Q. What are the type of EC2 instances are there?
A. General Purpose Instances, Compute Optimized Instances, Memory Optimized
Instances, Accelerated Computing Instances, Storage Optimized Instances,
Dedicated Host Instances
Q. What are the differences between AWS CodeBuild and AWS CodeDeploy?
A. AWS CodeBuild is a build service, used to compile source code, run tests, and
produce artifacts. AWS CodeDeploy, on the other hand, automates the deployment
of applications to various compute services, including EC2 instances and Lambda functions.
Q. What is AWS CodePipeline, and how does it fit into a CI/CD pipeline?
A. AWS CodePipeline is a fully managed continuous delivery service. It automates the build, test,
and deployment phases of your release process. It can integrate with other AWS services and
custom tools to create a complete CI/CD pipeline.
Q. What is AWS Elastic Beanstalk, and how does it simplify the deployment process?
A. AWS Elastic Beanstalk is a Platform as a Service (PaaS) that simplifies application deployment.
It abstracts infrastructure management, making it easier for developers to focus on code.
You only need to upload your code, and Elastic Beanstalk handles provisioning, scaling, and
Q. What is AWS CloudFormation Change Sets, and how do they enhance infrastructure management?
A. CloudFormation Change Sets allow you to preview the changes to AWS resources before applying them. In a DevOps environment, this is beneficial for reviewing and validating changes to infrastructure, reducing the risk of unintended modifications.
Q. Explain the principles of immutable infrastructure and its relationship with DevOps in AWS.
A. Immutable infrastructure means that servers are never modified after they’re provisioned; instead, new servers are created to replace the old ones. AWS services, such as AWS CloudFormation and AWS AMIs (Amazon Machine Images), support this approach, making deployments more reliable and reproducible.
Q. How to setup agent ssh forwarding so that we do not have to copy the command every time when you login?
A. We can do using Putty. From Putty: – SSH-> auth option, we can enable agent forwarding option. And we will not be always adding ssh keys to login.
Q. How do you configure CloudWatch to recover ec2 instance?
A. We can create from ec2 console by selecting actions and then Monitor and troubleshoot
the CloudWatch monitoring.
from CloudWatch also we can setup alarm to recover the Instance.
Q. Difference between CloudWatch and CloudTrail?
A. CloudWatch is performance level monitoring service and CloudTrail is account level monitoring service.
RAM and CPU Utilisation will be captured in CloudWatch and for S3 of the account if something happens then it will be monitored in CloudTrail.
Q. How to connect two vpc of different accounts?
A. with the help of transit gateway on both the accounts separately with creating routing tables.
Q. Can we connect two different account’s IAM roles together?
A. Here’s a general outline of how you can set up cross-account access using IAM roles:
In the first AWS account (the one that owns the resource), create an IAM role and define the trusted entity as the AWS account ID of the second account. Specify the permissions that you want to grant to the second account.
In the second AWS account (the one that needs access to the resource), create an IAM user or another IAM role and attach a policy that allows it to assume the role in the first account. Configure this trust relationship in the IAM policy.
When the IAM user or role in the second account assumes the role from the first account, it will temporarily have the permissions defined in the first account’s IAM role.
Keep in mind that this process involves trust relationships and permissions configuration, and it’s important to follow AWS best practices for security and access control when implementing cross-account access.
Q. What is password-less connection in aws?
A. Password-less authentication is a means to verify a user’s identity, without using a password. Instead, password-less uses more secure alternatives like possession factors (one-time passwords [OTP], registered smartphones), or biometrics (fingerprint, retina scans). Passwords haven’t been safe for a long time.
Q. what are the factors to consider while migrating to AWS?
A. Migration Architecture, Business Criteria meet, Data Security, Cost Optimisation, bandwidth availability and consistency.
Q. Is it possible to connect to ec2 instance if I forget the PEM file?
A. a. If you have another user with sudo (administrator) privileges on the instance and have SSH access to that user, you can try to log in with that user and recover or reset the forgotten PEM file.
b. If you’ve previously configured AWS Systems Manager Session Manager for the instance, you may be able to connect to the instance without needing the PEM file. Session Manager provides browser-based access to your instance’s shell.
c. If you have a recent Amazon Machine Image (AMI) of your instance or an EBS snapshot, you can launch a new EC2 instance from the AMI or create a new volume from the snapshot and attach it to a new instance. This effectively gives you a fresh instance with a new PEM file. However, you will lose any data or configurations on the old instance.
d. If you have regular backups or restore points for your instance, you can restore the instance to a previous state where you had access to it with the PEM file. This approach depends on your backup and recovery procedures.
e. Contact AWS Support:
Q. What are EBS Volumes types do we have?
A. General Purpose (SSD) Volumes (gp2), Provisioned IOPS (SSD) Volumes, Throughput Optimized HDD Volumes (st1), Magnetic (Standard) Volumes (standard), Elastic Volumes, Cold HDD Volumes
Q. What is max capacity of the root volume of EBS Volume?
A. 64 TiB
Q. How to setup the RDS in AWS?
A. RDS for structured database.
First, we will select the standard create or Easy create.
Then We will select the Engine type like MySQL, aurora, MariaDB, oracle etc then engine version if specific we have to select. Then select the template either for dev, free or for production, then multi az or single az then DB instance name with credentials then instance class like t2 micro or m2xlarge then instance storage, then VPC, then public access or not, by default no. Then encryption and monitoring.
Q. What do you mean by database consistency?
A. Database consistency, in simple terms, means that a database is in a reliable and predictable state where data accurately reflects the real-world information it is supposed to represent. It ensures that data in the database is valid, adheres to defined rules, and is free from errors or contradictions.
It ensures that the data is not corrupted, incomplete, or in a state that could cause confusion or errors when you use it for various purposes, such as retrieving information, making calculations, or generating reports.
Q. Difference Between NAT Instances and NAT Gateway?
A. A NAT instance provides network address translation (NAT). You can use a NAT instance to allow resources in a private subnet to communicate with destinations outside the virtual private cloud (VPC), such as the internet or an on-premises network.
A NAT gateway is a Network Address Translation (NAT) service or Virtual Network Device. You can use a NAT gateway so that instances in a private subnet can connect to services outside your VPC but external services cannot initiate a connection with those instances.
Q. Difference between stop and terminate instance
A. When you stop an EC2 instance, the instance will be shut down and the virtual machine that was provisioned for you will be permanently taken away and you will no longer be charged for instance usage.
Terminating an EC2 instance is equivalent to turning off a physical server. The instance stops running, and its resources (like RAM, CPU, and storage) are released back into the AWS cloud. It is important to note that once terminated, an instance cannot be restarted.
Q. Difference between volumes and snapshot?
A. EBS Volumes: An EBS volume is a block storage device that you can attach to an Amazon Elastic Compute Cloud (EC2) instance. EBS volumes are used as primary storage devices for EC2 instances and can be formatted with file systems, databases, and other data.
EBS Snapshots: An EBS snapshot is a point-in-time copy of an EBS volume. Snapshots are used for data backup, replication, and recovery. They capture the entire state of an EBS volume, including all data and metadata, at the moment the snapshot is created. Snapshots are typically used for data protection and disaster recovery.
EBS Volumes: Data stored on an EBS volume is retained until you delete the instance.
EBS Snapshots: Snapshots are retained independently of the source volume. You can keep snapshots as long as needed, and they can be used to create new volumes at any time.
Q. what is load balancer and round robin method?
A. Round robin load balancing is a simple way to distribute client requests across a group of servers. A client request is forwarded to each server in turn. The algorithm instructs the load balancer to go back to the top of the list and repeats again.
Q. What is a launch template?
A launch template is similar to a launch configuration, in that it specifies instance configuration information. It includes the ID of the Amazon Machine Image (AMI), the instance type, a key pair, security groups, and other parameters used to launch EC2 instances
Q. What is a launch configuration?
A launch configuration is an instance configuration template that an Auto Scaling group uses to launch EC2 instances. When you create a launch configuration, you specify information for the instances.
Q. How many types of Load Balancers are there?
A. Classic, Application, Network Load balancers and Gateway Load balancer
Application Load Balancer: – An Application Load Balancer makes routing decisions at the (7th Layer) application layer (HTTP/HTTPS), supports path-based routing, and can route requests to one or more ports on each container instance in your cluster. Application Load Balancers support dynamic host port mapping.
Network Load Balancer: – A Network Load Balancer makes routing decisions at the (4th Layer) transport layer (TCP/SSL). It can handle millions of requests per second. After the load balancer receives a connection, it selects a target from the target group for the default rule using a flow hash routing algorithm.
Gateway Load Balancers: – It’s a device or service that sits between your network and the internet, and its job is to distribute incoming internet requests (like website visits or data requests) to multiple servers or resources in a balanced way.
Imagine you have a popular website, and many people are trying to access it at the same time. Instead of overwhelming a single server, a gateway load balancer helps spread the incoming requests across multiple servers. This not only ensures that no single server gets too busy, but it also improves the website’s performance and reliability because if one server goes down, the load balancer can route traffic to other healthy servers.
Classic Load Balancer: – It provides basic load balancing across multiple Amazon EC2 instances and operates at both the request level and connection level.
Q. Difference between security group and NACL
A. NACLs operate at the subnet level and control traffic in and out of a VPC, while Security Groups operate at the instance level and control traffic to and from individual EC2 instances. Scope of application: NACLs apply to all instances in a subnet, while Security Groups apply to individual instances.
Security groups allow inbound and outbound traffic for associated resources, such as EC2 instances.
Network ACLs allow or deny inbound and outbound traffic at the subnet level.
Q. Uses of AWS Kinesis?
A. Amazon Kinesis is a suite of services provided by AWS for handling real-time data streams.
Real-time Monitoring and Alerting, IoT
E-commerce and online advertising companies use Kinesis to collect and analyse clickstream data. This helps in understanding user behaviour, personalizing user experiences, and optimizing marketing campaigns in real-time.
Game Analytics: Game developers use Kinesis to capture player interactions and telemetry data, enabling them to make real-time adjustments to gameplay, provide personalized experiences, and improve player retention.
Financial Services: Financial institutions use Kinesis to process and analyse stock market data, currency exchange rates, and other financial data in real-time. This enables faster trading decisions and risk management.
Q. Difference between RDS, DynamoDB and Redshift?
A. RDS is meant for structured data only like MySQL, Aurora, MariaDB, Oracle.
DynamoDB is meant for unstructured data that is NoSQL.
RedShift is data warehouse product used for data analysis
Q. In S3 how many buckets can be created?
A. By default 100 can be created in a region.
Q. What will happen when you will delete peering connection from your side?
A. The peering connection from other side also get terminated. There will no more traffic flow.
Q. What data services you use and how you protect it?
A. We use S3 bucket and EBS volume as primary storage of our data. For structured and unstructured data, we use RDS and DynamoDB to store our data. We use KMS keys to encrypt the data.
Q. Basic authentication method you know or you use in your project.?
A. For Authentication we use IAM user name and password. If we want, we can enable MFA.
Single sign on that is Role based authentication. For high security aws recommends this
For AWS CLI authentication we can use AWS secret key or access key.
Q. Can we recover deleted object from S3 bucket?
A. Yes if versioning has been enabled then we can do.
Q. Lifecycle policy in S3?
A. This provides as storage cost optimisation. We can define the retention rule to delete the data permanently from the system. It will help to transfer to other S3 bucket type.
Q. What is replication rule features available in s3?
A. It will replicate the data of S3 in another region.
Q. Define Amazon S3 glacier?
A. This cloud-based storage service by AWS for long term data archival and backup at low cost.
Q. Difference between S3, EBS and EFS?
A. AMAZON S3: –
Can be publicly accessible
Slower than EBS and EFS
Good for storing backups and other static data
AMAZON EBS: –
Accessible only via the given EC2 Machine
File System interface
Faster than S3 and EFS
Is meant to be EC2 drive
AMAZON EFS: –
Accessible via several EC2 machines and AWS services
Web and file system interface
Faster than S3, slower than EBS
Good for applications and shareable workloads
Q. What is subnet in AWS?
A. A subnet is a range of IP addresses in your VPC. AWS provides features that you can use to increase security for the resources in your VPC.
Q. Difference between Public and Private Subnet?
A. Public subnet has route to Internet Gateway so instance in the public subnet can access the internet and Private subnet do not have route to route to Internet gateway, so instance within Private subnet can access the internet using NAT Gateway.
Q. What is difference between Internet Gateway and NAT gateway?
A. IgW allows both inbound and outbound access to the internet whereas the NAT Gateway only allows outbound access.
IgW allows instances with public IPs to access the internet whereas NAT Gateway allows instances with private IPs to access internet. For communication using IPv4, the internet gateway also performs network address translation (NAT). For communication using IPv6, NAT is not needed because IPv6 addresses are public