AWS Interview Questions

Last updated on Nov 20, 2023

AWS stands for Amazon Web Services, which is a cloud computing platform. It provides cloud services in the form of small building blocks that help in creating and deploying various types of applications in the cloud. These sequences of small blocks are integrated for delivering the services in a highly scalable manner. 

In this article, you can go through the set of aws interview questions most frequently asked in the interview panel. This will help you crack the interview as the topmost industry experts curate these at HKR training.

Most Frequently Asked AWS Interview Questions and Answers

Let us have a quick review of the aws interview questions.

What Is Amazon Virtual Private Cloud (amazon Vpc)?

Ans: It launches AWS resources into the virtual network. VPC allows users to create and customize network configurations according to the users business needs.

Take your career to next level in AWS with HKR. Enroll now to get  Aws Online Training 

Define and explain the three basic types of cloud services and the AWS products that are built based on them?

Ans: These are three basic types of cloud services and the built is based on these cloud services types.

  1. Computing: The services include EC2, Elastic Beanstalk, Lambda, Auto-Scaling, and Lightsat.
  2. Storage: The services include S3, Glacier, Elastic Block Storage, Elastic File System.
  3. Networking: The services include VPC, Amazon CloudFront, Route53.

What are the Main Components of AWS?


  • Simple Email Service: It allows sending the emails with the use of regular SMTP or by using a restful API call.
  • Route 53: This component is a DNS web service.
  • Simple Storage Device S3: It is a storage device service in AWS Identity and Access Management. 
  • Elastic compute cloud( EC2): This component of AWS acts as an on-demand computing resource for hosting applications. EC2 is helpful in time of uncertain workloads. 
  • Elastic Block Store: It allows for storing the constant volumes of data that is integrated with EC2 and enables you to data persist. 
  • Cloud watch: It allows for watching the critical areas of the AWS where you can also set a reminder for troubleshooting. 

What are the different types of instances?

Ans: Different types of instances are.

  • General purpose
  • Computer Optimized
  • Memory Optimized
  • Storage Optimized
  • Accelerated Computing

List different types of cloud services.

Ans: The cloud services are.

  • Software as a Service (SaaS)
  • Data as a Service (DaaS)
  • Platform as a Service (PaaS)
  • Infrastructure as a Service (IaaS)

What is auto-scaling?

Ans: Auto-scaling is a function that allows providers and launches new instances when there is a demand. It allows us to increase or decrease the capacity of the resources automatically in relation to the demand.

What is an EIP?

Ans: EIP stands for Elastic IP address which is a static Ipv4 address offered by AWS that manages the dynamic cloud computing services. For instance, if there is a need for Ipv4 then connect your AWS account with EIP. You will then be associated with the EIP which enables communication with the internet.

What is CloudFront?

Ans: It is a content delivery network of AWS. The CloudFront will speed up the distribution of dynamic and static web content such as .css, .js, .html and image files to the users. The content is delivered with low latency and high-speed transfer to the users. It provides CDN at a low price and is best suited for startups.

What is geo-targeting in CloudFront?

Ans: Geo-Targeting displays personalized content to the audiences based on the geographic location without changing the URL. It can create customized content for the audience of a specific geographical area, keeping their needs in the forefront.

. What are the native AWS Security logging capabilities?

Ans: Many services of AWS have logging options. Few of them also have account level logging like AWS CloudTrail, AWS Config, and others. 

AWS CloudTrail

  • This service provides a history of the AWS API calls for every account. 
  • It lets you perform security analysis, resource change tracking, and compliance auditing of your AWS environment as well. 
  • The best part about this service is that it enables you to configure it to send notifications via AWS SNS when new logs are delivered.

AWS Config 

  • This service helps you to understand the configuration changes that happen in your environment. 
  • This service provides an AWS inventory that includes configuration history, configuration change notification, and relationships between AWS resources. 
  • It can also be configured to send information via AWS SNS when new logs are delivered.

. What is AMI?

Ans: AMI stands for Amazon Machine Image. It contains essential information required for launching an instance and copy of AMI that runs in the cloud. You can download as many examples as possible from multiple AIMs.  

. What is the relationship between an instance and AMI?

Ans: With the use of single AMI multiple instances can be downloaded. An instance type is used to define the hardware of the host computer for your situation. Each instance is unique which provides the facilities in computational and storage capabilities. After installing an instance, it appears similar to a traditional host which interacts the same way as that of a computer.

. What are the types of load balances in EC2?

Ans:  There are three types of load balances in EC2.

  1. Application Load Balancer: It is designed to make routing decisions at the application layer. ALC supports dynamic host port mapping and path-based routings. 
  2. Network Load Balancer: It is designed for making the routing decisions at the transport layer. Per second it can handle millions of requests. With the use of a flow hash routing algorithm, NCL selects the target from the target groups after receiving a connection from the load balancer.  
  3. Classic Load Balancer: It is designed for making the routing decisions either at the application layer or transport layer. A fixed relationship is required between the container instance port and load balancer port.

. What is the difference between stopping and terminating an EC2 instance?

Ans: When the stop is applied in an EC2 instance, a normal shutdown operation is implemented on an instance and it moves to a stopped state. When the termination is applied in an instance, it is then transferred to a stopped state, and the EBS volumes attached to it are deleted and can never be recovered. 

. Name and explain some security products and features available in VPC?

Ans: Here is a selection of security products and features:

  • Security groups: It is a firewall for the EC2 instances, controlling inbound and outbound traffic at the instance level.
  • Network access control lists: It acts as a firewall for the subnets, controlling inbound and outbound traffic at the subnet level.
  • Flow logs: It will capture the inbound and outbound traffic from the network interfaces in your VPC.

. What are the factors to consider while migrating to Amazon Web Services?

Ans: The factors which are considered for migrating to AWS are.

  • Operational Costs which include the cost of infrastructure, ability to match demand and supply, transparency, and others.
  • Workforce Productivity. 
  • Cost avoidance.
  • Operational resilience.
  • Business agility.

. What is Snowball?

Ans: It is an option available in AWS for transporting. With the use of snowball, one can transfer the data into AWS and out of it. It transports the massive data from one destination to another. It reduces network expenditure.

. What is Amazon EMR?

Ans: Amazon EMR is a clustering stage which creates the data structures before the intimation. Big data tools such as Apache Hadoop and Spark enable users to investigate large amounts of data. The data can be used for performing the analytics by using the apache hive and other relevant open source technologies.

. What is the difference between EBS and S3?



  • EBS is highly scalable.
  • It is block storage.
  • EBS performs faster than S3.
  • Users can access EBS only via the given EC2 instance.
  • It supports the File system interface.


  • S3 is less scalable.
  • It is object storage.
  • S3 performs slower than EBS.
  • Anyone can access S3; it is a public instance.
  • It supports Web interface.

. What is RTO and RPO in AWS?


  • RTO stands for Recovery Time Objective which is the maximum time the organization will wait for a recovery to complete in the wake of an outage. 
  • RPO stands for Recovery Point Objective which is the maximum amount of data loss in your organisation that will be accepted as measured in time.

. If you would like to transfer vast amounts of data, which is the best option among Snowball, Snowball Edge, and Snowmobile?

Ans: AWS Snowball is the best option which basically provides a data transport solution for moving high volumes of data into and out of a specified AWS region. The feature of AWS Snowball Edge adds additional computing functions apart from providing a data transport solution. The snowmobile is an exabyte-scale migration service that allows transferring data up to 100 PB.

. How is AWS CloudFormation different from AWS Elastic Beanstalk?

Ans: The differences in AWS CloudFormation and AWS Elastic Beanstalk are as follows:

AWS CloudFormation:

  • It helps in providing all the described infrastructure resources that are present in your cloud environment.
  • It supports the infrastructure needs of various types of applications, like legacy applications and existing enterprise applications. 

AWS Elastic Beanstalk:

  • It provides an environment that makes deployment easy and runs the applications in the cloud.
  • It is combined with the developer tools which helps in managing the lifecycle of your applications.

. What is the difference between block storage and file storage?


Block Storage: The storage functions will work at a lower level and it helps in managing the data asset of blocks. 

File Storage: The file storage is operated at a higher level or operational level and the data is managed in the form of files and folders.  

Subscribe to our YouTube channel to get new updates..!

. How can you automate EC2 backup using EBS?

Ans: The following steps are applied for automating EC2 backup using EBS.

  1. Get the list of instances and connect to AWS through API to list the Amazon EBS volumes that are attached locally to the instance.
  2. For each volume list the snapshots and assign a retention period. After this, create a snapshot of each volume.
  3. Remove the snapshot which is older than the retention period.

. What is the difference between a Domain and a Hosted Zone?



It is a collection of data that describes a self-contained administrative and technical unit. 

Example, “” is a domain and a general DNS concept.

Hosted zone:

It is a container that holds information about routing the traffic on the internet for a specific domain.

. What is the difference between Latency Based Routing and Geo DNS?


Geo DNS:

  • The Geo Based DNS routing takes decisions based on the geographic location of the request
  • Geo Based routing is used while directing the customer to different websites based on the country or region on which they are browsing from. 

Latency based routing:

  • The Latency Based Routing utilizes latency measurements between networks and AWS data centers. 
  • Latency Based Routing is used while providing the lowest latency possible to the customers. 

. How does AWS config work with AWS CloudTrail?


  • AWS CloudTrail records the user API activity on your account and it allows accessing the information about the activity. 
  • Full details can be captured using CloudTrial. The details of API actions such as the identity of the caller, time of the call, request parameters, and response elements. 
  • The AWS Config records point-in-time configuration details for your AWS resources as Configuration Items (CIs). 
  • CI can be used to ascertain what your AWS resource would appear at any given point in time. Using CloudTrail, you are able to quickly answer who made an API call to modify the resource. You can also use Cloud Trail for detecting a security group if it was configured incorrectly.

. What are the different types of virtualization in AWS, and what are the differences between them?

Ans: There are three main virtualization types in AWS.

  1. Hardware Virtual Machine (HVM)
    It is a fully virtualized hardware, where all the virtual machines act separate from each other. These virtual machines boot by executing a master boot record in the root block device of your image.
  2. Paravirtualization (PV)
    Paravirtualization-GRUB is the bootloader that boots the PV AMIs. The PV-GRUB chain loads the kernel specified in the menu.
  3. Paravirtualization on HVM
    ParaVirutalization on HVM helps operating systems to take advantage of storage and network I/O available through the host.

AWS Training

Weekday / Weekend Batches

. What are the best security practices for Amazon EC2?

Ans: The best secure Amazon EC2 practises include the following steps.

  1. Use AWS identity and access management to control access to your AWS resources.
  2. Restrict access by allowing only trusted hosts or networks to access ports on your instance.
  3. Review the rules regularly in your security groups.
  4. Open only the required permissions.
  5. Disable password-based login, for example, launched from your AMI.

. Name some of the DB engines which can be used in AWS RDS.


  • MariaDB
  • OracleDB
  • PostgreDB

. What Are The Connectivity Options For My Vpc?

Ans: You may connect your VPC to:

The Internet (via an Internet gateway)

Your corporate data center using a Hardware VPN connection (via the virtual private gateway)

Both the Internet and your corporate data center (utilizing both an Internet gateway and a virtual private gateway)

Other AWS services (via Internet gateway, NAT, virtual private gateway, or VPC endpoints)

Other VPCs (via VPC peering connections)

. How Do You Connect My Vpc To The Internet?

Ans:Amazon VPC supports the creation of an Internet gateway. This gateway enables Amazon EC2 instances in the VPC to directly access the Internet.

Wish to make a career in the world of AWS? Start with HKR'S  AWS Training in Singapore ! 

AWS Training

  • Master Your Craft
  • Lifetime LMS & Faculty Access
  • 24/7 online expert support
  • Real-world & Project Based Learning

. What Are The Components Of Amazon Vpc?

Ans:Amazon VPC comprises a variety of objects that will be familiar to customers with existing networks:

 A Virtual Private Cloud (VPC): A logically isolated virtual network in the AWS cloud. You define a VPC’s IP address space from a range you select.

Subnet: A segment of a VPC’s IP addresses range where you can place groups of isolated resources.

Internet Gateway: The Amazon VPC side of a connection to the public Internet.

NAT Gateway: A highly available, managed Network Address Translation (NAT) service for your resources in a private subnet to access the Internet.

Hardware VPN Connection: A hardware-based VPN connection between your Amazon VPC and your datacenter, home network, or co-location facility.

Virtual Private Gateway: The Amazon VPC side of a VPN connection.

Customer Gateway: Your side of a VPN connection.

Router: Routers interconnect subnets and direct traffic between Internet gateways, virtual private gateways, NAT gateways, and subnets.

  • Peering Connection: A peering connection enables you to route traffic via private IP addresses between two peered VPCs.

VPC Endpoint for S3: Enables Amazon S3 access from within your VPC without using an Internet gateway or NAT, and allows you to control the access using VPC endpoint p

LI>Egress-only Internet Gateway: A stateful gateway to provide egress only access for IPv6 traffic from the VPC to the Internet

. What Are The Steps To Build A Custom Vpc?

Ans:Below are the steps of build a custome VPC:

Create a VPC

Create subnets

Create an internet gateway (IGW)

Attach the new IGW to your VPC

Create a new route table (RT)

Add the IGW as a route to the new RT

Add a subnet to the RTs subnet associations (this will be the public facing subnet)

Create web server (public subnet) and database server (private subnet) instances

Create a new security group for the NAT instance

Add HTTP and HTTPS inbound rules that allow traffic from the private subnets IP

Create a NAT instance (public subnet).

Community AMIs.

Search for amzn-ami-vpc-natChoose the first image.

Diable Auto-assign Public IP.

Add it to the NAT security group

  1. Create an Elastic IP
  2. Associate the Elastic IP to the NAT
  3. Disable Source/Destination Checks for the NAT
  4. Add the NAT instance as a route to the initial VPC RT

. Why Should You Use Amazon Vpc, Advantage Of Using Aws Vpc?

Ans:Amazon VPC enables you to build a virtual network in the AWS cloud - no VPNs, hardware, or physical datacenters required. You can define your own network space and control how your network, and the Amazon EC2 resources inside your network, is exposed to the Internet. You can also leverage the greatly enhanced security options in Amazon VPC to provide more granular access both to and from the Amazon EC2 instances in your virtual network

. What Is The Difference Between Stateful And Stateless Filtering?

Ans:Stateful filtering tracks the origin of a request and can automatically allow the reply to the request to be returned to the originating computer. For example, a stateful filter that allows inbound traffic to TCP port 80 on a webserver will allow the return traffic, usually on a high numbered port (e.g., destination TCP port 63, 912) to pass through the stateful filter between the client and the webserver. The filtering device maintains a state table that tracks the origin and destination port numbers and IP addresses. Only one rule is required on the filtering device: Allow traffic inbound to the web server on TCP port 80.

 Stateless filtering, on the other hand, only examines the source or destination IP addresss and the destination port, ignoring whether the traffic is a new request or a reply to a request. In the above example, two rules would need to be implemented on the filtering device: one rule to allow traffic inbound to the web server on TCP port 80, and another rule to allow outbound traffic from the webserver.

. Can Amazon Ec2 Instances Within A Vpc Communicate With Amazon Ec2 Instances Not Within A Vpc?

Ans:Yes. If an Internet gateway has been configured, Amazon VPC traffic bound for Amazon EC2 instances not within a VPC traverses the Internet gateway and then enters the public AWS network to reach the EC2 instance. If an Internet gateway has not been configured, or if the instance is in a subnet configured to route through the virtual private gateway, the traffic traverses the VPN connection, egresses from your datacenter, and then re-enters the public AWS network.

. Why Can’t You Ping The Router, Or My Default Gateway, That Connects My Subnets?

Ans:Ping (ICMP Echo Request and Echo Reply) requests to the router in your VPC are not supported. Ping between Amazon EC2 instances within VPC is supported as long as your operating system's firewalls, VPC security groups, and network ACLs permit such traffic.

. Can You Monitor The Network Traffic In Your Vpc?

Ans:Yes. You can use the Amazon VPC Flow Logs feature to monitor the network traffic in your VPC.

. Within Which Amazon Ec2 Region(s) Is Amazon Vpc Available?

Ans:Amazon VPC is currently available in multiple Availability Zones in all Amazon EC2 regions.

. Can A Vpc Span Multiple Availability Zones?


. Can You Use Your Existing Amis In Amazon Vpc?

Ans:You can use AMIs in Amazon VPC that are registered within the same region as your VPC. For example, you can use AMIs registered in us-east-1 with a VPC in us-east-1.

. How Do You Specify Which Availability Zone My Amazon Ec2 Instances Are Launched In?

Ans:When you launch an Amazon EC2 instance you must specify the subnet in which to launch the instance. The instance will be launched in the Availability Zone associated with the specified subnet.

. Are There Any Bandwidth Limitations For Internet Gateways? Do You Need To Be Concerned About Its Availability? Can It Be A Single Point Of Failure?

Ans:No. An Internet gateway is horizontally-scaled, redundant, and highly available. It imposes no bandwidth constraints.

. How Do You Secure Amazon Ec2 Instances Running Within My Vpc?

Ans:Amazon EC2 security groups can be used to help secure instances within an Amazon VPC. Security groups in a VPC enable you to specify both inbound and outbound network traffic that is allowed to or from each Amazon EC2 instance. Traffic which is not explicitly allowed to or from an instance is automatically denied.

In addition to security groups, network traffic entering and exiting each subnet can be allowed or denied via network Access Control Lists (ACLs).

. What Are The Differences Between Security Groups In A Vpc And Network Acls In A Vpc?

Ans:Security groups in a VPC specify which traffic is allowed to or from an Amazon EC2 instance. Network ACLs operate at the subnet level and evaluate traffic entering and exiting a subnet. Network ACLs can be used to set both Allow and Deny rules. Network ACLs do not filter traffic between instances in the same subnet. In addition, network ACLs perform stateless filtering while security groups perform stateful filtering.

. How Do You Determine Which Availability Zone My Subnets Are Located In?

Ans:When you create a subnet you must specify the Availability Zone in which to place the subnet. When using the VPC Wizard, you can select the subnet's Availability Zone in the wizard confirmation screen. When using the API or the CLI you can specify the Availability Zone for the subnet as you create the subnet. If you don’t specify an Availability Zone, the default "No Preference" option will be selected and the subnet will be created in an available Availability Zone in the region.

. When You Call Describeinstances(), Do You See All Of My Amazon Ec2 Instances, Including Those In Ec2-classic And Ec2-vpc?

Ans:Yes. DescribeInstances() will return all running Amazon EC2 instances. You can differentiate EC2-Classic instances from EC2-VPC instances by an entry in the subnet field. If there is a subnet ID listed, the instance is within a VPC.

. When You Call Describevolumes(), Do You See All of My Amazon EbS Volumes, Including Those In Ec2-classic And Ec2-vpc?

Ans:Yes. DescribeVolumes() will return all your EBS volumes.

. Can You Employ Auto Scaling Within Amazon Vpc?


. What Is The Ip Range Of A Default Vpc?

Ans:The default VPC CIDR is Default subnets use /20 CIDRs within the default VPC CIDR.

. How Many Default Vpcs Can You Have?

Ans:You can have one default VPC in each AWS region where your Supported Platforms attribute is set to "EC2-VPC".

. How Many Default Subnets Are In A Default Vpc?

Ans:One default subnet is created for each Availability Zone in your default VPC.

. Can You Launch Amazon Ec2 Cluster Instances In A Vpc?

Ans:Yes. Cluster instances are supported in Amazon VPC, however, not all instance types are available in all regions and Availability Zones.

. What Is A Default Vpc?

Ans:A default VPC is a logically isolated virtual network in the AWS cloud that is automatically created for your AWS account the first time you provision Amazon EC2 resources. When you launch an instance without specifying a subnet-ID, your instance will be launched in your default VPC.

. What Are The Advantage Of A Default Vpc?

Ans:When you launch resources in a default VPC, you can benefit from the advanced networking functionalities of Amazon VPC (EC2-VPC) with the ease of use of Amazon EC2 (EC2-Classic). You can enjoy features such as changing security group membership on the fly, security group egress filtering, multiple IP addresses, and multiple network interfaces without having to explicitly create a VPC and launch instances in the VPC.

. What Accounts Are Enabled For Default Vpc?

Ans:If your AWS account was created after March 18, 2013 your account may be able to launch resources in a default VPC. See this Forum Announcement to determine which regions have been enabled for the default VPC feature set. Also, accounts created prior to the listed dates may utilize default VPCs in any default VPC enabled region in which you’ve not previously launched EC2 instances or provisioned Amazon Elastic Load Balancing, Amazon RDS, Amazon Elastic ache, or Amazon Redshift resources.

. How Can You Know If My Account Is Configured To Use A Default Vpc?

Ans:The Amazon EC2 console indicates which platforms you can launch instances in for the selected region, and whether you have a default VPC in that region. Verify that the region you'll use is selected in the navigation bar. On the Amazon EC2 console dashboard, look for "Supported Platforms" under "Account Attributes". If there are two values, EC2-Classic and EC2-VPC, you can launch instances into either platform. If there is one value, EC2-VPC, you can launch instances only into EC2-VPC. Your default VPC ID will be listed under "Account Attributes" if your account is configured to use a default VPC. You can also use the EC2 DescribeAccountAttributes API or CLI to describe your supported platforms.

. Can You Create Other Vpcs And Use Them In Addition To My Default Vpc?

Ans:Yes. To launch an instance into nondefault VPCs you must specify a subnet-ID during instance launch.

About Author

Ishan is an IT graduate who has always been passionate about writing and storytelling. He is a tech-savvy and literary fanatic since his college days. Proficient in Data Science, Cloud Computing, and DevOps he is looking forward to spreading his words to the maximum audience to make them feel the adrenaline he feels when he pens down about the technological advancements. Apart from being tech-savvy and writing technical blogs, he is an entertainment writer, a blogger, and a traveler.

Upcoming AWS Training Online classes

Batch starts on 17th Apr 2024
Mon & Tue (5 Days) Weekday Timings - 08:30 AM IST
Batch starts on 21st Apr 2024
Mon - Fri (18 Days) Weekend Timings - 10:30 AM IST
Batch starts on 25th Apr 2024
Mon & Tue (5 Days) Weekday Timings - 08:30 AM IST
To Top