1. How do you connect to an EC2 instance with no public IP?
A: Use SSM Session Manager (requires IAM role attached to EC2) or use a bastion host (jump box) in a public subnet to SSH into the private EC2.
2. What are the ways to connect to EC2?
A:
- 1. SSH with key pair and public IP
- 2. EC2 Instance Connect (browser)
- 3. Session Manager via Systems Manager
- 4. Bastion host in public subnet
3. What is CloudFront and if changes are not reflected on user side, how do you fix it?
A: CloudFront is a CDN. If updates are not reflected, it is likely due to cached content. Fix by
invalidating the cache or reducing cache TTL.
4. What is the difference between a public and private subnet?
A: Public subnet has a route to Internet Gateway and allows external access; private subnet does not.
5. How to create a subnet?
A: Navigate to VPC dashboard -> Create Subnet -> Choose VPC, AZ, and CIDR block.
6. What is a Security Group and how to deny traffic?
A: Security Groups are stateful and only allow traffic. To deny traffic, use Network ACLs which are stateless.
7. What is inbound and outbound traffic?
A: Inbound: Traffic coming into the instance. Outbound: Traffic leaving the instance.
8. How to download object from S3 in EC2 (private subnet)?
A: Use a NAT Gateway or create a VPC Endpoint for S3. Ensure EC2 has appropriate IAM role.
9. How to connect multiple VPCs?
A: Use VPC Peering, Transit Gateway, or VPN connections.
10. Difference between VPC Peering and Transit Gateway?
A: VPC Peering is point-to-point and manual. Transit Gateway is hub-and-spoke and scalable with centralized routing.
11. What is the port number for SSH?
A: Port 22
12. How do you access S3 from a different AWS account?
A: Use bucket policy to allow access or configure IAM cross-account roles and use AssumeRole.
13. How do you increase EBS volume and mount it?
A:
- 1. Modify volume in AWS Console
- 2. Use growpart, resize2fs or equivalent
- 3. Mount with mount command
14. What if EBS still shows full after increasing volume?
A: Check partition resize, temp/log files, and run df -h to ensure space is available.
15. Can we directly access memory and disk usage in CloudWatch dashboard?
A: No. You need to install CloudWatch Agent to collect OS-level metrics.
16. How to send notification if threshold is above 70%?
A: Create a CloudWatch Alarm with metric threshold and link it to an SNS Topic for notifications.
17. How do you automate CPU threshold handling with Lambda?
A: Configure CloudWatch Alarm to trigger Lambda function that can stop/start/scale EC2 or notify via SNS.
18. How to enable RDS for disaster recovery? Is there downtime?
A: Use Multi-AZ deployment. Failover happens automatically with minimal downtime (~60-120 sec).
19. How to connect EC2 and S3 bucket?
A: Attach an IAM role with S3 access to EC2 and use AWS CLI or SDK to access the bucket.
20. What is a VPC Endpoint?
A: It allows private connectivity to AWS services without using the Internet or NAT.
21. How to differentiate between public and private IP?
A: Private IP ranges are:
10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16
Anything else is public.
22. What is CloudWatch Agent and why install it on EC2?
A: It collects custom metrics (memory, disk, logs) and sends them to CloudWatch.
23. What is Auto Scaling and how to create an Auto Scaling Group?
A: Auto Scaling ensures EC2 scale based on load. Create Launch Template -> Define ASG -> Attach policies -> Optional Load Balancer.
24. What is auto-scaling?
A: Auto-scaling is a feature of AWS which allows you to configure and automatically provision and spin-up new instances without the need for
your intervention.
25. What are the different types of cloud services?
A: Software as a Service (SaaS), Data as a Service (DaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS).
26. What is SimpleDB?
A: It is a structured data store that supports indexing and data queries to both EC2 and S3.
27. What is an AMI?
A: AMI (Amazon Machine Image) is a snapshot of the root filesystem.
28. What is the type of architecture, where half of the workload is on the public load while at the same time half of it is on the local storage?
A: Hybrid cloud architecture.
29. Can I vertically scale an Amazon instance? How do you do it?
A: Yes. Spinup a new larger instance than the one you are running, then pause that instance to detach the root ebs volume from this server and discard. After that, stop the live instance and detach its root volume. Note the unique device ID and attach that root volume to the new server, and start again. This way you will have scaled vertically.
30. How can you send request to Amazon S3?
A: You can send request by using the REST API or the AWS SDK wrapper libraries that wrap the underlying Amazon S3 REST API.
31. How many buckets can be create in AWS by default?
A: By default, 100 buckets can be created.
32. Should encryption be used for S3?
A: Encryption should be considered for sensitive data as S3 is a proprietary technology.
33. What are the various AMI design options?
A: Fully Baked AMI, JeOS (just enough operating system) AMI, and Hybrid AMI.
34. What is Geo Restriction in CloudFront?
A: Geo restriction, also known as geoblocking, is used to prevent users in specific geographic locations from accessing content that you’re
distributing through a CloudFront web distribution.
35. Explain what is T2 instances?
A: T2 instances are designed to provide moderate baseline performance and the capability to burst to higher performance as
required by workload.