Top 20 Amazon AWS Interview Questions - Most Asked

AWS certifications are among the 15 most acclaimed certifications that IT professionals around the world pursue. AWS certifications pave the way for the highest-paying and most popular IT and cloud-related jobs across the global industry. They also offer professionals the opportunity to level up their skills as more and more enterprises transfer their data and services to the cloud. 

Amazon Web Services serves multiple functions. AWS can help create Virtual Machines that can be equipped with storage, processing power, analytics, networking and device management. It provides a payment model that lets you pay as you go, meaning your monthly usage is all you pay for rather than fixed upfront costs that can be quite substantial. 

When you’re looking to get an AWS job, you will have to face personal interviews as well. Let’s take a look at the top 20 AWS interview questions that you should prepare for before the day comes.

Q1. What are the main cloud service categories? Explain each of the AWS products built based on them.

There are various types of cloud services, which can be categorised as the following:

  • Networking
  • Computing 
  • Storage

Every service category has various products of AWS built based on their capabilities. Some of the most popular ones are:

  • Networking: EC2, Lightsat, Elastic Beanstalk, Auto-scaling, Lambda
  • Computing:  Route 53, VPC, Amazon CloudFront
  • Storage: S3, Elastic File System, Glacier and Elastic Book Storage

Q2: Explain Geo-targeting in CloudFront.

In everyday life, you must have noticed that when you shift to a different geographical location, the content and ads you see on social media or other digital platforms change with you. This is done through the power of geotargeting. This feature allows businesses to bring up personalised content for audiences without the need for a different URL. It makes for specific content for more segmented audiences in key geographical locations and shows messaging that addresses their pain points. 

Q3. Which tools and techniques would you use in AWS to check if you’re paying too much and take corrective action?

Many tools and techniques are available in AWS to ensure you pay no more than the required amount for products and services you use.

  • Top Services Table: This dashboard in the console for cost management shows enterprises their top five most used services as well as the total amount spent on them.
  • Cost Explorer: This service helps an enterprise in analysing and viewing costs of usage through the last thirteen months. It also provides an expenditure forecast for the future up to 3 months in advance. 
  • AWS Budgets: This feature helps businesses in budgeting services. It allows them to keep tabs on whether they are functioning within their budget and current expense plan. It also provides details about their usage of services.
  • Cost Allocation Tags: This helps enterprises in identifying resources that have cost you extra in any particular month. Enterprises can organise resources and also track their costs with the help of Cost Allocation Tags. 

Q4. Besides the console, which alternative tool can be used to log into a cloud environment?

There are many tools you can use. These are:

  • AWS CLI (Linux)
  • AWS CLI (Windows)
  • Putty
  • Eclipse

Q5. Which service helps to create a solution for centralised logging?

Enterprises can use CloudWatch Logs for creating centralised logging solutions. Amazon S3 is used for storing these solutions and Amazon ElasticSearch helps with visualisation. Kinesis Firehose is also used to move data to ElasticSearch from S3.

Q6. Define a DDoS attack. Name the services that can help in minimising them.

DDoS refers to a category of a cyberattack through which perpetrators can get access to a website and then create several sessions to stop other legitimate site visitors from accessing the platform. Enterprises can use multiple native AWS tools for preventing DDoS attacks, such as:

  • AWS Shield
  • Route53
  • CloudFront
  • ELB
  • VPC

Q7. When you are trying to provide services within a specific region, sometimes you are unable to view the service in that region. Why does this happen and how can you prevent it?

Every AWS solution is not provided in every area. Whenever a new Amazon service is launched by the platform, it is not launched or published across all regions. Rather, Amazon starts with a few key markets and eventually spreads the offering across regions. If you can’t view a service in a region, chances are this service is not yet available in your current location. One method of getting this service is when you switch to an area in the vicinity that offers the service. 

You May Also Like: Top Azure Interview Questions to Prepare For

Q8. How can systems be set up to monitor real-time AWS metrics?

Amazon CloudWatch is used by businesses for monitoring the statuses of multiple AWS events and solutions. CloudWatch monitors the following:

  • AWS API calls
  • Console sign-in events
  • Scheduled events
  • Changes in the state of EC2
  • Auto-scaling lifecycle-related events

Q9. Name and point out the differences between AWS virtualisation types.

AWS virtualisation has three categories.

  • HVM or Hardware Virtual Machine: This is completely virtualized hardware, meaning every virtual machine functions separately from one another. HVMs boot when a master boot record is executed within the root block device of an image. 

  • PV or Paravirtualization: PV AMIs are booted using a bootloader called Paravirtualization-GRUB, which works by loading kernels specifically mentioned on the menu.

  • PV on HVM: This category of virtualisation enables an operating system to take advantage of storage and storage I/O available through the host. 

Q10. Are there any services not region-specific within AWS?

  • Route 53
  • Web Application Firewall
  • CloudFront
  • IAM

Q11. What are the EC2 instance types when categorised by cost?

These instances can be categorised into three types:

  1. On-demand instances: These instances are cost-effective in the short run, but incur higher costs in the long run.
  2. Spot instances: These instances are purchased through bidding. A spot instance is cost-effective in the long term.
  3. Reserved instances: These instances are the right choice for businesses that want to use instances for over a year.

Q12. How would you set up an SSH agent forwarding without having to copy your security key every time you log in?

This can be achieved in three steps.

  1. Head over to PuTTY Configuration on the system.
  2. Go to SSH, then Auth
  3. From this menu, enable SSH Agent Forwarding

Q13. Explain Solaris and AIX. Can you find them on AWS?

Both Solaris and AIX are types of operating systems. However, their current versions have limitations due to which they are not available to use with AWS. 

AIX runs on Power CPU only instead of Intel. Therefore, it can’t be used with EC2. 

Meanwhile, Solaris uses a SPARC processor’s architecture that public cloud platforms don’t support currently. 

Also Read: Sap PM Interview Questions With Answers

Q14. How will you configure CloudWatch to recover an EC2 instance?

  • Use CloudWatch to create one Alarm.
  • Go to ‘Define Alarm’, and from there, choose ‘Actions’.
  • Click ‘Recover This Instance’.

Q15. In a situation where the key is lost, how will you log in to recover an EC2 instance?

You can follow a series of steps to recover an instance.

  • Check to see if EC2Config is running.
  • Detach the root volume of the instance.
  • Create a temporary instance and attach the volume to it.
  • Modify the configuration folder.
  • Restart the EC2 instance you wanted to recover.

Q16. As a user, how can you get permission to access a particular bucket?

Access can be granted using 4 steps.

  1. Categorise each existing instance. 
  2. Define how all authorised users can manage specific servers.
  3. Any tag needs to be locked down.
  4. Attach every policy to the IAM users.

Q17. If VPC cannot resolve a server using DNS, what might the problem be? How can you fix this problem?

By enabling DNS hostname resolution, this problem sorts itself out. 

Q18. Define and explain a few VPC security products and features. 

Several security products are available in VPC. Some of the most popular ones are as follows:

  • Security groups: This functions as a firewall for all EC2 instances. Security groups control all inbound and outbound traffic at the lowest (instance) level.
  • Network access control lists: Access control lists cover subnets like firewalls and control all traffic at a higher (subnet) level than security groups.
  • Flow logs: Flow logs capture inbound/ outbound traffic from the network interface of the VPC.

Q19. How can you monitor Amazon VPC?

You can use either of the functionalities mentioned below for this purpose.

  • VPC Flow Logs
  • CloudWatch and its logs

Q20. How can you add a present instance to a new Auto Scaling group?

  1. Open your EC2 console. Select the instance you wish to add from the menu of instances.
  2. Go to ‘Actions’, then ‘Instance Settings’ and then to ‘Attach to Auto Scaling Group’.
  3. Select the new group and attach it to your existing instance.
  4. If needed, edit the instance first.
  5. After this is done, the instance is ready for you to add to new Auto Scaling groups.

AWS Interview questions cover many more important questions, but these you should definitely prepare for. For the rest of the information, domains and topics, enroll in an AWS certification training course today.

 Enquire Now 

Armin Vans
Archer Charles has top education industry knowledge with 4 years of experience. Being a passionate blogger also does blogging on the technology niche.



Please enter your comment!
Please enter your name here
You have entered an incorrect email address!
Please enter your email address here


Submitted Successfully...