Top 70 AWS Interview Questions | AWS Solution Architect Tutorial

Top AWS Architect Interview Questions For 2016!

 Recommended by 83 users

Share on 28 4 49 0

Pallavi Poojary Jan 20, 2016  41,970     2

Why AWS Architect Interview Questions ?

For the 6th straight year, Gartner placed Amazon Web Services in the “Leaders” quadrant. Also Forbes reported, AWS Certified Solutions Architect Leads the 15 Top Paying IT Certifications. Undoubtedly, AWS Solution Architect position is one of the most sought after amongst IT jobs. We at Edureka are committed to helping you upgrade your career in sync with industry requirements. That’s why we have created a list of AWS Architect Interview questions and answers that will most probably get asked during your interview. If you’ve attended an AWS Architect interview or have additional questions beyond what we have covered, we encourage you to add them in the comments section below. In the meantime, you can maximize the Cloud computing career opportunities that are sure to come your way by taking AWS Architect online training with Edureka. You can write the AWS Architect certification exam after the course at edureka. 

Get AWS Certified!

The AWS Solution Architect Role: With regards to AWS, a Solution Architect would design and define AWS architecture for existing systems, migrating them to cloud architectures as well as developing technical road-maps for future AWS cloud implementations. So, in this AWS Architect interview questions blog, in every section, we will start with the basics, and then move our way forward to more technical questions, for the best learning experience please refer the questions in sequence so that the concepts for the next question will be clear in the first.

Section 1: What is Cloud Computing

For a detailed discussion on this topic, please refer our Cloud Computing blog.

1. What are the different service models offered by cloud computing?

The three different service are:

• Infrastructure as a Service (IaaS)
• Platform as a Service (PaaS)
• Software as a Service (SaaS)

2. What are the different deployment models for Cloud?

The different models are:

• Private Cloud
• Public Cloud
• Hybrid Cloud

3. What are the different layers which define cloud architecture?

There are five layers which define the cloud architecture:

• Cloud Controller (CLC)
• Walrus
• Cluster Controller
• Storage Controller (SC)
• Node Controller (NC)

4. What uses do API’s have in cloud services?

Application Programming Interface (API) has the following uses:

• It eliminates the need to write full fledged programs.
• It enables communication between one or more applications.
• It allows linking of the cloud services with other systems. 
  For Example: if you would want to connect CloudWatch to OpenGenie, you will be doing that using the OpenGenie API.

Section 2: Amazon EC2

For a detailed discussion on this topic, please refer our EC2 AWS blog.

5. What is Amazon EC2 service?

Amazon describes Elastic Compute Cloud (Amazon EC2) as a web service that provides resizable compute capacity in the cloud. They are re-sizable because you can quickly scale up or scale down the number of server instances you are using if your computing requirements change.

6. What are the functions of Amazon Elastic Compute Cloud?

From the definition, we can see that EC2 is “resizable” and provides “compute capacity”. Keeping that in mind let’s elaborate on the functions:

• It provides compute capacity in the cloud meaning, EC2 gives the user complete control of his compute resources in Amazon’s infrastructure, therefore he can run them according to his requirement.
• It is resizable meaning, the user can set parameters on his resources to scale up and scale down as and when required.
• It also provides varieties of tools to the developers to build failure resilient applications like Multi AZ deployment.

7. Explain Stopping, Starting, and Terminating an Amazon EC2 instance?

Starting, stopping and terminating are the three states in an EC2 instance, let’s discuss them in detail:

• Stopping and Starting an instance: When an instance is stopped, the instance performs a normal shutdown and then transitions to a stopped state. All of its Amazon EBS volumes remain attached, and you can start the instance again at a later time. You are not charged for additional instance hours while the instance is in a stopped state.
• Terminating an instance: When an instance is terminated, the instance performs a normal shutdown, then the attached Amazon EBS volumes are deleted unless the volume’s deleteOnTermination attribute is set to false. The instance itself is also deleted, and you can’t start the instance again at a later time.

8. How is a Spot instance different from an On-Demand instance or Reserved Instance?

First of all let’s understand that Spot Instance, On-Demand instance and Reserved Instances are all models for pricing. Moving along, spot instances provide the ability for customers to purchase compute capacity with no upfront commitment, at hourly rates usually lower than the On-Demand rate in each region, spot instances are just like bidding a price, this price is called Spot Price. The Spot Price fluctuates based on supply and demand for instances, but customers will never pay more than the maximum price they have specified. If the Spot Price moves higher than a customer’s maximum price, the customer’s EC2 instance will be shut down automatically. But the reverse is not true, if the Spot prices come down again, your EC2 instance will not be launched automatically, one has to do that manually.  In Spot and On demand instance, there is no commitment for the duration from the user side, however in reserved instances one has to stick to the time period that he has chosen.

9. How to use the processor state control feature available on the  c4.8xlarge instance?

The processor state control consists of 2 states:

• The C state – Sleep state varying from c0 to c6. C6 being the deepest sleep state for a processor
• The P state – Performance state p0 being the highest and p15 being the lowest possible frequency.

Now, why the C state and P state. Processors have cores, these cores need thermal headroom to boost their performance. Now since all the cores are on the processor the temperature should be kept at an optimal state so that all the cores can perform at the highest performance

Now how will these states help in that? If a core is put into sleep state it will reduce the overall temperature of the processor and hence other cores can perform better. Now the same can be  synchronized with other cores, so that the processor can boost as many cores it can by timely putting other cores to sleep, and thus get an overall performance boost.

Concluding, the C and P state can be customized in some EC2 instances like the c4.8xlarge instance and thus you can customize the processor according to your workload.

10. What kind of network performance parameters can you expect when you launch instances in cluster placement group?

The network performance depends on the instance type and network performance specification, if launched in a placement group you can expect up to

• 10 Gbps in a single-flow,
• 20 Gbps in multiflow i.e full duplex
• Network traffic outside the placement group will be limited to 5 Gbps(full duplex).

11. To deploy a 4 node cluster of Hadoop in AWS which instance type can be used?

First let’s understand what actually happens in a Hadoop cluster, the Hadoop cluster follows a master slave concept. The master machine processes all the data, slave machines store the data and act as data node. Since all the storage happens at the slave, a higher capacity hard disk would be recommended and since master does all the processing, a higher RAM and a better CPU is required. Therefore, you can select the configuration of your machine depending on your workload. For e.g. – In this case c4.8xlarge will be preferred for master machine whereas for slave machine we can select i2.large instance.

12. What is an AMI?

An Amazon Machine Image (AMI) is like a template for an EC2, it provides the information required to launch an instance, which is a virtual server in the cloud. You specify an AMI when you launch an instance, and you can launch as many instances from the AMI as you need. You can also launch instances from as many different AMIs as you need. For example: If you want to launch a windows instance, you would select a windows AMI, and the console will launch a Windows instance for you, you can launch multiple windows instances, but you will select the Windows AMI.

An AMI includes the following:

• A template for the root volume for the instance (such as an operating system, an application server, and applications)
• Launch permissions that control which AWS accounts can use the AMI to launch instances
• A block device mapping that specifies the volumes to attach to the instance when it’s launched

13. What is the difference between Instance and AMI?

AMIs are like templates of virtual machines and an instance is derived from an AMI. We can launch different types of instances from a single AMI. Each instance type offers different types of capabilities. For example, a different set of memory and CPU combo.

14. How do you get an authentication to a Windows vs Ubuntu instance in AWS?

When you launch any instance you will get a key pair which is of .pem extension. To launch an Ubuntu instance, we just have to attach the private key, which can be extracted from the pem file and we are good to go, in windows we have to extract the password from the key pair and enter that password when you are prompted for the same.

15. How do you choose an Availability Zone?

Let’s understand this through an example, consider the there’s a company which has user base in India as well as in the US.

Let us see how we will choose the region for this use case :

So the regions to choose between are, Mumbai and North Virginia. Now let us first compare the pricing, you would have hourly prices, which can be converted to your per month figure, here North Virginia emerges as a winner. But pricing cannot be the only parameter to consider. Performance should also be kept in mind. So latency basically is the time that a server takes to respond to your requests i.e the response time. North Virginia wins again!

So concluding, North Virginia should be chosen for this use case.

16. Explain how to launch EC2 instance in an Availability Zone?

Each region is independent in AWS and further consists of Availability Zones which are isolated, but are connected with a low latency link to other AZ’s in the same region. When you view your resources, you’ll only see the resources tied to the region you have specified. To launch an EC2 instance, you must select an AMI that’s in the same region (if the AMI is in another region then you can copy the AMI to the region you are using) and then you will be selecting an Availability Zone or you can let AWS choose it for you automatically.

17. What is an Elastic IP address?

There are basically two types of IP addresses. Public IP addresses and private IP addresses. To be connected to the internet each device or computer is assigned a unique IP address, so that it can be recognized uniquely among all the devices connected to the internet. Then there are private IP addresses which are used in internal networks like a local area network for a company. Now, since public IP addresses are finite, every time a computer is disconnected from the Internet, the public IP address of that computer is detached from it and  is returned to the pool of unassigned public IP addresses and whenever another device has to be connected to the internet, it is assigned to it.

Now coming back to the question, Elastic IP addresses are not returned to the pool once you disconnect from the internet, it stays with your device or computer, in our case an instance, as long as you  manually detach it. Therefore they are static public IP addresses.

18. Is one Elastic IP address enough for every instance that I have running?

Yes, every instance comes with its own private address and a public address. The private address is used to return to the Amazon EC2 when the instance is stopped or terminated, and the public address is associated exclusively with the instance until it is stopped or terminated, and this can be replaced by the Elastic IP address, which stays with the instance as long as the user doesn’t manually detach it. 

19. Why am I limited to 5 Elastic IP addresses per region?

Since Public (IPV4) internet addresses are a scarce resource, there is only a limited amount of public IP space available, imagine if one person buys all the Elastic IP addresses, what will the other internet users do? Amazon EC2 is committed to help use this space efficiently. If someone needs more than 5 they can apply for it on the AWS Console.

20. What are the best practices for Security in Amazon EC2?

There are several best practices to secure Amazon EC2. A few of them are given below:

• Use AWS Identity and Access Management (IAM) to control access to your AWS resources.
• Restrict access by only allowing trusted hosts or networks to access ports on your instance.
• Review the rules in your security groups regularly, and ensure that you apply the principle of least
• Privilege – only open up permissions that you require.
• Disable password-based logins for instances launched from your AMI. Passwords can be found or cracked, and are a security risk.

Learn To Use AWS Tools

Section 3: Amazon Storage

21. What is S3?  What is it used for?  Should encryption be used in S3?

According to Amazon, S3 is storage for the Internet. They define it as a, “simple storage service that offers software developers a highly-scalable, reliable, and low-latency data storage infrastructure at very low costs”.

Amazon S3 provides a web service interface which you can use to store and retrieve any amount of data, at any time, from anywhere on the web. Using this web service, developers can easily build applications that make use of Internet storage.

Encryption should be used for sensitive data, as S3 is a proprietary technology developed by Amazon themselves, and yet to be proven from a security standpoint.

22. Can S3 be used with EC2 instances, if yes, how?

Yes, it can be used for instances with root devices backed by local instance storage. By using Amazon S3, developers have access to the same highly scalable, reliable, fast, inexpensive data storage infrastructure that Amazon uses to run its own global network of web sites. In order to execute systems in the Amazon EC2 environment, developers use the tools provided to load their Amazon Machine Images (AMIs) into Amazon S3 and to move them between Amazon S3 and Amazon EC2.

For a detailed discussion on S3, please refer out S3 AWS blog.

23. What are EBS Volumes?

Elastic Block Store(EBS) is a block level storage device, wherein each block acts as a separate hard drive. These volumes are used with EC2 instances, and each EBS volume can be attached to only one EC2 instance.

24. Should the EBS volumes be unmounted to take a snapshot?

Snapshots are basically copies of the volume, they can be done in real time while the volume is attached to the instance and is in use, but snapshots are just like a screenshot of the data that is present in the volume, it will not contain the data which is locally cached by the ongoing applications, therefore it is recommended to detach the volume cleanly and then take a snapshot, so that all the data is captured.

25. How is the data organized in Amazon Glacier?

You store your data in Amazon Glacier in the form of archives. Each archive has an archive ID attached to it which can be used to retrieve your data later. A single archive can have single or multiple no. of files. Once an archive is complete, it is stored in vaults. Vaults are the collection of archives that you use to organize your data.

26. Explain the mechanism of Transfer Acceleration?

To use transfer acceleration, you first have to enable it on your S3 bucket using the Amazon S3 console. After Transfer Acceleration is enabled, you can point your bucket’s PUT and GET requests to the s3-accelerate endpoint domain name. For standard data transfer, you can continue to use the regular endpoint.

27. How you speed up data transfer in Snowball?

The data transfer can be increased in the following way:  

• By performing multiple copy operations at one time i.e. if the workstation is powerful enough, you can initiate multiple cp commands each from different terminals, on the same Snowball device.
• Copying from multiple workstations to the same snowball.  
• Transferring large files or by creating a batch of small file, this will reduce the encryption overhead.
• Eliminating unnecessary hops i.e. make a setup where the source machine(s) and the snowball are the only machines active on the switch being used, this can hugely improve performance.

Learn AWS from our Experts!

Section 4: AWS VPC

28. What is AWS VPC?

Virtual Private Cloud(VPC), wherein your instances are virtually isolated from other client’s instances on your Cloud Provider’s infrastructure. You can create a VPN connection to your VPC from your data center, this allows you to use your instances as if they were a part of your company’s network. 

29. Can I, if yes, how do I connect a VPC to my corporate datacenter?

Yes, you can do this by establishing a VPN connection between your company’s network and your VPC, this will allow you to interact with your EC2 instances as if they were within your existing network. AWS does not perform Network Address Translation (NAT) on EC2 in a VPC accessed via a VPN connection.

30. Is it possible to change the private IP addresses of an EC2 while it is running/stopped in a VPC?

Primary private IP addresses are attached with the instance throughout its lifetime and cannot be changed, but secondary private addresses can be unassigned, assigned or moved between interfaces or instances at any point.

31. How am i charged and billed for my use of Amazon VPC?

For using or creating VPC there are no charges, usage for other services may be charged, like if you use EC2 with VPC, it will be charged at published rates for those resources. If you connect your VPC to a corporate data center using the optional hardware VPC connection, you will be charged for the time it is in the ‘available’ state. Standard data transfer rates will apply, also partial hours will be billed as full hours.

32. Will I get charged if I use other web services with my VPC?

Usage charges for other Amazon Web Services, including Amazon EC2, will still apply at published rates for those resources. Data transfer charges are not incurred when accessing Amazon Web Services, such as Amazon S3, via your VPC’s Internet gateway. Yes, you will be charged for the other services by the published rates, data transfer rates will also apply except in case of S3 where the data transfer rates are not applicable. If you are accessing AWS resources using your own VPN connection, you will incur Internet data transfer charges.

33. What is CloudFront?

CloudFront is a caching service by AWS, in which the data from client site gets transferred to the nearest edge location and from there the data is routed to your S3 AWS bucket over an optimised network path.

34. What is Transfer Acceleration?

Transfer Acceleration enables fast, easy and secure transfers over long distances by exploiting Amazon’s CloudFront edge technology. 

35. If I’m using Amazon CloudFront, can I use Direct Connect to transfer objects from my own data center?

Yes. Amazon CloudFront supports custom origins including origins from outside of AWS. With AWS Direct Connect, you will pay data transfer rates for origin transfer.

36. If my AWS Direct Connect fails, will I lose my connectivity?

If a second Direct Connect connection has been enabled, and a failure happens, it will switch to the second. It is recommended to enable Bidirectional Forwarding Detection (BFD) when configuring your connections to ensure fast detection and failover. If you have configured a backup IPsec VPN connection instead, all VPC traffic will failover to the VPN connection automatically. Traffic to/from public resources such as Amazon S3 will be routed over the Internet. If you do not have a backup AWS Direct Connect link or a IPsec VPN link, then Amazon VPC traffic will be dropped in the event of a failure. Traffic to/from public resources will be routed over the Internet.

Learn VPC from our Experts!

Section 5: Amazon Database

37. How is Amazon RDS, DynamoDB and Redshift different?

Amazon RDS is a database management service i.e it manages patching, upgrading, backing up of data etc of databases for you without your intervention, DynamoDB is a NoSQL database management service, NoSQL deals with unstructured data, RDS is Db management service for structured data only. Redshift on the other hand, is a data warehouse product and is used in data analysis.

38. Can I run more than one DB instance for Amazon RDS?

Yes. You can run more than one Single-AZ Micro database instance, that too for free! However, any use exceeding 750 instance hours, across all Amazon RDS Single-AZ Micro DB instances, across all eligible database engines and regions, will be billed at standard Amazon RDS prices. For example: if you run two Single-AZ Micro DB instances for 400 hours each in a single month, you will accumulate 800 instance hours of usage, of which 750 hours will be free. You will be billed for the remaining 50 hours at the standard Amazon RDS price.

For a detailed discussion on this topic, please refer our RDS AWS blog.

39. Can I retrieve only a specific element of the data, if I have a nested JSON data in DynamoDB?

Yes. When using the GetItem, BatchGetItem, Query or Scan APIs, you can define a Projection Expression to determine which attributes should be retrieved from the table. Those attributes can include scalars, sets, or elements of a JSON document.

40. What happens to my backups and DB Snapshots if I delete my DB Instance?

When you delete a DB instance, you have an option of creating a final DB snapshot, if you do that you can restore your database from that snapshot. RDS retains this user-created DB snapshot along with all other manually created DB snapshots after the instance is deleted. Automated backups are deleted when the DB Instance is deleted. Only manually created DB Snapshots are retained after the DB Instance is deleted.

41. Which commands are used to update and query data items in Amazon DynamoDB?

Once you create a table using the AWS Management Console or CreateTable API, you can use the PutItem or BatchWriteItem APIs to insert items. To retrieve items you can use GetItem or BatchGetItem, or if composite primary keys are enabled and in use in your table, the Query API to retrieve the item(s) you added to the table.

42. How can I load my data to Amazon Redshift from different data sources like Amazon RDS, Amazon DynamoDB and Amazon EC2?

You can use the COPY command to load data in parallel directly to Amazon Redshift from Amazon EMR, Amazon DynamoDB, or any SSH-enabled host. AWS Data Pipeline provides a high performance, reliable, fault tolerant solution to load data from a variety of AWS data sources. You can use AWS Data Pipeline to specify the data source, desired data transformations, and then execute a pre-written import script to load your data into Amazon Redshift.

43. Can I use Amazon ElastiCache for Memcached with an AWS persistent data store such as Amazon SimpleDB or Amazon RDS?

ElastiCache is an ideal front end for data stores like Amazon RDS, providing a high performance middle tier for applications with extremely high request rates and/or low latency requirements.

Learn AWS from Industry Leaders!

Section 6: AWS Auto Scaling, AWS Load Balancer

44. What is the difference between Scalability and Elasticity?

Scalability is the ability of a system to increase the workload on its current hardware resources to handle the increase in demand, it can be done by increasing the hardware specifications or increasing the processing nodes.

Elasticity is the ability of a system to increase the workload on its current and additional hardware resources when the demand increases(same as scaling) but also rolling back the scaled resources, when the resources are no longer needed. This is particularly helpful in Cloud environments, where a pay per use model is followed.

45. What is auto-scaling?  How does it work?

Autoscaling is a feature of AWS which allows you to configure and automatically provision and spin up new instances without the need of your intervention. You can do this by setting thresholds and metrics to monitor.  When those thresholds are crossed, a new instance of your choosing will be spun up, configured, and rolled into the load balancer pool.

46. When should I use a Classic Load Balancer and when should I use an Application load balancer?

A Classic Load Balancer is ideal for simple load balancing of traffic across multiple EC2 instances, while an Application Load Balancer is ideal for microservices or container-based architectures where there is a need to route traffic to multiple services or load balance across multiple ports on the same EC2 instance.

For a detailed discussion on Auto Scaling and Load Balancer, please refer our EC2 AWS blog.

47. How many connections will my load balanced Amazon Ec2 instances need to accept from each Classic load balancer?

Classic Load Balancers do not cap the number of connections that they can attempt to establish with your load balanced Amazon EC2 instances. You can expect this number to scale with the number of concurrent HTTP, HTTPS, or SSL requests or the number of concurrent TCP connections that the Classic load balancers receive.

48. Can i use a combination of Application load balancer and Classic load balancer as part of my deployment?

Yes. You can use both Classic and Application load balancers for 15GB and 15 LCUs respectively. The 750 load balancer hours are shared between both Classic and Application load balancers.

49. A user has setup an Auto Scaling group. The group has failed to launch a single instance for more than 24 hours. What will happen to Auto Scaling in this condition?

• Auto Scaling will keep trying to launch the instance for 72 hours
• Auto Scaling will suspend the scaling process
• Auto Scaling will start an instance in a separate region
• The Auto Scaling group will be terminated automatically

Auto Scaling allows you to suspend and then resume one or more of the Auto Scaling processes in your Auto Scaling group. This can be very useful when you want to investigate a configuration problem or other issue with your web application and then make changes to your application, without triggering the Auto Scaling process.

Enroll NOW!

Section 7: CloudTrail, Route 53

50. What is AWS CloudTrail?

AWS CloudTrail is a logging service by AWS, which logs activities of your AWS resouces.

51. What are the benefits of CloudTrail integration with CloudWatch Logs?

It enables you to receive SNS notifications on the API activity logged by CloudTrail. For example, you can create CloudWatch alarms to monitor API calls that create, modify and delete Security Groups and Network ACLs.

52. What happens if CloudTrail is turned on for my account but my Amazon S3 bucket is not configured with the correct policy?

CloudTrail files are delivered according to S3 bucket policies, if the bucket is not configured or is misconfigured, CloudTrail might not deliver the log files.

53. How do I transfer my existing domain name registration to Amazon Route 53 without disrupting my existing web traffic?

You will need to get a list of the DNS record data for your domain name first, it is generally available in the form of a “zone file” that you can get from your existing DNS provider Once you receive the DNS record data, you can use Route 53’s Management Console or simple web-services interface to create a hosted zone that will store your DNS records for your domain name and follow its transfer process, it also includes steps such as updating the nameservers for your domain name to the ones associated with your hosted zone. For completing the process you have to contact the registrar with whom you registered your domain name and follow the transfer process. As soon as your registrar propagates the new name server delegations, your DNS queries will start to get answered.

54. Can I point my zone apex (example.com versus www.example.com) at my Elastic Load Balancer?

It can be done using the ‘alias’ record in Amazon Route 53 which lets you map your zone apex (example.com) DNS name to your ELB DNS name (i.e. elb1234.elb.amazonaws.com). While scaling or software updates your IP addresses may get changed. For an Alias record Route 53 responds to each request with one or more IP addresses for the load balancer. Queries to Alias records that are mapped to ELB load balancers are free. These queries are listed as “Intra-AWS-DNS-Queries” on the Amazon Route 53 usage report.

Learn AWS Now!

Section 8: AWS SQS, AWS SNS, AWS SES, AWS ElasticBeanstalk

55. What is SQS, SNS, SES?

Simple Queing Service by AWS, is queing service which allows you to queue tasks, which act as a reference to other servers which pick these tasks from this queue.

SNS is simple notification service by AWS which helps in sending notifications to users whenever a trigger occurs.

SES is simple email service by AWS which can be used to broadcast emails to a large set of users.

All of these services can be integrated with other services in AWS and could perform various functions

56. How is buffer used in Amazon web services?

Buffer is used to make the system more resilient to burst of traffic or load by synchronizing different components. The components always receive and process the requests in an unbalanced way. Buffer keeps the balance between different components and makes them work at the same speed to provide faster services.

57. How is AWS Elastic Beanstalk different than AWS OpsWorks?

AWS Elastic Beanstalk is an application management platform while OpsWorks is a configuration management platform. BeanStalk is an easy to use service which is used for deploying and scaling web applications developed with Java, .Net, PHP, Node.js, Python, Ruby, Go and Docker. Customers upload their code and Elastic Beanstalk automatically handles the deployment. The application will be ready to use without any infrastructure or resource configuration.

In contrast, AWS Opsworks is an integrated configuration management platform for IT administrators or DevOps engineers who want a high degree of customization and control over operations.

58. What happens if my application stops responding to requests in beanstalk?

AWS Beanstalk applications have a system in place for avoiding failures in the underlying infrastructure. If an Amazon EC2 instance fails for any reason, Beanstalk will use Auto Scaling to automatically launch a new instance. Beanstalk can also detect if your application is not responding on the custom link, even though the infrastructure appears healthy, it will be logged as an environmental event( e.g a bad version was deployed) so you can take an appropriate action.

59. What is AWS lambda?

AWS Lambda is a serverless compute service by AWS which can run your backend code without you setting up the resources for it i.e you just upload the code and AWS Lambda runs it for you , it’s that simple.

For a detailed discussion on this topic, please refer Lambda AWS blog

60. What restrictions apply to AWS Lambda function code?

Lambda imposes very few restrictions on the code that that you are trying to run, like the OS activities, but there are a few activities that are disabled. For eg: the inbound network connections, also outbound connections are supported by only TCP/IP sockets, and debugging system calls are restricted. TCP port 25 is also restricted as an anti-spam measure.

61. How do I invoke an AWS Lambda function over HTTPS?

It can be done by defining a custom RESTful API using Amazon API gateway, which gives you an endpoint for your function which can respond to REST calls like GET, PUT and POST.

62. What do you mean by ‘message in flight’ in SQS?

Ans. On receiving a message from SQS you can send a processing time back to SQS, this will not remove the message from the queue rather it will put it under ‘messages in flight’ column for the specified time, for example for processing an image say suppose your server takes 5 minutes, on extracting the job message from SQS it replies back with 5 minutes processing time, this ensures if a message has been removed from SQS the job has been processed.

Learn AWS from our Experts!

Section 9: AWS OpsWorks, AWS KMS

63. How is AWS OpsWorks different than AWS CloudFormation?

OpsWorks and CloudFormation both support application modelling, deployment, configuration, management and related activities. Both support a wide variety of architectural patterns, from simple web applications to highly complex applications. AWS OpsWorks and AWS CloudFormation differ in abstraction level and areas of focus.

AWS CloudFormation is a building block service which enables customer to manage almost any AWS resource via JSON-based domain specific language. It provides foundational capabilities for the full breadth of AWS, without prescribing a particular model for development and operations. Customers define templates and use them to provision and manage AWS resources, operating systems and application code.

In contrast, AWS OpsWorks is a higher level service that focuses on providing highly productive and reliable DevOps experiences for IT administrators and ops-minded developers. To do this, AWS OpsWorks employs a configuration management model based on concepts such as stacks and layers, and provides integrated experiences for key activities like deployment, monitoring, auto-scaling, and automation. Compared to AWS CloudFormation, AWS OpsWorks supports a narrower range of application-oriented AWS resource types including Amazon EC2 instances, Amazon EBS volumes, Elastic IPs, and Amazon CloudWatch metrics.

64. What are lifecycle events of AWS OpsWorks?

AWS OpsWorks creates events that correspond to lifecycle stages. These events can be used to trigger Chef recipes on each instance to perform specific configuration tasks. OpsWorks leverages Chef recipes to perform basic management for each event based on the type of layer. You can also create custom recipes to script any configuration change that your application needs for a specific lifecycle event. The following lifecycle events are supported:

Setup is sent to the instance when it is instantiated or successfully booted. For example, you could trigger a Chef recipe for a Rails application server that installs dependencies like Apache, Ruby, Passenger, and Ruby on Rails.

Configure notifies all instances whenever the state of the stack changes. For example, when a new instance is successfully added to an application server layer, the configure event triggers a Chef recipe that updates the OpsWorks Load Balancer layer configuration to reflect the added application server instance.

Deploy is triggered whenever an application is deployed. For example, you could trigger a Chef recipe for a Rails application server that executes the tasks needed to check out and download your application and tells Passenger to reload it.

Undeploy is sent when you delete an application. For example, the undeploy event can trigger a custom Chef recipe that specifies any cleanup steps that need to be run, such as deleting database tables.

Shutdown is sent to an instance 45 seconds before actually stopping the instance. For example, the shutdown event can trigger a custom Chef recipe that shuts down services.

65. What happens when one of the resources in a stack cannot be created successfully in AWS OpsWorks?

When an event like this occurs, the “automatic rollback on error” feature is enabled, which causes all the AWS resources which were created successfully till the point where the error occurred to be deleted. This is helpful since it does not leave behind any erroneous data, it ensures the fact that stacks are either created fully or not created at all. It is useful in events where you may accidentally exceed your limit of the no. of Elastic IP addresses or maybe you may not have access to an EC2 AMI that you are trying to run etc.

66. What automation tools can you use to spinup servers?

Any of the following tools can be used:

• Roll-your-own scripts, and use the AWS API tools.  Such scripts could be written in bash, perl or other language or your choice.
• Use a configuration management and provisioning tool like puppet or its successor Opscode Chef.  You can also use a tool like Scalr.
• Use a managed solution such as Rightscale.

67. What is Identity Federation?

AWS Identity and Access Management (IAM) supports identity federation for delegated access to the AWS Management Console or AWS APIs. With identity federation, external identities are granted secure access to resources in your AWS account without having to create IAM users. These external identities can come from your corporate identity provider (such as Microsoft Active Directory or from the AWS Directory Service) or from a web identity provider (such as Amazon Cognito, Login with Amazon, Facebook, Google, or any OpenID Connect-compatible provider).

68. Is it possible to use AWS Identity & Access Management (IAM) with AWS OpsWorks?

Yes, OpsWorks supports IAM users, permissions, and roles. You can designate permissions by user, including view, deploy, and manage. You can also specify which users can ssh directly into instances. OpsWorks support for IAM roles lets you give a user access to OpsWorks without having to give access to dependent services like EC2. For example, you can explicitly deny a user the ability to perform EC2 actions, but the user can still control EC2 instances through OpsWorks if they have OpsWorks permissions to deploy or manage stack resources. This lets you prevent an OpsWorks user from inadvertently stopping an instance from the EC2 console.

69. What’s the difference between an “imported” vs. “generated” key by KMS?

There are two main differences between a key that you import vs. a key created for you by KMS:

1. You must securely maintain a copy of your imported keys in your key management infrastructure so that you can re-import them at any time. AWS ensures the availability, security, and durability of keys generated by KMS on your behalf until you schedule the keys for deletion.
2. You may set an expiration period for an imported key to automatically delete the key from KMS after the expiration period. You may also delete an imported key on demand without deleting the underlying customer master key. Further, you can manually disable or delete a customer master key with an imported key at any time. A key generated by KMS can only be disabled or scheduled for deletion, it cannot have an expiration time placed on it.

70. How is my data encrypted in AWS KMS?

AWS cloud services uses a method called envelope encryption to encrypt and decrypt your data. The way it works is like this:

• There are two keys in KMS, one is called the master key and the other is the data key,
• The master key can encrypt and decrypt the data key.
• Only the data key can be exported from AWS KMS.
• Therefore, to encrypt or decrypt your data, only the data key is used.

Having said that, let’s understand how it happens:

When your data has to be encrypted, a request is made to AWS KMS, in response AWS KMS sends back two data keys.

• An Encrypted data key
• A plain data key

The plain data key is never written to disk is stored in the RAM, and with the help of this key, your data is encrypted in the memory, and soon as the encryption is complete the plain data key is deleted.

On the other hand, the encrypted data key is saved on the disk. Why?

Because, when you would want to decrypt your data you would send this encrypted data key back to AWS KMS, in response it will send back the decrypted key , which again will not be saved on the disk, and will be deleted as soon as decryption finishes in the RAM.

So why all of this? This way your data never leaves your organisation’s premises, and hence your privacy as well as network latency is maintained.

Overwhelmed with all these questions?

We at edureka! are here to help you with every step on your journey, for becoming a AWS Solution Architect, therefore besides this AWS Architect Interview Questions we have come up with a curriculum which covers exactly what you would need to crack the Solution Architect Exam! You can have a look at the course details for AWS training here. 

Enroll Now!

Share on FacebookPlus on Google+

SUBSCRIBE MORE CONTENTS