TOP AWS DevOps’s Questions
If you’re cloud engineer, specially someone who knows Amazon Web Services (AWS) you’ll want to have a bunch of questions to ask them to share their knowledge. As with any AWS DevOps interview.
what is VPC ?
A virtual private cloud (VPC) is a virtual network dedicated to your AWS account. You can configure or create your VPC as per requirement like select region, create subnets (IP- CIDR), configure route tables, security groups, Internet gateway etc to your AWS account By which you can launch your AWS resources, such as Amazon EC2, RDS instances etc, into your VPC.
So basically you can say that Amazon VPC is the networking layer for AWS Infrastructure.
What is VPC Peering?
A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them using private IP addresses. And instances which is in VPC can communicate with each other as if they are within the same network.
You can create a VPC peering connection between your own VPCs, or with a VPC in another AWS account within a single region.
If you have more than one AWS account within a same region and wants to share or transfer the data, you can peer the VPCs across those accounts to create a file sharing network. You can also use a VPC peering connection to allow other VPCs to access resources you have in one of your VPCs.
A VPC peering connection can help you to facilitate the transfer of data.
What is VPC ENDPOINTS?
A VPC endpoint enables you to create a private connection between your VPC with another AWS service without requiring access over the Internet, through a NAT device, a VPN connection, or AWS Direct Connect. They are horizontally scaled, redundant, and highly available VPC components that allow communication between instances in your VPC and AWS services without imposing availability risks or bandwidth constraints on your network traffic.
An endpoint enables instances in your VPC to use their private IP addresses to communicate with resources in other services. Don’t require public IP addresses to your instances, and you don’t need an Internet gateway, a NAT device, or a virtual private gateway in your VPC.
What is EBS (Elastic Block Storage)? What type of performance can you expect? How do you back it up? How do you improve performance?
Amazon Elastic Block Storage
EBS is a virtualized SAN or storage area network. Elastic Block Store (Amazon EBS) provides persistence block level storage volumes for use with EC2 instances. EBS volumes are highly available and reliable storage volumes that can be attached to any running instance that is in the same Availability Zone.
Performance that we can expect: Performance on EBS can exhibit variability. That is it can go above the SLA performance level, then drop below it. The SLA provides you with an average disk I/O rate you can expect. This can frustrate some folks especially performance experts who expect reliable and consistent disk throughput on a server. Traditional physically hosted servers behave that way. Virtual AWS instances do not.
Amazon EBS offering high avialibilty & durability. And it offers the consistent & low-latency performence needed to run your workloads.
EBS Magnetic volumes : You can create EBS Magnetic volumes from 1 GiB to 1 TiB in size
EBS General Purpose SSD (gp2) : You can create EBS General Purpose SSD (1 GiB – 16 TiB )
Provisioned IOPS SSD (io1): Highest-performance SSD volume designed for mission-critical applications (4 GiB – 16 TiB )
Cold HDD (sc1): Lowest cost HDD volume designed for less frequently accessed workloads (500 GiB – 16 TiB )
Amazon EBS Encryption: You can use encrypted EBS volumes to meet a wide range of data-at-rest encryption requirements for regulated/audited data and applications.
Amazon EBS Snapshots: You can create point-in-time snapshots of EBS volumes, which are persisted to Amazon S3. Snapshots protect data for long-term durability, and they can be used as the starting point for new EBS volumes. The same snapshot can be used to instantiate as many volumes as you wish. These snapshots can be copied across AWS regions.
Performance metrics, such as bandwidth, throughput, latency, and average queue length, are available through the AWS Management Console. These metrics, provided by Amazon CloudWatch, allow you to monitor the performance of your volumes to make sure that you are providing enough performance for your applications without paying for resources you don’t need.
What is S3? What is it used for? Should encryption be used in S3?
Amazon S3 is stand for Simple storage service that is storage for the Internet. It as a, “simple storage service that offers software developers a highly-scalable, reliable, and low-latency data storage infrastructure at very low costs”.
Amazon S3 provides a simple web service interface which you can use to store and retrieve any amount of data, at any time, from anywhere on the web. Using this web service, developers can easily build applications that make use of Internet storage.
You can think of it like ftp storage, where you can move files to and from there, but not mount it like a file system. AWS automatically puts your snapshots there, as well as AMIs there. Encryption should be considered for sensitive data, as S3 is a proprietary technology developed by Amazon themselves, and as yet unproven vis-a-vis a security standpoint.
Encryption should be considered for sensitive data, as S3 is a proprietary technology developed by Amazon themselves, and yet to be proven from a security standpoint.
What is an AMI?
AMI stands for Amazon Machine Image. It is effectively a snapshot of the root filesystem. AWS AMI provides the information required to launch an instance, which is a virtual server in the cloud. You specify an AMI when you launch an instance, and you can launch as many instances from the AMI as you need. You can also launch instances from as many different AMIs as you need.
An AMI includes the following:
- A template for the root volume for the instance ( such as an operating system, an application server, and applications)
- Launch permissions that control which AWS accounts can use the AMI to launch instances
- A block device mapping that specifies the volumes to attach to the instance when it’s launched
Build a new AMI by first spinning up and instance from a trusted AMI. Then adding packages and components as required. Be wary of putting sensitive data onto an AMI. For instance your access credentials should be added to an instance after spinup. With a database, mount an outside volume that holds your MySQL data after spinup as well.
What is the relation between Instance and AMI?
An Amazon Machine Image (AMI) is a template that contains a software configuration (for example, an operating system, an application server, and applications). From an AMI, you launch an instance, which is a copy of the AMI running as a virtual server in the cloud.
You can launch different types of instances from a single AMI. An instance type determines the hardware of the host computer used for your instance. Each instance type offers different compute and memory capabilities.
What automation tools can you use to spinup servers?
Here below many types tools given any of the following tools can be used:
- Roll-your-own scripts, and use the AWS API tools. Such scripts could be written in bash, perl or other language or your choice.
- Use a configuration management and provisioning tool like Ansible, puppet or its successor Opscode Chef etc.
- You might also look towards a tool like Scalr. Lastly you can go with a managed solution such as Rightscale.
What are the different deployment models for Cloud?
The different models are:
- Private Cloud
- Public Cloud
- Hybrid Clouds
What is auto-scaling? How does it work?
- Horizontally Scaling
- Vertically Scaling
Auto scaling is a feature of AWS which allows you to configure and automatically provision and spinup new instances without the need for your intervention. You can do this by setting thresholds and metrics to monitor. When those thresholds are crossed, a new instance of your choosing will be spun up, configured, and rolled into the load balancer pool. You’ve scaled horizontally without any operator intervention!
Vertically Scaling: This is an incredible feature of AWS and cloud virtualization. Spinup a new larger instance than the one you are currently running. Pause that instance and detach the root ebs volume from this server and discard. Then stop your live instance, detach its root volume. Note the unique device ID and attach that root volume to your new server. And the start it again. You have scaled vertically in-place!!
What is the difference between scalability and elasticity?
Scalability is the ability of a system to increase the workload on its current hardware resources to handle variability in demand.
Elasticity is the ability of a system to increase the workload on its current and additional hardware resources, thereby enabling businesses to meet demand without investing in infrastructure up-front.
List out different layers which define cloud architecture?
There are five layers:
- Cloud Controller (CLC)
- Cluster Controller
- Storage Controller (SC)
- Node Controller (NC)
What are the security laws which are implemented to secure data in a cloud?
The security laws which are implemented to secure data in cloud are:
- Output reconciliation
- Input Validation
- Security and Backup
Why API’s have in cloud services?
Application Programming Interface (API) has the following uses:
- It eliminates the need to write fully fledged programs
- It provides the instructions to set up communication between one or more applications
- It allows easy creation of applications and links the cloud services with other systems
How many data centers are deployed for cloud computing? What are they?
There are two data centers in cloud computing:
- Containerized Data centers
- Low Density Data centers
What are the Security for Amazon EC2?
There are several best practices for secure Amazon EC2. A few of them are given below:
- Use AWS Identity and Access Management (IAM) to control access to your AWS resources.
- Restrict access by only allowing trusted hosts or networks to access ports on your instance.
- Review the rules in your security groups regularly, and ensure that you apply the principle of least
- Privilege – only open up permissions that you require.
- Disable password-based logins for instances launched from your AMI. Passwords can be found or cracked, and are a security risk.
How you would simulate perimeter security using Amazon Web Services model?
Traditional perimeter security that we’re already familiar with using firewalls and so forth is not supported in the Amazon EC2 world.
AWS supports security groups. One can create a security group for a jump box with ssh access – only port 22 open. From there a web server group and database group are created.
The web server group allows 80 and 443 from the world, but port 22 only from the jump box group. Further the database group allows port 3306 from the web server group and port 22 from the jump box group. Add any machines to the web server group and they can all hit the database.
No one from the world can, and no one can directly ssh to any of your boxes.
Want to further lock this configuration down? Only allow ssh access from specific IP addresses on your network, or allow just your subnet.
How is buffer used in Amazon web services?
Buffer is used to make the system more resilient to burst of traffic or load by synchronizing different components. The components always receive and process the requests in an unbalanced way. Buffer keeps the balance between different components and makes them work at the same speed to provide faster services.
What is the function of Amazon Elastic Compute Cloud?
Amazon Elastic compute cloud also known as Amazon EC2 is an Amazon web service that provides scalable resources and makes the computing easier for developers. The main functions of Amazon EC2 are:
- It provides easy configurable options and allow user to configure the capacity.
- It provides the complete control of computing resources and let the user run the computing environment according to his requirements.
- It provides a fast way to run the instances and quickly book the system hence reducing the overall time.
- It provides scalability to the resources and changes its environment according to the requirement of the user.
- It provides varieties of tools to the developers to build failure resilient applications.
What are the different components used in AWS?
The components that are used in AWS are:
- Amazon S3: it is used to retrieve input data sets that are involved in making a cloud architecture and also used to store the output data sets that is the result of the input.
- Amazon SQS: it is used for buffering requests that is received by the controller of the Amazon. It is the component that is used for communication between different controllers.
- Amazon Simple DB: it is used to store intermediate status log and the tasks that are performed by the user/
- Amazon EC2: it is used to run a large distributed processing on the Hadoop cluster. It provides automatic parallelization and job scheduling.
Explain the function of an Amazon EC2 instance like stopping, starting and terminating?
- Stopping and Starting an instance: When an instance is stopped, the instance performs a normal shutdown and then transitions to a stopped state. All of its Amazon EBS volumes remain attached, and you can start the instance again at a later time. You are not charged for additional instance hours while the instance is in a stopped state.
- Terminating an instance: When an instance is terminated, the instance performs a normal shutdown, then the attached Amazon EBS volumes are deleted unless the volume’s delete OnTermination attribute is set to false. The instance itself is also deleted, and you can’t start the instance again at a later time.Hope it would be very helpful to understand and crack the interview.
And for know more information go through AWS Documentation official website