power and performance of an existing machine by adding up resources to the infrastructure.

Horizontal Scaling refers to the scenario where the power and performance are augmented by adding new machines to the infrastructure.

Vertical Scaling is restricted to handle a limited number of users and Horizontal Scaling comes to the rescue when the users are increasing in large numbers with clustering, load balancing and distributed file system.

Q287. What is the difference between Scalability and Elasticity?

Scalability refers to the ability of a system to increase the hardware requirements or processing nodes to tackle increasing demand.

The elasticity of a system refers to the capability of the system to add resources for improving the performance when required and returning to the original configuration when resources are not required.

Q288. How to reduce the load on the Amazon EC2 instance?

Attaching a load balancer to an autoscaling group will distribute the load effectively among various instances.

Q289. Explain the purpose of Connection Draining.

Connection Draining will reroute the traffic from non-updated and health check failed instances.

Q290. What is the purpose of lifecycle hooks in AutoScaling?

Lifecycle hooks help to add wait time before launch or termination of an instance for extraction of log files or installation of necessary software respectively.

Q291. How does Elastic Beanstalk update?

Elastic Beanstalk creates a replica of an instance and routes the traffic to the duplicate instance before updating an instance. In case the update fails, it will roll back to the original instance providing a hassle-free user experience.

Q292. Explain Amazon EBS-Optimized instances.

Amazon EBS-Optimized Instances utilises an optimized stack configuration and has additional capacity for Amazon EBS that can be selected by paying hourly charges based on usage.

Q293. Explain Stateful and Stateless firewall.

Any security group that regulates traffic among instances and various AWS resources is a Stateful firewall.

A Stateless firewall is an Access Control List on a network at the subnet level and can allow or deny traffic based on rules.

Q294. Explain the difference between the Service Role and SAML Federated Role.

Service Role is used to specify a task in AWS services on the basis of various policies attached to it. Federated Roles are useful for providing access to AWS based on the designed Role.

Q295. How a Root AWS user differs from an IAM User.

Root AWS User is granted complete access to AWS services without any policy attached whereas an IAM User can access based on the policies attached to it.

Q296. What is SES?

Simple Email Service(SES) is a service provided by Amazon to send bulk Email to customers instantly reducing the cost of the service.

Q297. What is IaaS?

IaaS refers to the cloud service that helps in running various services in the cloud platform on a pay-as-you-go basis.

Q298. What is PaaS?

PaaS helps to run various cloud platforms predominantly to develop, test and monitor the functioning of the software.

Q299. Explain Amazon CloudSearch.

Amazon CloudSearch helps to incorporate various seek and fetch abilities on numerous applications. They support AWS ENgineers by reducing the time taken to perform changes or updates on various applications.

Q300. Differentiate Basic and Detailed monitoring in AWS Cloud watch.

Basic Monitoring interacts with Amazon Cloud watch at an interval of 5 minutes on a set of predetermined metrics at no cost.

Detailed Monitoring interacts with Amazon Cloud watch round the clock and permits aggregation of data as a charged service.

Final Words

It is important to prepare yourself with the latest AWS Interview Questions while going for an AWS interview to crack it. Besides, having an AWS certification also increases your chance of getting selected in the interview. So, start preparing for the AWS Certifications to add a credential in your resume and get a better job.

It is really important to be up to date. We keep updating AWS Interview Questions if any new questions are being asked. Hope, we’ve covered most of the frequently asked AWS Interview Questions.

Good Luck with AWS Learning 🙂

Good Luck!!

Related Posts:

For more AWS related posts, click here.

Amazon Web Service – AWS Tutorial

What is Amazon EC2? – Amazon Elastic Compute Cloud

What is Elastic Load Balancer (ELB) in AWS?

What is Auto Scaling in AWS ?

AWS EC2 Cheat Sheet

Happy Learning