CtrlS AWS Engineer Interview Questions and Answers

NLB and ALB are both AWS load balancers, but NLB operates at the transport layer while ALB operates at the application layer.

• NLB is designed for extreme performance and low latency, making it suitable for TCP and UDP traffic.

• ALB provides advanced routing capabilities and supports HTTP, HTTPS, and WebSocket protocols.

• NLB supports static IP addresses, while ALB uses dynamic IP addresses.

• ALB supports content-based routing and can route requests based on URL path or host headers....read more

IAM user is an entity that represents a person or application, while IAM role is an entity that represents a set of permissions.

• IAM user is associated with long-term credentials (access key and secret access key) and is used to directly interact with AWS services.

• IAM role does not have long-term credentials and is assumed by trusted entities, such as AWS services or applications running on EC2 instances.

• IAM user has a fixed set of permissions, while IAM role can have temporar...read more

Security groups and NACLs are both used for network security in AWS, but they operate at different levels of the network stack.

• Security groups are stateful and operate at the instance level, controlling inbound and outbound traffic based on port, protocol, and IP addresses.

• NACLs are stateless and operate at the subnet level, controlling traffic based on subnet IP addresses, port ranges, and protocol numbers.

• Security groups are evaluated before NACLs, and if a security group a...read more

Route 53 is a DNS web service that routes end users to internet applications by translating domain names to IP addresses.

• Routing policies include simple, weighted, latency-based, failover, geolocation, and multivalue answer.

• Simple routing policy sends traffic to a single resource.

• Weighted routing policy distributes traffic based on assigned weights.

• Latency-based routing policy sends traffic to the region with the lowest latency.

• Failover routing policy routes traffic to a stan...read more

VPC Endpoint in Amazon S3 allows direct access to S3 from within a VPC without going over the internet.

• VPC Endpoint provides a secure and private connection between VPC and S3.

• It eliminates the need for a NAT gateway or VPN connection.

• It improves security by keeping traffic within the AWS network.

• It reduces data transfer costs and improves performance.

• Examples: accessing S3 buckets from EC2 instances in a VPC, using S3 as a data source for AWS Glue jobs.

Read replica is a copy of the primary database instance in RDS that allows read-only access to the data.

• Read replicas can be used to offload read traffic from the primary database instance.

• They can be created in the same region or in a different region for disaster recovery purposes.

• Read replicas are asynchronous, meaning that changes made to the primary instance may not be immediately reflected in the read replica.

• They can be promoted to become the new primary instance in ca...read more