Table of contents
- π Introduction:
- Name 5 aws services you have used and what's the use cases?
- What are the tools used to send logs to the cloud environment?
- What are IAM Roles? How do you create /manage them?
- How to upgrade or downgrade a system with zero downtime?
- What is infrastructure as code and how do you use it?
- What is a load balancer? Give scenarios of each kind of balancer based on your experience.
- What is CloudFormation and why is it used for?
- Difference between AWS CloudFormation and AWS Elastic Beanstalk?
- What are the kinds of security attacks that can occur on the cloud? And how can we minimize them?
- Can we recover the EC2 instance when we have lost the key?
- What is a gateway?
- What is the difference between Amazon Rds, Dynamodb, and Redshift?
- Do you prefer to host a website on S3? What's the reason if your answer is either yes or no?
- π Conclusion :
π Introduction:
In this blog, we will cover some AWS interview based questions as part of Daily Task
Name 5 aws services you have used and what's the use cases?
Here are five AWS services I have used and their use cases:
Amazon EC2 (Elastic Compute Cloud): Used to launch and manage virtual servers in the cloud. I have used EC2 for various use cases such as web hosting, data processing, and machine learning.
Amazon S3 (Simple Storage Service): Used to store and retrieve data objects in the cloud. I have used S3 for storing and serving static website files, as well as for storing and sharing data among different applications.
Amazon RDS (Relational Database Service): Used to set up, operate, and scale relational databases in the cloud. I have used RDS for various use cases such as setting up WordPress websites, running business applications, and managing customer data.
Amazon SQS (Simple Queue Service): Used to manage message queues that decouple the components of a cloud application. I have used SQS to enable asynchronous processing and messaging between different parts of a cloud application.
Amazon CloudFront: Used to deliver static and dynamic web content, including streaming video and audio, at high speeds and low latency. I have used CloudFront for various use cases such as serving static website files, distributing software updates, and streaming media content.
What are the tools used to send logs to the cloud environment?
AWS CloudTrail, you can monitor your AWS deployments in the cloud by getting a history of AWS API calls for your account, including API calls made via the AWS Management Console, the AWS SDKs, the command line tools, and higher-level AWS services. You can also identify which users and accounts called AWS APIs for services that support CloudTrail, the source IP address the calls were made from, and when the calls occurred.
Amazon CloudWatch provides a reliable, scalable, and flexible monitoring solution that you can start using within minutes. You no longer need to set up, manage, and scale your monitoring systems and infrastructure.
Amazon GuardDuty is a threat detection service that continuously monitors malicious activity and unauthorized behaviour to protect your AWS accounts and workloads. Amazon GuardDuty exposes notifications via Amazon CloudWatch so you can trigger an automated response or notify a human.
What are IAM Roles? How do you create /manage them?
IAM roles are identities you can create with specific permissions for short durations. You can assign IAM roles to entities you trust so that those entities can assume the role when needed. IAM Roles are primarily meant for internal use.
An IAM role has no associated credentials (password or access keys). The lack of credentials is one of the main differences between a User and a Role. A role can be temporarily assumed by a user, service, or application that has been granted permission to assume the role.
The steps to create a role is:-
Navigate to the IAM console in AWS and go to roles.
Select the EC2 option or Lambda on the page according to the rquirement.
Provide specific permission as needed for the roles you are creating.
Create the User and assign them the roles.
How to upgrade or downgrade a system with zero downtime?
To upgrade or downgrade a system with zero downtime, you can use techniques such as blue-green deployment, rolling deployment, or canary deployment.
Rolling Deployment - A rolling deployment strategy slowly replaces previous versions of an application with new versions by entirely switching out the environment in which the application is running. For example, containers running new versions of an application may take the place of containers running previous versions of an application.
Canary Deployment - To avoid risk, a canary deployment uses a phased approach in which traffic is shifted in increments. With the aid of a router or load balancer, new application code is released to a small group of users so it can be tested. Metrics measure the success of the new iteration.
Once the new version of the application has been accepted, it can be rolled out to the rest of the environment gradually by loading more users. If the new version of the application needs more work, it can be rolled back. Deploying the application slowly prevents the risk of delivering a new version that may negatively impact the workload.
Blue-Green Deployment - Blue-Green deployments eliminate downtime by running 2 identical production environments, one called Blue and the other called Green. Only one of the environments is life at any one time and handles all production traffic.
What is infrastructure as code and how do you use it?
Infrastructure as a code is the way of creating cloud services through code. There are some tools like Terraform and CloudFormation used to create resources in the cloud, like S3, EC2, RDS, VPC, etc.
To use IAC you need to create coding scripts by defining the resource details and what are the configurations requirement the resource is going to use. Like in Terraform, it allows users to have a pre-execution check to validate whether the configurations meet the result expectations or not before updating or provisioning the infrastructure. It enables users to have their desired infrastructure across multiple cloud providers through a single and consistent CLI workflow. You can quickly provision different environments using the same configuration and manage the entire lifecycle of your desired infrastructure, thus reducing human errors and increasing automation in the infrastructure provisioning and management process.
What is a load balancer? Give scenarios of each kind of balancer based on your experience.
A load balancer is a device or software that distributes incoming network traffic across multiple servers to improve the performance, availability, and scalability of applications or services. It can help to distribute the workload among servers and prevent overloading.
Types of load balancers:
Application Load Balancer - This type of Load Balancer is used when decisions are to be made related to HTTP and HTTPS traffic routing. It supports path-based routing and host-based routing. This load balancer works at the Application layer of the OSI Model. The load balancer also supports dynamic host port mapping.
Network Load Balancer: This type of load balancer works at the transport layer(TCP/SSL) of the OSI model. Itβs capable of handling millions of requests per second. It is mainly used for load-balancing TCP traffic.
Classic Load Balancer: It is the traditional form of load balancer which was used initially. It distributes the traffic among the instances and is not intelligent enough to support host-based routing or path-based routing. It ends up reducing efficiency and performance in certain situations. It is operated on the connection level as well as the request level. Classic Load Balancer is in between the transport layer (TCP/SSL) or the application layer (HTTP/HTTPS)
What is CloudFormation and why is it used for?
AWS CloudFormation is a service that allows you to model and provision AWS resources in a declarative way using templates. It is used to automate the deployment and management of infrastructure as code in AWS, making it easier to create, update, and delete stacks of resources with minimal effort. By using CloudFormation, you can create and configure resources in a consistent and repeatable way, reducing the time and effort required to manage your infrastructure.
Difference between AWS CloudFormation and AWS Elastic Beanstalk?
AWS Elastic Beanstalk is an easy-to-use service for deploying and scaling web applications and services developed with a variety of languages. AWS CloudFormation provides a common language for you to describe and provision all the infrastructure resources in your cloud environment, think Infrastructure As Code (IAC).
Elastic Beanstalk, you donβt need a lot of cloud experience to get started. You can focus on your application and let AWS handle the infrastructure management for you.
CloudFormation, youβre more experienced with how AWS works and you manage your VPCs, SGs, ELBs, EC2 instances, etc through IAC. With CloudFormation, itβs focused primarily on the infrastructure and not so much on the app.
What are the kinds of security attacks that can occur on the cloud? And how can we minimize them?
Several kinds of security attacks can occur on the cloud, including
DDoS Attacks
Hypercall Attacks
Hypervisor DoS
Hyperjacking
Exploiting Live Migration
Minimizing methods:-
Many cloud malware incidents are a result of insufficient awareness of risk by operators and administrators. Extensive training can increase awareness of common security risks and teach correct behaviour. Therefore, employees responsible for cloud systems should participate in regular training sessions on cloud security, network security and enterprise application management.
Multi-factor authentication helps prevent account takeover, by requiring at least two authentication methods, one of which must be physically possessed by the user.
At least privilege both users and integrated systems should only have access to resources they need, and should have the exact level of permission they require for their role.
An effective way to contain the spread of malware in the cloud is to use network segmentation. This limits malicious software or threat actors to a small segment of the network.
Can we recover the EC2 instance when we have lost the key?
We can recover an EC2 instance when we have lost the key pair by creating a new key pair, stopping the instance, detaching the root volume, launching a new instance with the new key pair, attaching the root volume to the new instance, starting the new instance, and updating security groups and IP addresses as needed.
There is another way to recover an ec2 instance, if we have lost the key pair, we can create an AMI of the existing instance, and then launch a new instance. We can then select a new key pair by following the instance launch wizard.
What is a gateway?
A gateway is a network component that serves as a bridge or a transition point between different networks. It is used to facilitate communication and data transfer between networks that may have different communication protocols and addressing schemes. Gateways can be used to connect different cloud environments together.
What is the difference between Amazon Rds, Dynamodb, and Redshift?
Amazon RDS, DynamoDB, and Redshift are three different database services offered by Amazon Web Services (AWS) with different use cases and functionalities.
Amazon RDS (Relational Database Service): is a fully managed relational database service that makes it easy to set up, operate, and scale a relational database in the cloud. It supports popular database engines like MySQL, PostgreSQL, Oracle, and SQL Server. With RDS, you don't have to worry about managing the underlying infrastructure, including patching, backups, and replication. Instead, you can focus on building and optimizing your applications.
Amazon DynamoDB: on the other hand, is a fully managed NoSQL database service that provides fast and predictable performance with seamless scalability. It is designed to handle large amounts of unstructured data, such as documents, images, and social media content. DynamoDB is a serverless database, which means that you don't have to manage any servers or infrastructure.
Amazon Redshift: is a fully managed data warehouse service that makes it easy to analyze large amounts of data using SQL and business intelligence tools. It is designed for online analytical processing (OLAP) and supports big data analytics. Redshift is optimized for querying and analyzing large datasets and is based on a columnar storage format. It provides fast query performance and allows you to scale your cluster up or down depending on your needs.
Do you prefer to host a website on S3? What's the reason if your answer is either yes or no?
Yes, if it is a static website. When deploying a new website or application, I want to know that it's always up and available to users while also requiring no attention or maintenance from me. If you want your website to work this way too, use static website hosting. Skip all the hassle of dealing with VPSs, OS updates, patches, certificate expiration, etc. If you are running a small business website or a blog, this should be a no-brainer. AWS S3 provides a super-easy way to deploy a static site that will virtually always be available, never crash, and requires no maintenance.
π Conclusion :
In this blog, we have covered some of interview based questions as part of Daily Task, in the next blog we will cover AWS Topics.
Thank you for reading!
Contact me on Linkedin
Check out my GitHub for more resources π