Aug 21, 2021
AWS Interview Questions and Answers: Part 3
Q) AWS CloudWatch Events?
Amazon CloudWatch Events delivers a near-real-time stream of system events that describe changes in Amazon Web Services (AWS) resources.
An event indicates a change in your AWS environment. AWS resources can generate events when their state changes.
These event changes can subsequently trigger notifications, or other actions, through the use of rules.
Q) What is IAM?
Amazon Identity and Access Management is a web service that helps you to securely control access to AWS resources for your user. You use IAM to control who can use your AWS resource (authentication) and what resources they can use and in what ways (authorization).
Q) What is IAM User?
AWS IAM User is an entity that you create in AWS to represent the person and application that uses it to interact with AWS.
A user in AWS consists of a name and credentials to sign in to the Management console and Access Keys which is used by API or CLI.
IAM user gives you the ability to sign in to the AWS Management Console for the interactive task and to make programmatic requests to AWS services using the API or CLI.
Q) What is IAM Role?
IAM Role is an identity similar to an IAM user with the permission policy attached to it that determines what it can do and cannot do in AWS. Roles do not have any credentials associated with them.
Q) What is IAM Policy?
A policy is an entity that, when attached to an identity or resource, defines its permissions. Policies are stored in AWS as JSON documents.
AWS Policies are of two types:
1. Identity-based policies:
A policy that is attached to identity in IAM is known as an identity-based policy. Identity-based policies can include AWS-managed policies, customer-managed policies, and inline policies.
AWS managed policies are created and managed by AWS.
Customer-managed policies are standalone policies that you administer in your own AWS account. You can then attach the policies to identities (users, groups, and roles) in your AWS account.
An inline policy is one that you create and embed directly to an IAM group, user, or role.
2. Resource-based policies:
Resource-based policies are the ones that can be directly attached to the AWS resource like S3( called Amazon S3 bucket policy).
Q) Amazon S3 Storage Classes?
1. Amazon S3 Standard for frequently access data.
2. Amazon S3 Intelligent-Tiering (S3 Intelligent-Tiering) for unknown and changing access patterns.
3. Amazon S3 Standard Infrequent Access for long-lived and less frequently access data.
4. Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA) for long-lived less frequently access data
5. Amazon Glacier for long-term archival.
6. Amazon Glacier Deep Archive for long-term archival.
Ref Link: https://aws.amazon.com/s3/storage-classes/
Amazon Elastic Container Registry (ECR) is a fully-managed Docker container registry that makes it easy for developers to store, manage, and deploy Docker container images. Amazon ECR is integrated with Amazon Elastic Container Service (ECS) simplifying development to production workflow.
Q) What is Amazon ECR?
Amazon ECR hosts your images in a highly available and scalable architecture, allowing you to reliably deploy containers for your applications.
Amazon ECR eliminates the need to operate our container repository and worry about scaling the underlying infrastructure.
Q) What is ECS?
Amazon Elastic Container Service (Amazon ECS) is a fully managed container orchestration service. Amazon ECS is a highly scalable, fast, container management service that makes it easy to run, stop, and manage Docker containers on a cluster.
Ref Link: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/Welcome.html
Q) Amazon ECS Launch Types
An Amazon ECS launch type determines the type of infrastructure on which your tasks and services are hosted.
1. Fargate Launch Type
2. EC2 Launch Type
1. Farget Launch Type:
The Fargate launch type allows you to run your containerized applications without the need to provision and manage the backend infrastructure.
2. EC2 Launch Type:
The EC2 launch type allows you to run your containerized applications on a cluster of Amazon EC2 instances that you manage.
Ref Link: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html
Ref Link: https://www.redswitches.com/blog/difference-between-horizontal-vertical-scaling
Q) What is CloudTrail?
AWS Cloud Trail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account.
With AWS Cloud Trail, you can log, continuously monitor and retain account activity related to the actions across your AWS infrastructure.
CloudTrail provides the event history of your AWS account activity, including action taken through the AWS management console, AWS SDK’s and command-line tools, and other AWS services.
This event history simplifies security analysis, resource change tracking, and troubleshooting.
Ref Link: https://n2ws.com/blog/aws-cloud/aws-config
Q) Ways to encrypt data in S3?
Amazon S3 supports the following encryption mechanisms to secure the data in S3:
1. Server-Side Encryption(SSE).
Ø Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3). Encryption Algorithm: AES-256
Ø Server-Side Encryption with Customer Master Keys (CMKs) Stored in AWS Key Management Service (SSE-KMS).
Ø Server-Side Encryption with Customer-Provided Keys (SSE-C).
2. Client-Side Encryption (CSE).
Q) Difference between a Spot instance and an On-Demand instance?
Both spot instances and on-demand instances are pricing models. A spot instance allows customers to purchase compute capacity with no upfront commitment. Moreover, the hourly rates for a spot instance are usually lower than what has been set for on-demand instances.
The bidding price for a spot instance is known as the spot price. It fluctuates based on the supply and demand for spot instances. In case the spot price gets higher than a customer’s maximum specified price, the EC2 instance will shut down automatically.
Ref Link: https://docs.aws.amazon.com/sns/latest/dg/welcome.html
Q) AWS CloudFormation?
CloudFormation is a native Infrastructure-As-Code tool in AWS. It is written in a JSON or YAML format that allows you to deploy, manage, and configure any cloud resource available in AWS.
AWS CloudFormation is a service that gives developers and businesses an easy way to create a collection of related AWS resources and provision them in an orderly and predictable fashion.
A CloudFormation template is an actual file containing the infrastructure as code, specified in JSON or YAML format. It contains a description of the resources that the CloudFormation template is expected to create.
A stack is a set of all the resources that are created using a given CloudFormation template. We get a stack when we run a template. Thus, a stack is an instantiation of a template.
Parameters are inputs that users specify when creating a stack from a template.
Resources refer to the AWS resources that make up a stack. And lastly, events refer to all of the events that take place in the creation or updating of a CloudFormation stack. For example, any time a resource is created, updated, or deleted, an event is logged. Events are extremely helpful in tracking changes and also tracking errors.
Originally published at https://blog.goinit.net.
