AWS cloud interview questions and answers, part 3

To watch in Youtube, click this link :  AWS Cloud Interview Questions and Answers, Part 3

1. What is AWS EC2 instance ?

EC2 stands for Elastic Compute Cloud. It is an AWS compute service. It is a virtual server in the AWS cloud. Customer can run their application in this server using the AWS resources. Customer can rent it when needed and remove when not needed. And you pay for the amount of time you used it. You can increase the number of instances or decrease the number as per your need. Normally, adding and removing of the instances happens automatically with AWS auto scaling. There are various different kinds of EC2 instances depending on the customers’s need. Depending on the nature of the work loads a customer can choose CPU, memory/storage, networking and other resources for the instance.

2. What is VPC ?

VPC stands for Virtual Private Cloud. It is a cloud established by an enterprise on a public cloud environment. It is a private and secure cloud environment, it is isolated from other public access and the customer can run their code, host websites, store their data and control the resources. Inside VPC the resources are connected through private subnet. The outside world connects to the application in VPC through public subnet.

3. How many subnets can be created in a VPC ?

We can create any number of subnets in a VPC. But as the number goes up the complexity also goes up, so fewer number is recommended.
 

4. How do you upgrade or downgrade a service or system with zero(near zero) downtime?

The system should always be available. If you stop and start a new instance, that will cause downtime. So, to achieve zero downtime, lunch another instance, bigger in size, install the application and all the dependencies, test the new instance, deploy the new instance and replace the old one.


5. What are the ways or tools to access AWS resources?

AWS Management Console
AWS CLI (AWS Command Line)
AWS SDK (AWS Software Development Kit)
Putty

 

6. What is DDOS?

It is distributed denial of service. DDOS attack is a cyber attack in which the attacker controls the resources. They make the server, resources, network, and application unavailable to the intended user. Normally they send multiple requests to the web server with the intention of exceeding the web server’s capacity to handle them or they might send malicious data.

The tools to handle or minimize the DDOS attack are AWS Shield, AWS WAF(Web Application Firewall) etc.

 

7. If your service is not available in the cloud in that region, what is the solution ?

Cloud does not have all the services in all the regions. Even if you compare two regions within the US, you might find the difference in the number of services. Cloud provides the services in a region according to the demand.

So, if a particular service is not available in your region, then the solution is , you choose the nearest cloud region which has that service.

 

8. What is the authorization service in AWS ?

It is AWS identity and access management service(IAM). This is an AWS services to control, through authorization and authentication, the access to the AWS services by other persons or applications.  IAM controls their access to the AWS resources to  view, create, edit or delete the resources. It ensures that the right user has the appropriate access to the right resources.

9. What are IAM identities ?

IAM identities are created to control the access to the AWS resources by persons or applications/processes. The IAM identities are Users, Groups and Roles.

Root User: This the primary account which is created when the user creates a first AWS account using his credentials such as email and password. This user has the complete access to all the services and resources in the AWS account.

IAM user: This could be a person or an application. This has the required level of permission to the necessary resources. IAM users have long term access to the resources.

IAM groups: This is a group of users, so whatever access the group has, the members of the groups automatically have those accesses. So, if you need to give permission to a large number of users, you give permission to the group in which the users are connected.

IAM roles: It is similar to the IAM users. In this the permission is given temporarily.

10. What is AWS trusted advisor ?

It is an AWS tool which helps you provision your resources according to the AWS best practices. It gives you recommendation to improve your AWS environment, to save your cost, improve performance, availability and security.