DevOps(Day 49): INTERVIEW QUESTIONS ON AWS

Biswaraj SahooBiswaraj Sahoo
10 min read

  1. Name 5 AWS services you have used and what are the use cases?

    Some of the services that I have used in AWS are:-

    • EC2 - Elastic Compute Cloud is the service which is used to spin up servers in AWS. I have used this to spin up servers in Linux and Ubuntu to run the applications. This is the base of the project and all the components are associated on top of it.

    • IAM - Identity and Access Management is the service in AWS which is used to create users, groups and roles. This provides specific permissions to access any service in AWS for the users. I have used this to integrate AWS CLI into Console.

    • RDS - Relational Database Service is used to create different types of databases in AWS. I have used this to create a MySQL database server and integrated it with an application.

    • ECS - Elastic Container Service is used to create and containerize the application in AWS. I have used this to create a container for an nginx image.

    • Amazon CloudWatch - This service is used for monitoring different services in AWS. I have used this to set a billing alarm that is triggered in my mail regarding the usage cost of resources in AWS. I have also used this to determine the monitor EC2 and Auto-Scaling groups.

  2. What are the tools used to send logs to the cloud environment?

    • With AWS CloudTrail, you can monitor your AWS deployments in the cloud by getting a history of AWS API calls for your account, including API calls made via the AWS Management Console, the AWS SDKs, the command line tools, and higher-level AWS services. You can also identify which users and accounts called AWS APIs for services that support CloudTrail, the source IP address the calls were made from, and when the calls occurred.

    • Amazon CloudWatch provides a reliable, scalable, and flexible monitoring solution that you can start using within minutes. You no longer need to set up, manage, and scale your monitoring systems and infrastructure.

    • Amazon GuardDuty is a threat detection service that continuously monitors malicious activity and unauthorized behaviour to protect your AWS accounts and workloads. Amazon GuardDuty exposes notifications via Amazon CloudWatch so you can trigger an automated response or notify a human.

  3. What are IAM Roles? How do you create /manage them?

    IAM roles are identities you can create with specific permissions for short durations. You can assign IAM roles to entities you trust so that those entities can assume the role when needed. IAM Roles are primarily meant for internal use.

    An IAM role has no associated credentials (password or access keys). The lack of credentials is one of the main differences between a User and a Role. A role can be temporarily assumed by a user, service, or application that has been granted permission to assume the role.

    The steps to create a role is:-

    • Navigate to the IAM console in AWS and go to roles.

    • Select the EC2 option or Lambda on the page according to the rquirement.

    • Provide specific permission as needed for the roles you are creating.

    • Create the User and assign them the roles.

  4. How to upgrade or downgrade a system with zero downtime?

    • Rolling Deployment - A rolling deployment strategy slowly replaces previous versions of an application with new versions by entirely switching out the environment in which the application is running. For example, containers running new versions of an application may take the place of containers running previous versions of an application.

    • Canary Deployment - To avoid risk, a canary deployment uses a phased approach in which traffic is shifted in increments. With the aid of a router or load balancer, new application code is released to a small group of users so it can be tested. Metrics measure the success of the new iteration.

      Once the new version of the application has been accepted, it can be rolled out to the rest of the environment gradually by loading more users. If the new version of the application needs more work, it can be rolled back. Deploying the application slowly prevents the risk of delivering a new version that may negatively impact the workload.

    • Blue-Green Deployment - Blue-Green deployments eliminate downtime by running 2 identical production environments, one called Blue and the other called Green. Only one of the environments is life at any one time and handles all production traffic.

  5. What is infrastructure as code and how do you use it?

    Infrastructure as a code is the way of creating cloud services through code. There are some tools like Terraform and CloudFormation used to create resources in the cloud, like S3, EC2, RDS, VPC, etc.

    To use IAC you need to create coding scripts by defining the resource details and what are the configurations requirement the resource is going to use. Like in Terraform, it allows users to have a pre-execution check to validate whether the configurations meet the result expectations or not before updating or provisioning the infrastructure. It enables users to have their desired infrastructure across multiple cloud providers through a single and consistent CLI workflow. You can quickly provision different environments using the same configuration and manage the entire lifecycle of your desired infrastructure, thus reducing human errors and increasing automation in the infrastructure provisioning and management process.

  6. What is a load balancer? Give scenarios of each kind of balancer based on your experience.

    A load balancer is used to distribute network traffic across a pool of servers known as a server farm. It optimizes network performance, reliability and capacity, reducing latency as the demand is equally distributed among multiple servers and compute resources.

    • Application Load Balancer - This type of Load Balancer is used when decisions are to be made related to HTTP and HTTPS traffic routing. It supports path-based routing and host-based routing. This load balancer works at the Application layer of the OSI Model. The load balancer also supports dynamic host port mapping.

    • Network Load Balancer: This type of load balancer works at the transport layer(TCP/SSL) of the OSI model. It’s capable of handling millions of requests per second. It is mainly used for load-balancing TCP traffic.

    • Classic Load Balancer: It is the traditional form of load balancer which was used initially. It distributes the traffic among the instances and is not intelligent enough to support host-based routing or path-based routing. It ends up reducing efficiency and performance in certain situations. It is operated on the connection level as well as the request level. Classic Load Balancer is in between the transport layer (TCP/SSL) or the application layer (HTTP/HTTPS)

  7. What is CloudFormation and why is it used for?

    CloudFormation is an infrastructure service. It lets you create templates that describe the AWS services that you want. Then, it handles the config and provisioning of the resources described in the template. It makes it easier because you do not have to configure the resources individually. CloudFormation helps to handle the dependencies between the resources.

  8. Difference between AWS CloudFormation and AWS Elastic Beanstalk?

    AWS Elastic Beanstalk is an easy-to-use service for deploying and scaling web applications and services developed with a variety of languages. AWS CloudFormation provides a common language for you to describe and provision all the infrastructure resources in your cloud environment, think Infrastructure As Code (IAC).

    Elastic Beanstalk, you don’t need a lot of cloud experience to get started. You can focus on your application and let AWS handle the infrastructure management for you.

    CloudFormation, you’re more experienced with how AWS works and you manage your VPCs, SGs, ELBs, EC2 instances, etc through IAC. With CloudFormation, it’s focused primarily on the infrastructure and not so much on the app.

  9. What are the kinds of security attacks that can occur on the cloud? And how can we minimize them?

    • DDoS Attacks

    • Hypercall Attacks

    • Hypervisor DoS

    • Hyperjacking

    • Exploiting Live Migration

Minimizing methods:-

  • Many cloud malware incidents are a result of insufficient awareness of risk by operators and administrators. Extensive training can increase awareness of common security risks and teach correct behaviour. Therefore, employees responsible for cloud systems should participate in regular training sessions on cloud security, network security and enterprise application management.

  • Multi-factor authentication helps prevent account takeover, by requiring at least two authentication methods, one of which must be physically possessed by the user.

  • At least privilege both users and integrated systems should only have access to resources they need, and should have the exact level of permission they require for their role.

  • An effective way to contain the spread of malware in the cloud is to use network segmentation. This limits malicious software or threat actors to a small segment of the network.

  1. Can we recover the EC2 instance when we have lost the key?

    There are two ways:-

    • We can stop the instance detach the volume. Then create a new instance with a new key pair and attach the existing volume to it. Then we can finally launch the new instance and terminate the old instance.

    • Also, we can create an AMI from the existing instance and create a new instance out of that AMI. We can give a new keypair while creating the instance in the console.

  2. What is a gateway?

    A gateway is a node (router) in a computer network, a key stopping point for data on its way to or from other networks.

    In a workplace, the gateway is the computer that routes traffic from a workstation to the outside network that is serving up the Web pages. For basic Internet connections at home, the gateway is the Internet Service Provider that gives you access to the entire Internet.

  3. What is the difference between Amazon Rds, Dynamodb, and Redshift?

    Amazon RDS - Amazon Relational Database Service or Amazon RDS makes the task of setting up, scaling, and operating a relational database in the cloud. A lot of repetitive work occurs in managing a running database, which obviously becomes a bottleneck in staying ahead of your organizational growth.

    Amazon RDS ordinarily provides six database engines Amazon Aurora, Microsoft SQL Server, Oracle, MariaDB, PostgreSQL, and MySQL respectively. The users can continue to use their already existing tools. They can easily manage this without installing any kind of additional hardware or software. Amazon RDS can by default repair all the missing links of database software backups and take its own backup periodically. This is the reason it is considered to be the most cost-efficient, resizable and time-efficient.

    Dynamodb - As AWS DynamoDB usually works with bigger enterprise databases, so it may require some additional aids and administrations for effective data management. For this particular reason, AWS can essentially integrate DynamoDB with Elastic MapReduce or the EMR along with the help of AWS Hadoop service and Redshift. One can also use EMOR or Amazon Redshift to resolve the large-scale issues or queries and for more concrete queries that are based on hash as well as hash-range can be accomplished by DynamoDB. In order to avoid any extra overhead difficulty to manage the partitioned domains, one can use DynamoDB because of one very good reason- It has no size limit.

    Redshift - Redshift- popularly known as the analytics database is suitable to maintain large data volume. It can manage the implementation of big or heavy queries easily against the large datasets and can be completely managed as well. The database is a seamless collection of several computing resources or you can say nodes. These computing nodes are prearranged in a group called clusters. From here the Amazon Redshift engine runs in every cluster that may have one or more databases.

  4. Do you prefer to host a website on S3? What's the reason if your answer is either yes or no?

    Yes, if it is a static website. When deploying a new website or application, I want to know that it's always up and available to users while also requiring no attention or maintenance from me. If you want your website to work this way too, use static website hosting. Skip all the hassle of dealing with VPSs, OS updates, patches, certificate expiration, etc. If you are running a small business website or a blog, this should be a no-brainer. AWS S3 provides a super-easy way to deploy a static site that will virtually always be available, never crash, and requires no maintenance.

Thanks for reading my article. Have a nice day.

WRITTEN BY Biswaraj Sahoo --AWS Community Builder | DevOps Engineer | Docker | Linux | Jenkins | AWS | Git | Terraform | Docker | kubernetes

Empowering communities via open source and education. Connect with me over linktree: linktr.ee/biswaraj333

0
Subscribe to my newsletter

Read articles from Biswaraj Sahoo directly inside your inbox. Subscribe to the newsletter, and don't miss out.

#day49AWSCloudquestions and answersDevops

Written by

Biswaraj Sahoo
Biswaraj Sahoo

--AWS Community Builder | DevOps Engineer | Docker | Linux | Jenkins | AWS | Git | Terraform | Docker | kubernetes Empowering communities via open source and education.