AWS Common Interview Questions Comprehensive Guide

🌐 AWS Fundamentals

1. What Is AWS? What Are Its Core Advantages?

Understanding the basic concepts of AWS cloud computing services

AWS Definition: Amazon Web Services, a cloud computing platform provided by Amazon offering the most comprehensive cloud services globally.
Core Advantages:
Extensive global infrastructure with multiple regions and availability zones supporting low-latency access.
Rich service portfolio covering computing, storage, databases, AI, and more.
Elastic scaling and pay-as-you-go model facilitating cost optimization.
High availability and reliability with multi-AZ and cross-region architecture supporting business continuity.
Strong security with multiple security and compliance certifications.

2. What Cloud Computing Models Does AWS Support?

Understanding different cloud service delivery models

IaaS (Infrastructure as a Service): Provides virtual machines, storage, and network resources; typical services include EC2, EBS, and VPC; users manage operating systems and applications.
PaaS (Platform as a Service): Provides runtime environments and platforms; users only deploy code; typical services include Elastic Beanstalk, RDS, and Lambda.
SaaS (Software as a Service): Provides complete applications for direct user access; typical services include WorkSpaces and QuickSight.

3. What Are AWS Regions and Availability Zones?

Understanding AWS global infrastructure layout

Region: Independent geographic area; each region contains multiple data center clusters; regions are isolated from each other for data residency and compliance.
Availability Zone (AZ): Independently isolated but high-speed interconnected data centers within a region; typically a region contains multiple AZs for high-availability deployment.
Design Purpose: Multi-AZ deployment achieves disaster recovery and high availability; cross-region deployment improves business continuity.

4. What Does AWS Free Tier Include?

Understanding AWS free service scope

12-Month Free Tier: New accounts can use certain EC2, RDS, S3, and other services free within usage quotas for one year after registration.
Permanent Free Tier: Certain services offer long-term free usage, such as Lambda invocations, DynamoDB storage and requests.
Short-Term Trials: Specific services offer 30-60 day trials or evaluation quotas.

5. What Is AWS IAM? What Is Its Function?

Understanding identity and access management

IAM Definition: Identity and Access Management, a service for managing users, roles, groups, and access policies.
Core Elements: Users, user groups, roles, and policies.
Primary Function: Granular control of who accesses which resources and what actions they can perform, implementing the principle of least privilege and meeting security and compliance requirements.

💻 EC2 and Compute Services

6. What Is EC2? What Are Its Main Characteristics?

Understanding AWS Elastic Compute Cloud

EC2 Definition: Elastic Compute Cloud, used for creating and managing virtual machine instances in the cloud.
Main Characteristics: Supports multiple instance types, elastic scaling, various storage options (EBS, instance storage), security group network access control, compatible with load balancing and auto-scaling.
Typical Uses: Web application servers, batch processing, background services, development and testing environments.

7. What EC2 Instance Types Exist?

Understanding different EC2 instance classifications

General Purpose: T and M series; balanced CPU and memory; suitable for most applications.
Compute Optimized: C series; suitable for high CPU-intensive workloads like batch processing and scientific computing.
Memory Optimized: R and X series; suitable for memory-intensive applications like large databases and caching.
Storage Optimized: I/D series; suitable for high I/O database and analytics scenarios.

8. What EC2 Pricing Models Exist? How to Choose?

Understanding EC2 cost optimization strategy

On-Demand Instances: Pay by usage time with no prepayment; suitable for short-term or unpredictable loads.
Reserved Instances or Savings Plans: Commit to usage duration for significant discounts; suitable for stable loads.
Spot Instances: Lower pricing but may be interrupted; suitable for fault-tolerant tasks.
Selection Recommendation: Use reserved or Savings Plans for stable core business; combine on-demand and Spot for testing and batch processing.

9. What Is Lambda? What Are Its Advantages?

Understanding serverless compute service

Lambda Definition: Serverless function computing service where you only write function code with execution managed by the platform.
Advantages: No server management required, automatic scaling, pay per request and execution time, generous free tier.
Typical Scenarios: Event-driven tasks, API backends, data processing, scheduled tasks.

10. What Is Elastic Beanstalk? What Are Its Use Cases?

Understanding PaaS deployment service

Definition: An application hosting platform automatically handling environment creation, deployment, scaling, and monitoring.
Characteristics: Supports multiple languages (Java, Node.js, Python, etc.); enables rapid application launch without deep infrastructure management.
Applicable Scenarios: Small and medium web services, API services, applications requiring rapid delivery.

💾 Storage and Databases

11. What Is S3? What Are Its Main Characteristics?

Understanding object storage service

S3 Definition: Simple Storage Service, providing object storage for any amount of data.
Characteristics: High durability (11 nines), high availability, pay-per-use pricing, version control, lifecycle management, and cross-region replication support.
Common Uses: Backup and archival, static website hosting, log storage, data lakes.

12. What S3 Storage Classes Exist? How to Choose?

Understanding S3 cost optimization

Standard: Suitable for frequently accessed hot data with low latency.
Infrequent Access / Intelligent-Tiering: Suitable for less frequently accessed or uncertain access pattern data with lower cost.
Glacier / Deep Archive: Suitable for rarely accessed but long-term retained data with lowest cost but longer retrieval time.
Selection Principle: Choose appropriate tier based on access frequency and recovery time requirements; combine with lifecycle policies for automatic migration.

13. What Is the Difference Between EBS and S3?

Comparing block storage and object storage

EBS: Block storage attached to EC2 as disk; suitable for database and filesystem scenarios requiring low-latency random read/write.
S3: Object storage accessed via API or HTTP; suitable for large files, backups, and media resources.
Key Differences: Different access methods, performance characteristics, usage patterns, and billing models.

14. What Is RDS? What Engines Does It Support?

Understanding managed relational database

RDS Definition: Relational Database Service supporting MySQL, PostgreSQL, MariaDB, SQL Server, Oracle, and Aurora.
Characteristics: Automatic backups, automatic patching, multi-AZ deployment, read replicas, monitoring, and scaling.
Advantage: Reduces database operational burden, letting teams focus on business logic.

15. What Is DynamoDB? How Does It Differ From RDS?

Understanding managed NoSQL service

DynamoDB: Fully managed NoSQL key-value and document database supporting millisecond responses and automatic scaling.
Difference: RDS is relational supporting SQL and complex transactions; DynamoDB is schema-less suited for high-throughput, low-latency internet applications.
Selection Recommendation: Use RDS for strong relationships and complex queries; DynamoDB for ultra-high concurrency and flexible schemas.

🌍 Networking and Content Distribution

16. What Is VPC? What Is Its Function?

Understanding Virtual Private Cloud

VPC Definition: Virtual Private Cloud, a logically isolated network environment defined by users on AWS.
Function: Enable custom IP ranges, subnets, route tables, and gateways implementing isolated, secure, and controllable network topology.
Common Design: Separate public and private subnets combined with NAT and Internet Gateway for multi-tier architecture.

17. What Is the Difference Between Public and Private Subnets?

Understanding subnet role segmentation

Public Subnet: Route table pointing to Internet Gateway; instances can have public internet access; typically hosts load balancers and bastion hosts.
Private Subnet: Not directly exposed to internet; can access external through NAT gateway; suitable for backend application servers and databases.
Security: Multi-tier architecture with frontend in public subnet and core data in private subnet improves security.

18. What Is the Difference Between ALB and NLB?

Understanding different load balancers

ALB (Application Load Balancer): Layer 7 enabling intelligent routing by URL paths, hostnames, and headers; suitable for HTTP/HTTPS microservices.
NLB (Network Load Balancer): Layer 4 enabling high-performance TCP/UDP forwarding with extremely low latency; suitable for high concurrency and real-time systems.
Selection: Use ALB for web/API; NLB for high-throughput and non-HTTP protocols.

19. What Is CloudFront? What Are Its Advantages?

Understanding CDN service

CloudFront Definition: AWS global content delivery network caching content at edge locations worldwide.
Advantages: Reduced latency, decreased origin load, HTTPS support, custom domains, and WAF integration.
Applications: Static websites, video distribution, API acceleration.

20. What Is Route 53? What Are Its Main Functions?

Understanding DNS service

Route 53: AWS scalable DNS service providing domain name resolution, health checks, and traffic routing policies.
Functions: Supports multiple record types, weighted routing, latency-based routing, geolocation routing, and failover.
Applications: Provides name resolution for domains and integrates with ELB and CloudFront for intelligent routing.

📊 Monitoring and Management

21. What Is CloudWatch? What Is Its Primary Purpose?

Understanding monitoring and alerting

CloudWatch: Monitoring and logging service collecting metrics and logs from AWS resources and custom applications.
Purpose: Create alarms, view dashboards, analyze logs, trigger auto-scaling or notifications.
Key Point: Combine EC2, RDS, and Lambda metrics for automated operations management.

22. How Does Auto Scaling Work?

Understanding automatic scaling

Auto Scaling: Automatically increase or decrease EC2 instances based on load.
Workflow: Define Auto Scaling group and policies; CloudWatch metrics (like CPU utilization) trigger scale-up or scale-down.
Advantage: Improves availability, prevents resource waste, realizes elastic scaling.

23. What Is CloudTrail Used For?

Understanding audit and tracking

CloudTrail: Records AWS API calls in accounts including console operations and SDK calls.
Function: Used for security auditing, issue tracking, and compliance proof; logs can be sent to S3 or CloudWatch Logs.
Key Point: Helps answer "Who did what to which resource when."

24. What Is AWS Config?

Understanding configuration audit service

AWS Config: Records and evaluates AWS resource configuration changes.
Purpose: View resource configuration history; check compliance with rules (e.g., S3 encryption enforcement).
Advantage: Helps build compliance reports and automated remediation workflows.

25. What Functionality Does AWS Systems Manager Provide?

Understanding unified operations management

Systems Manager: Provides patch management, parameter storage, automation tasks, and remote execution functions.
Common Functions: Run Command, Session Manager, Parameter Store, Automation, Patch Manager.
Advantage: Centrally manage multi-region, multi-account, and multi-instance operations.

🔐 Security and Compliance

26. What Is the AWS Shared Responsibility Model?

Understanding security responsibility division

Concept: AWS secures "the cloud" (data centers, hardware, base services); customers secure "on the cloud" (operating systems, applications, data, permissions).
Significance: Clear boundaries help enterprises implement security controls and compliance measures.

27. What Is the Difference Between Security Groups and Network ACLs?

Understanding network security controls

Security Groups: Instance-level firewall, stateful, requires only allow rules.
Network ACL: Subnet-level firewall, stateless, requires both inbound and outbound rules with explicit deny support.
Combined Use: NACL provides coarse-grained filtering first, security groups provide fine-grained control.

28. What Is the Difference Between KMS and Secrets Manager?

Understanding encryption and key management

KMS: Manages encryption keys providing encryption/decryption for S3, EBS, RDS, and others.
Secrets Manager: Stores and rotates sensitive information (database passwords, API keys); internally uses KMS for encryption.
Summary: KMS manages encryption key lifecycle; Secrets Manager manages secrets storage and access.

29. What Is AWS Artifact?

Understanding compliance documentation service

Artifact: Self-service download portal for AWS compliance reports and certifications.
Purpose: Meet enterprise and regulatory compliance documentation requirements such as ISO, SOC, and PCI.
Value: Reduces back-and-forth with AWS support, accelerating audit and compliance processes.

30. What Is the Difference Between AWS Shield and WAF?

Understanding DDoS and application security

AWS Shield: DDoS protection service available in free basic and paid advanced versions.
AWS WAF: Web Application Firewall blocking SQL injection, XSS, and application layer attacks with customizable rules for request filtering.
Combined Strategy: Using Shield + WAF + CloudFront/ALB together improves overall security.

💼 Application Integration and Messaging Services

31. What Is the Difference Between SQS and SNS?

Understanding queues and publish-subscribe

SQS: Message queue service where consumers actively pull messages, suitable for synchronous decoupling and peak shaving.
SNS: Publish-subscribe service pushing messages one-to-many to subscription endpoints (email, SQS, HTTP, Lambda).
Common Pattern: Use SNS for broadcasting, then route messages to multiple SQS queues for different service consumption.

32. What Is the Primary Function of API Gateway?

Understanding API management and gateway

Function: Unified API entry point supporting authentication, rate limiting, traffic control, request transformation, and monitoring.
Integration: Routes requests to Lambda, EC2, other HTTP services, or private VPC endpoints.
Advantage: Simplifies API publishing and version management, enhancing security and observability.

33. What Are Common Components for Building Microservice Architecture on AWS?

Understanding microservices ecosystem

Compute Layer: Lambda, ECS/Fargate, EKS, or EC2.
Communication Layer: API Gateway, ALB, SQS, SNS.
Data Layer: DynamoDB, RDS/Aurora, S3.
Observability and Management: CloudWatch, X-Ray, CloudTrail, Config.

34. What Is the Relationship Between ECS and Fargate?

Understanding container running modes

ECS: AWS proprietary container orchestration service running tasks on self-managed EC2 clusters or Fargate.
Fargate: Serverless container runtime engine requiring no bottom-level EC2 management, only container resource requirement definition.
Summary: ECS manages container orchestration and task definitions; Fargate manages underlying compute resources.

35. What Are Common AWS Cost Optimization Practices?

Understanding cloud cost governance

Resource Optimization: Regularly check idle and low-utilization resources, appropriately downsize or shut down.
Purchasing Strategy: Combine on-demand, reserved, Savings Plan, and Spot instances.
Storage Optimization: Use S3 lifecycle, appropriate storage tiers, and EBS snapshot strategies.
Monitoring: Track costs continuously through Cost Explorer and Budgets with budget and alarm configuration.