AWS Questions and Answers
1️⃣ What is the difference between EC2 and ECS?
🔹 Amazon EC2
Amazon EC2 provides virtual servers in the cloud.
You:
-
Manage OS
-
Install dependencies
-
Configure Nginx, Gunicorn
-
Handle scaling manually (or via Auto Scaling)
👉 Suitable for traditional deployments.
🔹 Amazon ECS
Amazon ECS is a container orchestration service.
You:
-
Deploy Docker containers
-
Don’t manage servers directly
-
Scale containers easily
👉 Suitable for Dockerized applications.
Key Differences
| EC2 | ECS |
|---|---|
| Virtual machines | Container orchestration |
| Manual server management | Managed container scheduling |
| More control | More automation |
| Good for legacy apps | Best for microservices |
2️⃣ How Does Auto Scaling Work?
Amazon EC2 Auto Scaling automatically adjusts the number of EC2 instances based on load.
How It Works:
-
Define a Launch Template (AMI + instance type)
-
Create Auto Scaling Group (ASG)
-
Attach scaling policies
-
Monitor metrics via Amazon CloudWatch
Example:
-
If CPU > 70% → Add new instance
-
If CPU < 30% → Remove instance
Backend Scenario:
During sale traffic:
-
Instances scale from 2 → 6 automatically
-
Load balancer distributes traffic
3️⃣ What is IAM Role vs IAM User?
Using AWS Identity and Access Management (IAM):
🔹 IAM User
-
Permanent identity
-
Used by humans
-
Has username + password or access keys
🔹 IAM Role
-
Temporary permissions
-
Assigned to AWS services
-
No password or long-term credentials
4️⃣ How Does S3 Ensure Durability?
Amazon S3 provides 11 9’s durability (99.999999999%).
How?
-
Stores objects across multiple devices
-
Data replicated across multiple Availability Zones
-
Automatic integrity checks
-
Self-healing storage
Backend Use Case:
-
User profile images
-
Invoices
-
Backups
-
Static files
If one data center fails → data is still safe.
5️⃣ What is Multi-AZ in RDS?
Amazon RDS Multi-AZ deployment:
-
Primary database runs in one Availability Zone
-
Standby replica runs in another AZ
-
Automatic failover if primary fails
Why Important?
Prevents downtime in:
-
Server crashes
-
Network failure
-
Maintenance events
Multi-AZ = High Availability
Read Replica = Performance Scaling
Don’t confuse them.
6️⃣ How to Design a High-Availability API Architecture?
This is a very common system design question.
🔹 Components Required:
-
Amazon Route 53 – DNS
-
Elastic Load Balancing – Traffic distribution
-
Amazon EC2 Auto Scaling – App scaling
-
Amazon RDS – Multi-AZ DB
-
Amazon S3 – Media storage
-
Amazon CloudWatch – Monitoring
Architecture Flow:
Users↓Route 53↓Load Balancer↓Auto Scaling EC2 Instances (Django)↓RDS (Multi-AZ)↓S3 (Media Files)↓CloudWatch MonitoringKey Design Principles:
✔ No single point of failure✔ Multi-AZ deployment✔ Horizontal scaling✔ Separate DB from app server✔ Store files outside EC2✔ Enable monitoring & alerts1️⃣ What is the difference between ECS and EKS?
🔹 Amazon ECS
Amazon ECS is AWS’s native container orchestration service.
Fully managed by AWS
Easier to set up
Deep AWS integration
Uses task definitions
No need to manage Kubernetes control plane
👉 Best for teams that want simplicity and tight AWS integration.
🔹 Amazon EKS
Amazon EKS is a managed Kubernetes service.
Runs standard Kubernetes
Portable across cloud providers
More flexible
Steeper learning curve
Best for microservices, large-scale systems, or multi-cloud strategy.
ECS EKS AWS-native Kubernetes-based Easier setup More complex Good for simple Docker apps Best for microservices Less portability Cloud portable If company already uses Kubernetes → choose EKS.If simple Docker-based app → ECS is faster and easier.
2️⃣ How Does VPC Work?
Amazon VPC (Virtual Private Cloud) is your private network inside AWS.
Think of it as your own data center network.
Core Components:
Subnets (Public & Private)
Route Tables
Internet Gateway
NAT Gateway
Security Groups
Network ACLs
Example Architecture:
VPC
├── Public Subnet (Load Balancer)├── Private Subnet (EC2 App Servers)└── Private Subnet (RDS Database)How It Works:
You create a VPC.
Define IP range (CIDR block).
Create subnets inside it.
Attach Internet Gateway for public access.
Use Security Groups to control traffic.
3️⃣ What is NAT Gateway?
NAT Gateway allows private subnet instances to access the internet without being publicly accessible.
Why Needed?
Example:
Your EC2 app server is in a private subnet.
It needs to:
Install packages
Access third-party APIs
Pull Docker images
But you don’t want it publicly exposed.
4️⃣ How Do You Secure a Public API on AWS?
This is a very common backend interview question.
Here’s a production-ready answer:
Step 1: Use HTTPS
Use:
SSL via ACM
Attach certificate to Load Balancer
Step 2: Use Security Groups
Allow:
Port 443 (HTTPS)
Restrict SSH (22) to your IP only
Step 3: Put EC2 in Private Subnet
Only Load Balancer should be public.
EC2 should not have public IP.
Step 4: Use IAM Roles
Use:
AWS Identity and Access Management
Never store:
AWS keys in code
Secrets in GitHub
Step 5: Enable WAF
Use:AWS WAFProtect against:
SQL Injection
XSS
DDoS
Bot attacks
Step 6: Rate Limiting
Use:
API Gateway throttling
Load Balancer rules
Application-level rate limiting
5️⃣ How to Reduce AWS Cost in Production?
Very important for senior roles.
1. Use Right Instance Types
Choose:
t3/t4g for small apps
Avoid over-provisioning
2. Enable Auto Scaling
Use:Amazon EC2 Auto ScalingScale down during low traffic.
3. Use Reserved Instances / Savings Plans
Commit long-term usage for:
RDS
EC2
Save up to 30–60%.
4. Use S3 Lifecycle Policies
With:Amazon S3Move old files to:
S3 Glacier
Infrequent Access
5. Monitor with Cost Explorer
Use:AWS Cost ExplorerTrack:
Unused resources
Idle load balancers
Unattached EBS volumes
6. Turn Off Non-Production Environments
Stop:
Dev EC2 at night
Unused test databases
To reduce AWS cost:
Right-size resources
Enable auto scaling
Use reserved pricing
Monitor usage regularly
Remove unused infrastructure
Comments
Post a Comment