Master AWS interviews with 50+ questions on compute, storage, networking, and cloud architecture.
10 Questions
~30 min read
EC2: virtual servers, full control, you manage OS/scaling. ECS: container orchestration, AWS-managed, works with EC2 or Fargate. EKS: managed Kubernetes, for K8s workloads. Lambda: serverless functions, pay per invocation, auto-scaling, 15-min max timeout. Choose: Lambda for event-driven, ECS/EKS for containers, EC2 for full control or special requirements.
Standard: frequently accessed, high availability. Intelligent-Tiering: auto-moves between tiers. Standard-IA: infrequent access, lower cost, retrieval fee. One Zone-IA: single AZ, cheaper. Glacier Instant: archive, milliseconds retrieval. Glacier Flexible: 1-5 min to 12 hours. Glacier Deep Archive: 12-48 hours, lowest cost. Use lifecycle policies for automatic transitions.
VPC: isolated virtual network. Components: subnets (public/private), route tables, internet gateway (public access), NAT gateway (private subnet outbound), security groups (stateful firewall), NACLs (stateless, subnet level). Design: public subnets for ALB, private for apps/databases. Use VPC peering or Transit Gateway for multi-VPC.
IAM manages access: Users (people), Groups (collection of users), Roles (temporary credentials for services), Policies (JSON permissions). Least privilege: grant minimum required permissions. Best practices: use roles for services, enable MFA, use groups not direct user permissions, regular access reviews, use policy conditions for restrictions.
At rest: S3 encryption (SSE-S3, SSE-KMS, SSE-C), EBS encryption, RDS encryption, KMS for key management. In transit: TLS/SSL, HTTPS endpoints, VPN for hybrid, ACM for certificates. Best practices: encrypt by default, use KMS customer-managed keys for control, rotate keys, use VPC endpoints to keep traffic private, enable access logging.
RDS: managed relational databases (MySQL, PostgreSQL, etc.), SQL queries, ACID transactions, vertical scaling, Multi-AZ for HA. DynamoDB: NoSQL key-value/document, single-digit millisecond latency, horizontal scaling, provisioned or on-demand capacity. Use RDS for complex queries/relations; DynamoDB for high-scale, simple access patterns.
Strategies: (1) Multi-AZ deployments (RDS, ElastiCache), (2) Auto Scaling groups across AZs, (3) Load balancers (ALB/NLB), (4) Multi-region with Route 53 failover, (5) S3 cross-region replication, (6) RDS read replicas. Design: stateless applications, externalize sessions (ElastiCache), health checks, graceful degradation, chaos engineering.
Six pillars: (1) Operational Excellence - operations as code, small changes, anticipate failure, (2) Security - strong identity, traceability, protect data, (3) Reliability - auto-recover, scale horizontally, test recovery, (4) Performance Efficiency - right resource types, monitor, experiment, (5) Cost Optimization - pay for what you use, measure efficiency, (6) Sustainability - minimize environmental impact.
Cold start: initialization when new execution environment created (no warm container). Causes: first invocation, scaling up, code/config changes. Minimize: (1) Provisioned concurrency (keeps containers warm), (2) Smaller deployment packages, (3) Use lighter runtimes (Python vs Java), (4) Lazy initialization, (5) Keep functions warm with scheduled pings. Cold starts: 100ms-few seconds.
CloudFormation: AWS-native IaC, YAML/JSON templates, free (pay for resources), deep AWS integration, drift detection. Terraform: multi-cloud, HCL language, state management, larger community, provider ecosystem. Choose CloudFormation for AWS-only; Terraform for multi-cloud or existing Terraform expertise. Both support modules, outputs, dependencies.