AWS Interview Questions and Answers

AWS (Amazon Web Services) is a comprehensive cloud computing platform offered by Amazon, featuring more than 200 fully featured services across data centers worldwide. 

The primary services are EC2 (Compute) for compute power, S3 (Storage) for storage, RDS (Database Service) for databases, Lambda (Serverless Application) for serverless applications, and IAM (Identity and Access Management) for identity and access management.

Asked by: TCS, Infosys, Wipro

EC2 is a virtual server that you can rent on AWS. It lets you run an operating system and any programs that run on it to the fullest extent. EC2 is scalable and cost-effective for a variety of compute needs.

• The following use cases apply to the following types, where you need a storage gateway for hosting web applications, running batch jobs, and machine learning workloads
• Key Benefit: It enables you to zoom in or out in minutes. This function allows you to scale up or down by minutes.

Asked by: Cognizant, HCL, Capgemini

AWS S3, or Simple Storage Service, is an object storage service provided by AWS. It's for storing and accessing any and all data, anytime, anywhere on the web. Images, backups, logs, videos, and more can be stored in S3, and these can be as large as 5TB.

# Upload a file to S3 using AWS CLI
aws s3 cp myfile.txt s3://my-bucket/myfile.txt

# List objects in a bucket
aws s3 ls s3://my-bucket/

Asked by: Accenture, IBM, Tech Mahindra

IAM (Identity and Access Management) is where you manage what you can access within your AWS account. We have a user, a group, and a role to which we add policies that define permissions. The golden rule: The principle of least privilege always applies.

The example policy below gives read-only access to S3.

// Example IAM policy: Allow read-only S3 access
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": ["s3:GetObject", "s3:ListBucket"],
      "Resource": "arn:aws:s3:::my-bucket/*"
    }
  ]
}

Asked by: Deloitte, EY, LTIMindtree

AWS Lambda is a serverless compute service. You write a function, upload it, and AWS runs it when triggered — no servers to manage. Lambda scales automatically, and you are billed only for the milliseconds of execution.

# Simple Lambda function example
import json

def lambda_handler(event, context):
    name = event.get("name", "World")
    return {
        "statusCode": 200,
        "body": json.dumps(f"Hello, {name}!")
    }

Asked by: TCS, Infosys, Wipro

CloudWatch continuously monitors your AWS services and applications. Can gather logs, metrics, events, and can configure alarms to notify or trigger an action such as scaling or message sending based on when a metric exceeds a threshold.

• Common usage: Alarm when CPU is over 80% and take action to Auto Scale a group.
• Logs Insights: Run queries directly against your application logs.

Asked by: Cognizant, HCL, Capgemini

AWS Management Console is a browser-based interface that we use to manage all services in AWS. It allows us to launch EC2 instances, create S3 buckets, configure IAM roles, policies, etc., basically the entire environment management with no requirement for CLI.

Asked by: Accenture, IBM, Tech Mahindra

The top product categories of AWS are:

• Compute
• Storage
• Database
• Networking and Content Delivery
• Machine Learning and AI
• Security and Identity
• Developer Tools
• Analytics.

Asked by: Deloitte, EY, LTIMindtree

• Standard Queues: Default type of queue. Infinite throughput, at-least-once delivery.
• FIFO Queues: Messages are delivered exactly in the order they were sent. Useful for transactions, order processing, etc.

Asked by: TCS, Infosys, Wipro

DynamoDB is a fully managed NoSQL key-value and document database that seamlessly scales to handle millions of requests per second with single-digit millisecond latency. No server management required. 

Best for gaming leaderboards, user sessions, IoT telemetry, e-commerce carts, etc.

Asked by: Cognizant, HCL, Capgemini

An AMI (Amazon Machine Image) is essentially a template that contains the information required to launch an EC2 instance. This includes the root device volume (which is an image of the operating system and applications) and launch permissions. It's like a blueprint for your server.

Asked by: Accenture, IBM, Tech Mahindra

If we stop an EC2 instance, it shuts down while preserving its state and data, and it can be restarted when needed. Terminating an instance is equivalent to deleting it, where all volumes attached get deleted, and it cannot be restarted. 

Asked by: Deloitte, EY, LTIMindtree

A VPC lets us create a secure, isolated network within AWS, similar to a traditional on-premises setup. It includes subnets (split into public & private networks), route tables (to define traffic paths), IGW/NAT for internet connectivity, and Security Groups (stateful, instance-level) vs NACLs (stateless, subnet-level) for layered security.

Asked by: TCS, Infosys, Wipro

The AWS Shared Responsibility Model divides security duties between AWS and the customer. AWS secures the infrastructure, like hardware, software, and data centers, while customers manage data, access, and application security.

Asked by: Cognizant, HCL, Capgemini

It is a storage class designed for data archiving, enabling flexible data retrieval with high performance. So, data can be accessed faster in milliseconds, and S3 Glacier offers a low-cost service.

There are three S3 Glacier storage classes: Glacier Instant Retrieval, S3 Glacier Flexible Retrieval, and S3 Glacier Deep Archive.

Asked by: Accenture, IBM, Tech Mahindra

This AWS service helps deploy and manage applications in the cloud quickly and easily. Here, developers need to upload the code; after that, Elastic Beanstalk will handle the other requirements automatically. Simply put, Elastic Beanstalk manages everything from capacity provisioning and auto-scaling to load balancing and application health monitoring.

Asked by: Deloitte, EY, LTIMindtree

This AWS service monitors user activity on AWS infrastructure and records it. This service identifies suspicious activity on AWS resources using CloudTrail insights and Amazon EventBridge. So, you can get reasonable control over your resources and response activities. In addition, it analyses the log files using Amazon Athena.

Asked by: TCS, Infosys, Wipro

This AWS service reduces application downtime at scale by quickly recovering applications, both on-premises and in the cloud, in the event of an application failure. It needs minimal computing power and storage and achieves point-in-time recovery.

It helps restore applications to the same state they were in when they failed within a few minutes. Mainly, it reduces recovery costs considerably compared with typical recovery methods.

Asked by: Cognizant, HCL, Capgemini

Use S3 for static files and data sharing. Use EBS when EC2 needs fast, persistent disk access.

Asked by: TCS, Cognizant, HCL

The EC2 instances are clustered according to the type of workload:

• General Purpose (t3, m6i) - A good balance of CPU and Memory, for most of the applications
• Compute Optimized (c6i) - Good amount of CPU for computing-intensive applications, suitable for batch processing and machine learning inference
• Memory Optimized (r6i) - A large amount of memory to process in-memory large data sets and used for caching.
• Storage Optimized (i3) - Optimized for high sequential read and write IOPS, for workloads such as big data analytics and transactional databases.
• Accelerated Computing (p4, g4) - Accelerated Computing machines are equipped with GPU hardware for machine learning training and graphics workloads.

Asked by: Wipro, LTIMindtree, Tech Mahindra

Auto Scaling will add or remove EC2 instances according to configured policies to maintain performance and cost. Two modes:

• Dynamic Scaling — adjusts to changes in demand at run-time
• Predictive Scaling — scales proactively based on ML predictions of demand.

# Create a simple Auto Scaling group via CLI
aws autoscaling create-auto-scaling-group \
  --auto-scaling-group-name my-asg \
  --launch-template LaunchTemplateName=my-template \
  --min-size 1 --max-size 5 --desired-capacity 2 \
  --availability-zones us-east-1a us-east-1b

Asked by: Amazon, Deloitte, Accenture

ELB can balance incoming traffic across multiple targets to prevent any single target from being overwhelmed. There are three types:

• Application Load Balancer (ALB) — Layer 7, ideal for HTTP/HTTPS and Web applications
• An ultra-low latency load balancer for TCP/UDP traffic that operates at Layer 4 of the network stack.Network Load Balancer (NLB) — Layer 4, ultra-low latency for TCP/UDP traffic
• Gateway Load Balancer (GWLB) — to deploy third-party virtual appliances, such as firewalls.

Asked by: IBM, Infosys, Capgemini

• Spot: Use unused AWS capacity at up to 90% discount. AWS can reclaim with a 2-minute notice. Best for fault-tolerant, flexible workloads like batch jobs.
• On-Demand: Pay per hour or second, no commitment. Most flexible, most expensive.
• Reserved: Commit to 1 or 3 years, save up to 72%. Best for predictable, steady workloads.

Asked by: TCS, Cognizant, HCL

• RPO (Recovery Point Objective) — How much data loss is acceptable? Measures the maximum tolerable period of data loss (e.g., "we can afford to lose up to 1 hour of data").
• RTO (Recovery Time Objective) — How long can the system be down? Measures the maximum tolerable recovery time (e.g., "we must be back online within 15 minutes").

Asked by: Wipro, LTIMindtree, Tech Mahindra

S3 Object Lambda lets you run Lambda code on data as it is being retrieved from S3 — without storing a modified copy. Use cases include redacting PII before returning data to an app, converting file formats on the fly, and filtering rows from a dataset.

# S3 Object Lambda — redact email addresses before returning data
import boto3
import re

def lambda_handler(event, context):
    s3 = boto3.client('s3')

    # Get the original object
    input_s3_url = event["getObjectContext"]["inputS3Url"]
    response = boto3.client('s3').get_object(
        Bucket="my-bucket", Key="data.txt"
    )
    data = response['Body'].read().decode('utf-8')

    # Redact email addresses
    redacted = re.sub(r'[\w.-]+@[\w.-]+', '[REDACTED]', data)

    # Return modified data
    s3.write_get_object_response(
        Body=redacted,
        RequestRoute=event["getObjectContext"]["outputRoute"],
        RequestToken=event["getObjectContext"]["outputToken"]
    )

Asked by: Amazon, Deloitte, Accenture

ECS is AWS-native and tightly integrated with services like IAM, VPC, and ELB. These are the best for applications that don't require multi-cloud portability or advanced orchestration.

EKS provides a fully managed Kubernetes environment that supports the full Kubernetes ecosystem, but it requires deeper expertise and has a steeper learning curve.

Asked by: IBM, Infosys, Capgemini

By default, Lambda runs outside your VPC. To access private resources such as RDS, you configure Lambda to run within your VPC by specifying a subnet and security group.

# Configure Lambda to run inside your VPC
aws lambda update-function-configuration \
  --function-name my-function \
  --vpc-config SubnetIds=subnet-abc123,SecurityGroupIds=sg-xyz456

Ensure outbound connections to the RDS port (3306 for MySQL) are enabled on the security group, and inbound connections to the Lambda security group are enabled on the RDS security group.

Asked by: TCS, Cognizant, HCL

Both are essential. CloudWatch tells you something went wrong. CloudTrail tells you who caused it.

Asked by: Wipro, LTIMindtree, Tech Mahindra

It is the blueprint that AWS uses to develop reliable, efficient, safe, and cost-optimized cloud systems. Organized into 6 pillars:

• Operational Excellence – Run and monitor systems effectively
• Security — Safeguard data, systems, and assets
• Reliability — Auto Recovery from failures.
• Performance Efficiency — Make effective use of resources, scalable
• Cost Optimization — Reduce wasteful spending
• Sustainability — Minimize environmental impact.

All serious AWS interview questions eventually relate to one of these pillars.

Asked by: Amazon, Deloitte, Accenture

All the user's requests within a session are sent to the same target via sticky sessions (also called session affinity). AWS session sticky duration is defined by cookie: AWSELB. This gives the users a continuous experience.

Asked by: IBM, Infosys, Capgemini

We were told: There is no clear scope, timeline, or even success criteria. Since the steps were not yet clear to me, I decided not to wait and organized multiple stakeholder meetings across data engineering, finance, and product. To determine requirements, I made notes of my assumptions, planned a phased approach in Glue & S3, and set up weekly stand-ups.

The first phase was finally put into operation two weeks early, and the costs of processing pipeline gas were cut 35%.

Asked by: Cognizant, Infosys, TCS

I would follow the following steps:

1. Remove public access by modifying the bucket policy and enabling the "Block Public Access" setting.
2. Use IAM roles and policies to grant granular access rights to only necessary users and applications.
3. Enable S3 server side encryption (SSE-S3/SSE-KMS)
4. Use AWS Config Rules to continuously monitor and alert if any bucket becomes public.
5. Use Amazon Macie to classify and protect sensitive data within S3.

Asked by: Capgemini, HCL, Wipro

In a previous role, we were experiencing occasional, difficult-to-reproduce latency spikes in production. I owned this problem by setting up comprehensive CloudWatch dashboards and enabling X-Ray tracing across all microservices. By analyzing metrics and tracing, I identified that a specific RDS instance was getting connection exhausted during peak loads, so I implemented an ElastiCache tier and a read replica configuration for our RDS to reduce load.

As a result, average response times decreased by 60%, and we did not experience any further latency-related issues that quarter.

Asked by: Amazon, Netflix, Airbnb

In such a situation, I will implement Autoscaling Groups with scaling policies based on CPU utilization, request count, or target tracking. I would then use an Elastic Load Balancer to distribute traffic evenly across healthy instances.

Next, I would need to cache frequently accessed data using Amazon ElastiCache or CloudFront and ensure that databases can handle the load by using Aurora Serverless or read replicas.

Asked by: Deloitte, Accenture, IBM

We had to migrate a legacy PostgreSQL database that served a customer-facing application and meet a 15-minute maximum downtime. To ensure the cloud database was always in sync with on-prem, I continuously replicated it to the cloud using AWS Database Migration Service for two weeks before the cutover. Data integrity was checked during each phase, and two practice cutovers were performed in a lower environment. 

On the actual cutover night, we updated the DNS record in Route 53 and switched over in less than 10 minutes, with no data loss.

Asked by: Cognizant, Infosys, TCS

• Before anything else, figure out what is slowing you down or triggering it (event/trigger).
• Look for errors in CloudWatch Logs and for execution durations in the metrics.
• Discuss Lambda memory allocation — memory directly takes control of CPU performance in Lambda
• Look for cold start problems – think about using provisioned concurrency for latency-sensitive functions
• Check for any external API or database calls made by the function for timeouts
• Follow the execution from end-to-end, and identify bottlenecks with AWS X-Ray.

Asked by: Capgemini, HCL, Wipro

• Cost overruns due to under-optimized or over-provisioned resources
• Security misconfigurations in IAM policies, S3 bucket permissions, and VPC settings
• Difficulty managing multi-account environments at scale
• Data migration complexity when moving from on-premises systems to the cloud
• Lack of a proper monitoring and alerting strategy before going to production.

Asked by: Amazon, Netflix, Airbnb

Common causes:

• Failure to load test: Test environments are not necessarily concurrent enough
• Resource contention at scale: CPU throttling, memory pressure, or database connection limits.
• Auto Scaling: Policies that are not configured to respond quickly enough to traffic surges.

Solutions:

• Run actual load testing, such as with AWS Load Testing Solution or Locust.
• Review and fine-tune Auto Scaling thresholds and cooldown periods
• Use ElastiCache for caching to relieve the database load
• Collectively, use CloudWatch dashboards and alarms to identify problems early, before they get out of hand.
• Check the VPC and security group setup for any unnecessary bottlenecks.

Asked by: Deloitte, Accenture, IBM

• Determine data volume, data source format, and AWS service to which you want to move the data (RDS, S3, DynamoDB, or Redshift).
• Minimize database downtime by leveraging AWS Database Migration Service (DMS) for live migrations.
• Transfer large amounts of data offline, greater than 10 TB, using AWS Snowball.
• Use checksums to ensure data integrity before/after migration.
• Run the migration in stages, test with a few, then roll out the rest.
• Track migrations with AWS DMS task logs and CloudWatch metrics.

Asked by: Cognizant, Infosys, TCS

Should there be any error, resources in the stack may not be created or updated. To address this, we use the AWS CLI to identify the error within the template, validate the template and use change sets to check what changes will be deployed when we deploy the corrected template.

Asked by: Capgemini, HCL, Wipro

Global Accelerator and Route 53 latency routing between regions and data replication using DynamoDB Global Tables or Aurora Global Database. Then I would have to deploy the same stacks in each region using CloudFormation or Terraform.

An important point to keep in mind is that it is always important to begin our answer by stating the constraint, for example, "The business requires X, and the constraint is Y, so therefore I would design Z.

Asked by: Amazon, Netflix, Airbnb

The first step would be to get the application running across multiple Availability Zones. Then I will create an Application Load Balancer (ALB) to distribute traffic across EC2 instances across AZs.

Next, you need to ensure Autoscaling Groups work by making sure instances are added or removed as traffic evolves. If a relational database is used in the application, I will deploy an RDS Multi-AZ setup once it is complete. 

Lastly, I would keep static assets in S3, use CloudFront as the CDN for performance.

Asked by: Deloitte, Accenture, IBM

The typical flow in an AWS pipeline is that you've got CodeCommit or GitHub as your source, CodeBuild for compilation, and then you run tests. Changes are pushed to EC2 or Lambda using CodeDeploy, and everything is orchestrated using CodePipeline. 

We have images stored in ECR for use with ECS or EKS on containers. The entire flow is as if it were an event: a commit initiates the pipeline, tests execute, artifacts are created, and deployment occurs without manual intervention. 

Here, it would be tested manually before going into production.

If the pipelines are more complex and production-ready, you can deploy the infrastructure with CloudFormation or CDK for automated changes and use blue-green or canary deployments in CodeDeploy to minimize risk.

Moreover, we can configure an auto-rollback if an alarm is triggered in CloudWatch. So if something deteriorates after the deployment, it self-corrects without any human interaction. 

Secrets Manager handles runtime credentials, so nothing sensitive is hardcoded. In fact, many teams are now using GitHub Actions or GitLab CI instead of CodePipeline and are therefore connecting to AWS via OIDC-federated IAM roles.

It's a much cleaner and more secure way to manage access keys than long-lived access keys.

Asked by: Cognizant, Infosys, TCS

I have done this a couple of times during my release. We deployed a Pilot Light using RDS cross-region replicas, S3 CRR, and Terraform IaC. We also relied on Route 53 failover, achieving an RTO of 15 minutes and an RPO of 5 minutes, with quarterly game-day testing.

Asked by: Capgemini, HCL, Wipro

I can secure it through applying IAM least privilege, private VPC subnets, WAF, and KMS encryption everywhere. We can then monitor it with GuardDuty, CloudTrail, and Config. Store secrets in Secrets Manager and scan IaC.

Asked by: Amazon, Netflix, Airbnb

Certainly! Our team had built insurance automation while working with an insurance client. We had Textract-parsed PDFs. Rekognition Custom Labels could identify car damage, and SageMaker scored fraud risk. We also used A2I for human review on uncertain cases.

Asked by: Deloitte, Accenture, IBM

We can do that in the following steps:

• Ingest to S3/Glue
• Prep with Data Wrangler
• Train/deploy via SageMaker Pipelines.

Finally, Model Monitor detects drift and Lambda + Step Functions trigger automated retraining.

Well! These interview questions and answers must have enhanced your understanding of AWS.

Asked by: Cognizant, Infosys, TCS

Absolutely, you can learn AWS over time. You can build a deeper understanding of networking, Linux, and databases, and that will make it easier to learn AWS concepts.

Asked by: Deloitte, EY, LTIMindtree

The fundamental concepts of AWS can be mastered in 3–4 weeks. Post-training hands-on practice will make you a more proficient AWS professional faster.

Asked by: TCS, Infosys, Wipro

AWS is Amazon's most widely used cloud platform and the largest in the global market. Azure is Microsoft's cloud platform, and has seamless integration with other enterprise products, such as Office 365 and Active Directory. They are both hybrid-deployable, but AWS has a longer history and more developed tooling for DevOps and serverless workloads.

Asked by: Cognizant, HCL, Capgemini

• AWS Certified Cloud Practitioner — entry-level, foundational
• AWS Certified Solutions Architect – Associate (SAA-C03) — Most popular
• AWS Certified Developer – Associate
• AWS Certified DevOps Engineer – Professional.

Asked by: Accenture, IBM, Tech Mahindra

Yes, absolutely. AWS professionals are in high demand across every industry. AWS engineers in India with 1–6 years of experience can earn between ₹8 LPA and ₹20 LPA, according to AmbitionBox. In the USA, they can earn between $110,000 and $175,000 annually, according to ZipRecruiter.

Asked by: Deloitte, EY, LTIMindtree

MindMajix offers the following e-learning resources:

• AWS Tutorial
• AWS Interview Questions
• AWS Quizzes
• AWS Sample Resumes.

Asked by: TCS, Infosys, Wipro

• Build a deep understanding of core AWS services and architecture principles
• Stay current with AWS announcements and new service launches
• Pass at least one AWS certification exam
• Join the AWS community, Reddit r/aws, and local AWS User Groups to interact with peers and gain real-world insights.

Asked by: Cognizant, HCL, Capgemini