AWS Interview Questions Set 05

81. Explain Connection Draining

Connection Draining is an AWS service that allows us to serve current requests on the servers that are either being decommissioned or updated.

By enabling this Connection Draining, we let the Load Balancer make an outgoing instance finish its existing requests for a set length of time before sending it any new requests. A departing instance will immediately go off if Connection Draining is not enabled, and all pending requests will fail.

82. What is Power User Access in AWS?

The AWS Resources owner is identical to an Administrator User. The Administrator User can build, change, delete, and inspect resources, as well as grant permissions to other AWS users.

Administrator Access without the ability to control users and permissions is provided to a Power User. A Power User Access user cannot provide permissions to other users but has the ability to modify, remove, view, and create resources.

83. How is AWS CloudFormation different from AWS Elastic Beanstalk?

Here are some differences between AWS CloudFormation and AWS Elastic Beanstalk:

• AWS CloudFormation helps you provision and describe all of the infrastructure resources that are present in your cloud environment. On the other hand, AWS Elastic Beanstalk provides an environment that makes it easy to deploy and run applications in the cloud.
• AWS CloudFormation supports the infrastructure needs of various types of applications, like legacy applications and existing enterprise applications. On the other hand, AWS Elastic Beanstalk is combined with the developer tools to help you manage the lifecycle of your applications.

84. What are the elements of an AWS CloudFormation template?

AWS CloudFormation templates are YAML or JSON formatted text files that are comprised of five essential elements, they are:

• Template parameters
• Output values
• Data tables
• Resources
• File format version

85. What happens when one of the resources in a stack cannot be created successfully?

If the resource in the stack cannot be created, then the CloudFormation automatically rolls back and terminates all the resources that were created in the CloudFormation template. This is a handy feature when you accidentally exceed your limit of Elastic IP addresses or don’t have access to an EC2 AMI.

86. How can you automate EC2 backup using EBS?

Use the following steps in order to automate EC2 backup using EBS:

1. Get the list of instances and connect to AWS through API to list the Amazon EBS volumes that are attached locally to the instance.
2. List the snapshots of each volume, and assign a retention period of the snapshot. Later on, create a snapshot of each volume.
3. Make sure to remove the snapshot if it is older than the retention period.

87. What is the difference between EBS and Instance Store?

EBS is a kind of permanent storage in which the data can be restored at a later point. When you save data in the EBS, it stays even after the lifetime of the EC2 instance. On the other hand, Instance Store is temporary storage that is physically attached to a host machine. With an Instance Store, you cannot detach one instance and attach it to another. Unlike in EBS, data in an Instance Store is lost if any instance is stopped or terminated.

88. Can you take a backup of EFS like EBS, and if yes, how?

Yes, you can use the EFS-to-EFS backup solution to recover from unintended changes or deletion in Amazon EFS. Follow these steps:

1. Sign in to the AWS Management Console
2. Click the launch EFS-to-EFS-restore button
3. Use the region selector in the console navigation bar to select region
4. Verify if you have chosen the right template on the Select Template page
5. Assign a name to your solution stack
6. Review the parameters for the template and modify them if necessary

89. How do you auto-delete old snapshots?

Here’s the procedure for auto-deleting old snapshots:

• As per procedure and best practices, take snapshots of the EBS volumes on Amazon S3.
• Use AWS Ops Automator to handle all the snapshots automatically.
• This allows you to create, copy, and delete Amazon EBS snapshots.

82. What is Power User Access in AWS?

The AWS Resources owner is identical to an Administrator User. The Administrator User can build, change, delete, and inspect resources, as well as grant permissions to other AWS users.

90. What are the different types of load balancers in AWS?

There are three types of load balancers that are supported by Elastic Load Balancing:

1. Application Load Balancer
2. Network Load Balancer
3. Classic Load Balancer

91. What are the different uses of the various load balancers in AWS Elastic Load Balancing?

• Application Load Balancer

Used if you need flexible application management and TLS termination.

• Network Load Balancer

Used if you require extreme performance and static IPs for your applications.

• Classic Load Balancer

Used if your application is built within the EC2 Classic network

92. What Is Identity and Access Management (IAM) and How Is It Used?

Identity and Access Management ( IAM) is a web service for securely controlling access to AWS services. IAM lets you manage users, security credentials such as access keys, and permissions that control which AWS resources users and applications can access.

93. How can you use AWS WAF in monitoring your AWS applications?

AWS WAF for AWS Web Application Firewall protects your web applications from web exploitations. It helps you control the traffic flow to your applications. With WAF, you can also create custom rules that block common attack patterns. It can be used for three cases: allow all requests, prevent all requests, and count all requests for a new policy.

94. What are the different AWS IAM categories that you can control?

Using AWS IAM, you can do the following:

• Create and manage IAM users
• Create and manage IAM groups
• Manage the security credentials of the users
• Create and manage policies to grant access to AWS services and resources

95. What are the policies that you can set for your users’ passwords?

Here are some of the policies that you can set:

• You can set a minimum length of the password, or you can ask the users to add at least one number or special characters in it.

• You can assign requirements of particular character types, including uppercase letters, lowercase letters, numbers, and non-alphanumeric characters.
• You can enforce automatic password expiration, prevent reuse of old passwords, and request for a password reset upon their next AWS sign in.
• You can have the AWS users contact an account administrator when the user has allowed the password to expire. 

96. What is the difference between an IAM role and an IAM user?

The two key differences between the IAM role and IAM user are:

• An IAM role is an IAM entity that defines a set of permissions for making AWS service requests, while an IAM user has permanent long-term credentials and is used to interact with the AWS services directly.  
• In the IAM role, trusted entities, like IAM users, applications, or an AWS service, assume roles whereas the IAM user has full access to all the AWS IAM functionalities.

97. What are the managed policies in AWS IAM?

There are two types of managed policies; one that is managed by you and one that is managed by AWS. They are IAM resources that express permissions using IAM policy language. You can create, edit, and manage them separately from the IAM users, groups, and roles to which they are attached.

98. Can you give an example of an IAM policy and a policy summary?

Here’s an example of an IAM policy to grant access to add, update, and delete objects from a specific folder.

99. How does AWS IAM help your business?

IAM enables to:

• Manage IAM users and their access – AWS IAM provides secure resource access to multiple users
• Manage access for federated users – AWS allows you to provide secure access to resources in your AWS account to your employees and applications without creating an IAM role.

100. What Is Amazon Route 53?

Amazon Route 53 is a scalable and highly available Domain Name System (DNS). The name refers to TCP or UDP port 53, where DNS server requests are addressed.

101. What Is Cloudtrail and How Do Cloudtrail and Route 53 Work Together? 

CloudTrail is a service that captures information about every request sent to the Amazon Route 53 API by an AWS account, including requests that are sent by IAM users. CloudTrail saves log files of these requests to an Amazon S3 bucket. CloudTrail captures information about all requests. You can use information in the CloudTrail log files to determine which requests were sent to Amazon Route 53, the IP address that the request was sent from, who sent the request, when it was sent, and more.

102. What is the difference between Latency Based Routing and Geo DNS?

The Geo Based DNS routing takes decisions based on the geographic location of the request. Whereas, the Latency Based Routing utilizes latency measurements between networks and AWS data centers. Latency Based Routing is used when you want to give your customers the lowest latency possible. On the other hand, Geo Based routing is used when you want to direct the customer to different websites based on the country or region they are browsing from. 

103. What is the difference between a Domain and a Hosted Zone?

Domain

A domain is a collection of data describing a self-contained administrative and technical unit. 

Hosted zone

A hosted zone is a container that holds information about how you want to route traffic on the internet for a specific domain. 

104. How does Amazon Route 53 provide high availability and low latency?

Here’s how Amazon Route 53 provides the resources in question:

Globally Distributed Servers

Amazon is a global service and consequently has DNS services globally. Any customer creating a query from any part of the world gets to reach a DNS server local to them that provides low latency. 

Dependency

Route 53 provides a high level of dependability required by critical applications

Optimal Locations

Route 53 uses a global any cast network to answer queries from the optimal position automatically. 

105. How does AWS config work with AWS CloudTrail?

AWS CloudTrail records user API activity on your account and allows you to access information about the activity. Using CloudTrail, you can get full details about API actions such as the identity of the caller, time of the call, request parameters, and response elements. On the other hand, AWS Config records point-in-time configuration details for your AWS resources as Configuration Items (CIs). 

You can use a CI to ascertain what your AWS resource looks like at any given point in time. Whereas, by using CloudTrail, you can quickly answer who made an API call to modify the resource. You can also use Cloud Trail to detect if a security group was incorrectly configured.

106. Can AWS Config aggregate data across different AWS accounts?

Yes, you can set up AWS Config to deliver configuration updates from different accounts to one S3 bucket, once the appropriate IAM policies are applied to the S3 bucket.

107. How are reserved instances different from on-demand DB instances?

Reserved instances and on-demand instances are the same when it comes to function. They only differ in how they are billed.

Reserved instances are purchased as one-year or three-year reservations, and in return, you get very low hourly based pricing when compared to the on-demand cases that are billed on an hourly basis.

108. Which type of scaling would you recommend for RDS and why?

There are two types of scaling – vertical scaling and horizontal scaling. Vertical scaling lets you vertically scale up your master database with the press of a button. A database can only be scaled vertically, and there are 18 different instances in which you can resize the RDS. On the other hand, horizontal scaling is good for replicas. These are read-only replicas that can only be done through Amazon Aurora.

109. What is a maintenance window in Amazon RDS? Will your DB instance be available during maintenance events?

RDS maintenance window lets you decide when DB instance modifications, database engine version upgrades, and software patching have to occur. The automatic scheduling is done only for patches that are related to security and durability. By default, there is a 30-minute value assigned as the maintenance window and the DB instance will still be available during these events though you might observe a minimal effect on performance.

110. What are the consistency models in DynamoDB?

There are two consistency models In DynamoDB. First, there is the Eventual Consistency Model, which maximizes your read throughput. However, it might not reflect the results of a recently completed write. Fortunately, all the copies of data usually reach consistency within a second. The second model is called the Strong Consistency Model. This model has a delay in writing the data, but it guarantees that you will always see the updated data every time you read it. 

111. What type of query functionality does DynamoDB support?

DynamoDB supports GET/PUT operations by using a user-defined primary key. It provides flexible querying by letting you query on non-primary vital attributes using global secondary indexes and local secondary indexes.