Last Updated: 16.04.2018
If you're looking for AWS Interview Questions for Experienced or Freshers, you are at right place. There are lot of opportunities from many reputed companies in the world. According to research AWS has a market share of about 41.43%. So, You still have opportunity to move ahead in your career in AWS Development. Mindmajix offers Advanced AWS Interview Questions 2018 that helps you in cracking your interview & acquire dream career as AWS Developer.
|Amazon AWS vs Microsoft Azure|
|Security||AWS Shield||DDos Protection Service|
|DB migration||DB Migration available as preview service||Azure also provides DB Migration|
|NoSQL||Dynamo Data Base||Azure Cosmos Data Base|
|Content delivery network||CloudFront||Azure Content Delivery NW|
|Container instances||EC2 Container Service (ECS)||Azure Container Service|
|Programmatic access||Command Line Interface||Azure Command Line Interface (CLI)|
|Batch computing||AWS Batch||Azure Batch|
|Read More @ AWS Vs Azure|
Q: What do you mean by classic link?
The Amazon virtual private cloud classic link will permit EC2 instances in the EC2 classic platform. This occurs so that it can communicate with the instances that are present in the virtual private cloud. The communication occurs with the help of private IP addresses. In order to use a classic link it is important that you enable it to for virtual private cloud in your account. Then you will need to associate a security group with an instance in the EC2 classic. This security group is from the VPC for which you enabled the classic link in your account. Each and every rule that is there for the VPC security group is applicable for the communications between the instances in EC2 classic and those instances in the VPC.
Q: What is the process to use classic link?
For the purpose of using classic link, you will need to enable minimum one virtual private cloud on your account for classic link. After doing this, you can associate a security group from that VPC to the EC2 classic instance that you would prefer. This will make sure that your EC2 classic instance is linked to VPC. It will become a member of the chosen security group in the VPC. It should be remembered that you cannot connect your EC2 classic instance to more than one virtual private cloud at the same time.
Q: Is it possible for an EC2 classic instance to become a member of a virtual private cloud?
No, it is not possible for an EC2 classic instance to be a member of a VPC though it can become a member of the security group of virtual private cloud. The security group should be associated with the EC2 classic instance.
Q: Is it possible for classic link settings on EC2 classic interface to persist through start or stop cycles?
It is not possible for a classic link connection to persist through the start or stop cycles of the EC2 classic interface. After the EC2 classic interface is stopped it will need to be linked back to a virtual private cloud. But the classic link will persist through the instance reboot cycles.
Q: Is it possible to have more than two network interfaces to be attached to EC2 instance?
The number of network interfaces that are to be attached with an EC2 instance will depend on the type of the instance.
Q: Can a network interface in one availability zone be attached with an instance in another availability zone?
The instances that are present in the same availability zone can be attached with network interfaces.
Q: Can a network interface in one VPC be attached to an instance that is present in another VPC?
It is possible for the network interfaces to be attached to instances that are in the same virtual private cloud as that of the interface.
Q: Is it possible to use elastic network interfaces in a way so that it can host multiple websites which are required to separate IP addresses on a single instance?
Yes it is a possible scenario but not the best suited use case in case of multiple interfaces. Apart from doing this it is much more logical to assign an additional private IP address to the instance and to associate the EIPs to the private IPs as per requirement.
Q: Can a primary interface be detached on EC2 instance?
It is possible. You can only attach and detach secondary interfaces on an instance of EC2 but you would not be able to detach eth0 interface.
Q: In order to access VPCs that you are peered with, can you make use of AWS direct connect or hardware VPN connections?
This is not a possible concept. Amazon VPC does not support edge to edge routing.
Q: Is it possible to peer two VPCs with matching IP address ranges?
No, it is not possible to peer two VPCs with matching IP address ranges since peered VPCs should posses IP ranges that are non-overlapping.
Q: In order to use peering connections, is it necessary to have an Internet gateway?
No, you do not need an Internet gateway in order to virtual private cloud peering connections.
Q: The VPC peering traffic that is present with the region, is it encrypted?
No, the VPC peering traffic within the region is not encrypted. The traffic between instances that is present in peered VPCs does remain isolated and private. This is similar to the fact the traffic between two instances in the same VPC are also isolated and private.
Q: In case of peering connections, is there any limitation on bandwidth?
There is no difference in bandwidth between instances in peered VPCs and also between instances in the VPC. Peered VPCs can be spanned by a placement group. But you will not be provided with full bisects on bandwidth that is present between instances in peered VPCs.
Q: Is it possible to modify the route tables of virtual private cloud? If possible then how?
Yes, it is possible go modify the route table of VPC. In order to specify which subnets are to be routed to VPC, Internet gateway or any other instances you are allowed to create route rules.
Q: Is it possible to specify the subnet that will be used by a gateway as its default?
Yes, it possible to specify which subnet will be used by which gateway as its default. You are entitled to make a default route for each and every subnet. Via the VPC, Internet gateway or the NAT gateway, the default route will be able to direct traffic to egress the virtual private cloud.
Q: In order to control and mane Amazon VPC, is it possible to make use of AWS management console?
It is possible to use AWS management console to manage and control Amazon VPC objects that include subnets, virtual private cloud, IPsec VPN connections, and Internet gateways. Also you can make use of a simple wizard in order to create a virtual private cloud.
Q: What are the VPCs, elastic IP addresses, subnets, Internet gateways, virtual private gateways, customer gateways and VPN connections can be created?
1. There are five Amazon VPCs per AWS account per region.
2. For per Amazon VPC there are two hundred subnets
3. For per AWS account per region there are five Amazon VPC elastic IP addresses.
4. For per AWS per region there are five virtual private gateways.
5. For each VPC there is one Internet gateway.
6. There are fifty customer gateways for every AWS account per region.
7. For every virtual private gateway, there are ten IPsec VPN connections.
Q: Is there a service level Agreement (SLA) for the Amazon VPC VPN connection?
No there is no service level agreement for Amazon VPC VPN connection.
Q: Mention the work of an Amazon VPC router.
Enabling of Amazon EC2 instances that is within the subnet so that it can communicate with Amazon EC2 instances on other subnets that are in the same VPC is done by an Amazon VPC router. It also helps in enabling Internet gateways, subnets, and virtual private gateways so that it can communicate with each other. You will not get between usage data from the router. But you are entitled to obtain network usage statistics from the instances which are using Amazon cloud watch.
Q: Is the property of multicast or broadcast supported by Amazon VPC?
No, Amazon VPC do not support multicast or broadcast.
Q: Mention the process in which a VPC access the Internet.
In order to give instances in the VPC the power to both direct communicate outbound to the Internet and also to get the unsolicited inbound traffic from the Internet, you can make use of public IP addresses which include elastic IP addresses.
Q: Mention the process in which instances without public IP addresses access the Internet.
There are two ways in which instances without public addresses can make use of the Internet.
Those instances that are without public IP addresses can route their traffic through a NAT instance or a NAT gateway so that it can access the Internet. In order to traverse the Internet, these instances make use of public IP address of the NAT gateway or the NAT instance. Outbound communication is allowed by the NAT instance or NAT gateway but it do not permit machines on the Internet to start a connection with the addressed instances privately.
For those VPCs that are provided by a hardware VPN connection or direct connect connection, the instances can route the Internet traffic through the virtual private gateway to the existing data centre. It can then access the Internet through the existing egress points and also new tweak security or monitoring devices.
Q: Mention the process in which a hardware VPN connection turns work with Amazon VPC.
The virtual private cloud is connected to the data centre with the help of a hardware VPN connection. Internet protocol security VPN connections are supported by Amazon. In order to intern the integrity and confidentiality of a data which is in transit, this data is transferred between the VPN and the data centres are routed over an encrypted VPN connection. To establish a hardware VPN connection you do not need an Internet gateway.
Q: How can one connect a VPC to corporate data centre?
In order to establish a hardware VPN connection among an existing network and Amazon, VPC will permit you to interact with Amazon EC2 instances that are present within a VPC as if they were already present within the existing network. Network address translation is not performed by AWS on Amazon EC2 instances that are present within a VPN connection that is VPC accessed through hardware.
Q: Name the customer gateway devices that are used to connect to Amazon VPC
Statically routed VPN connections and dynamically routed VPN connections are the two types of VPN connections. The customer gateway devices that supports statically routed VPN connections must be able to do:-
1. Using pre-shared keys, establish IKE security association.
2. In tunnel mode, establish IPsec security associations.
3. Utilization of AES 128 bit or 256 bit encryption function
4. Prior to encryption, perform packet fragmentation.
5. Utilization of SHA 1 or SHA 2 having function
The custom gateway devices that supports dynamically routed VPN connections must be able to:-
1. Establishing border gateway protocol peering
2. Utilization of IPsec dead peer detection
3. Binding of tunnels to logical interfaces which have VPN route based
Q: Mention the VPCs for which the classic link cannot be enabled.
A VPC which has a classless inter domain routing is one type of VPCs for which you cannot enable classic link. Another one is the VPC which has a route table entry that points to 10.0.0.0/8 CIDR space.
Also Read: Pricing Concepts In AWS
Q: Is it possible for traffic from an EC2 classic instance to travel through the Amazon VPC and then egress through the internet gateway, virtual private gateway or to peer VPCs?
It is only possible to route the traffic from an EC2 classic instance to the private IP addresses that is within the VPC. They cannot be routed to any other destination which is outside the VPC.
Q: Is the access control between the EC2 classic instance and other instances which are present in the EC2 classic platform be affected by classic link?
The access control that is defined for an EC2 classic instance through its existing security groups from the EC2 classic platform cannot be changed with classic link.
Q: Name the tools that are available to help troubleshoot the hardware VPN configuration.
The status of the VPN connection is displayed by the Describe VPN connection API. It also includes the Up or down state of each and every VPN tunnel and it shows corresponding error messages if either one of the tunnel is down.
Amazon EC2 Interview Questions
Q. What is Amazon Machine Image (AMI)?
A Machine Image on Amazon (AMI) contains a software configuration information like OS information, app server, and app information. We can even launch multiple instances of an AMI.
Q. What is Amazon Machine Image and what is the relation between Instance and AMI?
Amazon Web Services provides several ways to access Amazon EC2, like web-based interface, AWS Command Line Interface (CLI) and Amazon Tools for Windows Powershell. First, you need to sign up for an AWS account and you can access Amazon EC2.
Amazon EC2 provides a Query API. These requests are HTTP or HTTPS requests that use the HTTP verbs GET or POST and a Query parameter named Action.
References: Amazon Docs
|AWS Certified SysOps Administrator||AWS Certified Solutions Architect / Professional|
|AWS Certified Developer||AWS Lambda 2016|
|AWS Technical Essentials||AWS Database Migration Service|
|AWS Certified DevOps Engineer||and many more...|
Get Updates on Tech posts, Interview & Certification questions and training schedules