100+ AWS Devops Engineer Interview Questions and Answers

To troubleshoot a dying docker container, we can use logs, inspect the container, and check resource usage.

• Check container logs using 'docker logs ' command

• Inspect the container using 'docker inspect ' command to check its status and configuration

• Check resource usage using 'docker stats ' command to see if it's running out of memory or CPU

• Restart the container using 'docker restart ' command if necessary

Terraform will recreate the instance as per the template

• Terraform will detect that the instance is missing and recreate it based on the template

• The new instance will have the same configuration as defined in the template

• Any changes made to the instance outside of Terraform will be lost

Use AWS CLI to sync Linux logs to S3 bucket

• Install AWS CLI on the Linux machine

• Create an S3 bucket and configure IAM role with S3 permissions

• Use AWS CLI command 'aws s3 sync' to sync logs to S3 bucket

• Schedule a cron job to run the backup regularly

There are multiple ways to create a role in AWS.

• Using AWS Management Console

• Using AWS CLI

• Using AWS SDKs

• Using AWS CloudFormation

• Using AWS Identity and Access Management (IAM) APIs

Use AWS Lambda and CloudWatch Events to automate data transfer from DynamoDB to S3 every Friday.

• Create an AWS Lambda function to read data from DynamoDB tables and write to S3 bucket

• Create a CloudWatch Events rule to trigger the Lambda function every Friday

• Ensure that the Lambda function has the necessary permissions to access DynamoDB and S3

• Test the automation job to ensure that data is transferred correctly

Managing projects with repositories involves cloning, staging, committing, branching, merging, pulling, and pushing changes.

• Clone a project to work on a local copy: Use 'git clone ' to create a local copy of the project.

• Control and track changes with Staging and Committing: Use 'git add' to stage changes and 'git commit' to commit them.

• Branch and Merge to allow for work on different parts and versions of a project: Use 'git branch' to create branches and 'git merge' to merge ...read more

I have used code reviews, automated testing, static code analysis tools, and continuous integration to check the quality of code.

• Code reviews by peers to catch bugs and ensure best practices

• Automated testing using tools like Selenium for functional testing and JUnit for unit testing

• Static code analysis tools like SonarQube to identify code smells and potential bugs

• Continuous integration with tools like Jenkins to automate testing and deployment processes

Health checks after creating instances ensure the instances are functioning properly.

• Instance status checks ensure the instance is reachable and responding to traffic.

• System status checks ensure the underlying hardware is functioning properly.

• Example: If an instance fails the system status check, it may indicate a problem with the underlying host hardware.

To create a soft link, use the 'ln -s' command. To create a hard link, use the 'ln' command. To create an empty file, use the 'touch' command.

• To create a soft link: ln -s

• To create a hard link: ln

• To create an empty file: touch

Blue green deployment is a deployment strategy where two identical production environments are used to minimize downtime and risk.

• Blue green deployment involves running two identical production environments, one 'blue' and one 'green'.

• Traffic is routed to the 'blue' environment while the 'green' environment is updated and tested.

• Once the 'green' environment is deemed stable, traffic is switched to it and the 'blue' environment becomes the new staging environment.

• This strategy...read more

The IP range for 500 IPs would typically be a /23 subnet.

• For 500 IPs, you would need at least a /23 subnet.

• A /23 subnet provides 512 IP addresses (2^9 = 512), with 510 usable IPs after subtracting network and broadcast addresses.

• The IP range for a /23 subnet would be from x.x.x.0 to x.x.x.255.

NAT gateway is used to provide internet access to private subnets while internet gateway is used to provide internet access to public subnets.

• NAT gateway is used for outbound traffic while internet gateway is used for inbound and outbound traffic.

• NAT gateway is associated with a private subnet while internet gateway is associated with a public subnet.

• NAT gateway performs network address translation while internet gateway does not.

• Example: NAT gateway is used to allow EC2 inst...read more

Data extraction from Azure blob storage to Amazon S3 can be done using AWS Data Pipeline or Azure Data Factory.

• Create a pipeline in AWS Data Pipeline or a data factory in Azure Data Factory

• Add a copy activity to the pipeline or data factory

• Configure the source as Azure Blob Storage and the destination as Amazon S3

• Provide the necessary credentials and permissions for both sources

• Run the pipeline or data factory to extract the data from Azure Blob Storage to Amazon S3

To create sub directories using mkdir command, use the -p option followed by the directory path.

• Use the command 'mkdir -p directory/subdirectory'

• The -p option creates parent directories if they don't exist

• Multiple subdirectories can be created at once using 'mkdir -p directory/subdirectory1/subdirectory2'

• Use 'mkdir -m' option to set permissions for the directory

Autoscaling was implemented based on CPU utilization and network traffic.

• Autoscaling was implemented to ensure that the application can handle sudden spikes in traffic.

• CPU utilization and network traffic were used as metrics to trigger autoscaling.

• The minimum and maximum number of instances were set based on the expected traffic.

• Load testing was done to determine the optimal scaling thresholds.

• Autoscaling policies were set to gradually add or remove instances to avoid sudden ...read more

Explanation of NACL, Security Groups, Docker Swarm, and Jenkins installation process.

• NACL is a stateless firewall that controls inbound and outbound traffic at the subnet level.

• Security Groups are stateful firewalls that control inbound and outbound traffic at the instance level.

• Docker Swarm is a container orchestration tool that manages a cluster of Docker hosts.

• Jenkins can be installed on a server using a package manager or by downloading and running the Jenkins WAR file.

• Je...read more

To build and push a docker image to ECR, we need to create a Dockerfile, build the image, tag it, login to ECR, push the image to ECR.

• Create a Dockerfile with necessary configurations

• Build the image using docker build command

• Tag the image using docker tag command

• Login to ECR using AWS CLI command aws ecr get-login-password

• Push the image to ECR using docker push command

I faced issues with network connectivity, configuration errors, and dependency mismatches while deploying the application.

• Network connectivity issues causing deployment failures

• Configuration errors leading to incorrect application setup

• Dependency mismatches causing compatibility issues

• Resource constraints impacting deployment performance

Answering questions related to Terraform, VPC, Route 53, S3 bucket, launch templates, and load balancer setup.

• Use Terraform's null_resource and provisioners to handle complex problems

• For deploying a new application in a VPC with exhausted IPs, consider using Elastic Load Balancing to distribute traffic

• Utilize Route 53 for DNS management and routing traffic to the application

• Host a static website on a private S3 bucket by configuring bucket policies and enabling static website...read more

Launch an EC2 instance in a VPC and attach a role using Terraform

• Define a VPC resource in Terraform

• Define a subnet resource within the VPC

• Create a security group for the EC2 instance

• Define an IAM role for the EC2 instance

• Launch an EC2 instance within the subnet and attach the IAM role

Jenkins and Docker can be integrated using Jenkins Docker plugin.

• Install Docker plugin in Jenkins

• Configure Docker Cloud in Jenkins

• Create a Jenkins pipeline job and specify Docker image to be used

• Use Docker commands in Jenkinsfile to build and push Docker images

Ingress controller is a Kubernetes resource that manages external access to services within a cluster.

• Ingress controller acts as a traffic manager, routing incoming traffic to the appropriate services based on rules defined in the Ingress resource.

• It allows for the configuration of HTTP and HTTPS routing, load balancing, SSL termination, and more.

• Popular Ingress controllers include Nginx Ingress Controller, Traefik, and HAProxy.

• Ingress controllers can be used to expose multip...read more

Yes, I have faced issues while creating or monitoring pods in a Kubernetes cluster.

• One common issue is pods getting stuck in a pending state due to resource constraints or scheduling issues.

• Another issue is pods crashing frequently due to misconfigured settings or incompatible container images.

• Monitoring pods can be challenging, especially when dealing with a large number of pods and trying to track their health and performance.

• Troubleshooting networking issues within the clu...read more

To take a backup of a particular table from AWS RDS instance, you can use the AWS Database Migration Service (DMS) or AWS Data Pipeline.

• Use AWS Database Migration Service (DMS) to create a task that includes the specific table you want to backup.

• Alternatively, you can use AWS Data Pipeline to schedule regular backups of the table to Amazon S3.

• Ensure that you have the necessary IAM permissions to perform backup operations on the RDS instance.

Branching strategies in GIT are ways to manage code changes and collaboration among team members.

• Gitflow - a popular branching model that uses a master branch for production-ready code and a develop branch for ongoing development

• Trunk-based development - a strategy where all changes are made directly to the main branch, with frequent merges to keep the codebase up-to-date

• Feature branching - a method where each feature or task is developed on a separate branch, then merged bac...read more

To run a script in bash, use the command 'bash scriptname.sh' or './scriptname.sh' if the script is executable.

• Open the terminal or command prompt

• Navigate to the directory where the script is located

• Use the 'bash' command followed by the script name with the '.sh' extension

• Alternatively, if the script is executable, use './scriptname.sh'

• Ensure the script has the necessary permissions to be executed

Versioning in S3 allows for preserving, retrieving, and restoring every version of an object stored in a bucket.

• Enables recovery from unintended user actions or application failures

• Helps in maintaining different versions of objects for audit or compliance purposes

• Prevents accidental deletion or overwriting of objects

• Useful for tracking changes and rolling back to previous versions if needed

Autoscaling in AWS automatically adjusts the number of EC2 instances in a group based on demand.

• Autoscaling groups are created and configured with minimum and maximum number of instances.

• Scaling policies can be defined to adjust the number of instances based on metrics like CPU utilization or network traffic.

• Autoscaling can be triggered manually or automatically based on CloudWatch alarms or scheduled events.

• Autoscaling can also integrate with Elastic Load Balancing to distri...read more

Maven is a build automation tool used primarily for Java projects. It manages project dependencies and builds the project.

• Maven is based on the concept of a Project Object Model (POM) file, which describes the project structure and dependencies.

• It uses a centralized repository called Maven Central to download dependencies.

• Maven can be used to compile, test, package, and deploy Java applications.

• It provides a consistent and repeatable build process, making it easier to manage ...read more

Grant access to S3 bucket securely by using IAM policies and roles.

• Create an IAM policy with specific permissions for the S3 bucket

• Attach the IAM policy to an IAM role

• Assign the IAM role to the user or group that needs access

• Use bucket policies for more granular control if needed

Pushing a local repo to GitHub

• Navigate to the local repository in the command line

• Add the files to the staging area using 'git add .'

• Commit the changes using 'git commit -m 'Your commit message''

• Link the local repository to the GitHub repository using 'git remote add origin '

• Push the changes to GitHub using 'git push origin master'

VPC stands for Virtual Private Cloud, a virtual network dedicated to your AWS account.

• VPC allows you to create a logically isolated section of the AWS Cloud where you can launch AWS resources.

• You can define your own IP address range, create subnets, configure route tables, and network gateways within a VPC.

• VPC provides security by allowing you to control inbound and outbound traffic to and from your AWS resources.

• You can connect your VPC to your corporate data center using a ...read more

AWS IAM In-line Policy is a policy that is embedded directly into an IAM identity (user, group, or role) rather than being attached separately.

• In-line policies are defined within the IAM identity itself.

• They are useful for granting specific permissions to individual identities without creating separate policies.

• In-line policies are not shared across multiple identities and are managed directly within the identity they are attached to.

VPC stands for Virtual Private Cloud, a virtual network dedicated to your AWS account.

• VPC allows you to create a logically isolated section of the AWS Cloud where you can launch resources in a virtual network.

• It helps in controlling your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways.

• The flow of VPC involves creating a VPC, defining subnets within the VPC, setting up...read more

Use AWS Lambda functions with CloudWatch Events to automatically start/stop instances at specific times.

• Create a Lambda function to start/stop instances

• Set up CloudWatch Events to trigger the Lambda function at specific times

• Use IAM roles to grant necessary permissions to the Lambda function

• Test the setup by scheduling a start/stop event for an instance

There are 24 AWS regions globally, each consisting of multiple availability zones.

• AWS has 24 regions worldwide

• Each region consists of multiple availability zones

• Regions are geographically dispersed to provide low latency and high availability

• Examples of regions include us-east-1, eu-west-1, ap-southeast-2

AWS Config is a service that provides a detailed inventory of AWS resources and their configuration history.

• AWS Config continuously monitors and records changes to resources and their configurations.

• It provides a detailed view of resource inventory, configuration history, and configuration change notifications.

• It helps in compliance auditing, security analysis, and resource change tracking.

• AWS Config rules can be used to evaluate resource configurations against best practices...read more

I primarily use IAC tools like Terraform to create AWS resources for consistency, version control, and automation.

• I prefer using IAC tools like Terraform for creating AWS resources as it allows for infrastructure as code, version control, and automation.

• Using IAC tools ensures consistency in resource creation across environments.

• GUI can be useful for quick prototyping or exploring AWS services, but IAC is more efficient for managing infrastructure at scale.

• Examples of IAC too...read more

A pod in K8s is the smallest deployable unit in Kubernetes, consisting of one or more containers that share resources.

• Pods are used to group containers that need to work together, such as a web server and a database.

• Pods share the same network namespace and can communicate with each other using localhost.

• Pods can be managed, scaled, and monitored as a single unit in Kubernetes.

• Each pod has a unique IP address within the Kubernetes cluster.

Pods communicate with other pods through network communication within the same Kubernetes cluster.

• Pods can communicate with each other using services, which provide a stable endpoint for communication.

• Pods can use DNS names to communicate with other pods within the same cluster.

• Pods can also communicate directly using IP addresses within the cluster network.

• Communication between pods can be secured using network policies.

• Examples: Using Kubernetes services to allow pods to co...read more

ECS is Elastic Container Service and EKS is Elastic Kubernetes Service. Troubleshoot code in paused state by checking logs and restarting tasks. Troubleshoot ingress controller by checking configuration and logs. ALB is Application Load Balancer.

• ECS is a managed container orchestration service by AWS

• EKS is a managed Kubernetes service by AWS

• To troubleshoot code in paused state in ECS, check CloudWatch logs, task definition, and restart tasks if needed

• To troubleshoot ingress c...read more

Kubernetes networking is the way in which different pods and services communicate with each other within a Kubernetes cluster.

• Kubernetes networking allows pods to communicate with each other across nodes in the cluster.

• It uses a flat network model where each pod gets its own IP address.

• Kubernetes networking can be implemented using various plugins like Calico, Flannel, or Cilium.

• Network policies can be defined to control traffic flow between pods.

• Services in Kubernetes provid...read more

Ingress controls the external access to services in a cluster, while service defines a set of pods and how they can be accessed.

• Ingress manages external access to services in a cluster

• Service defines a set of pods and how they can be accessed

• Ingress can provide load balancing, SSL termination, and routing based on hostnames or paths

• Service can be of type ClusterIP, NodePort, LoadBalancer, or ExternalName

Microservices can be deployed using containerization tools like Docker and orchestration tools like Kubernetes.

• Use containerization tools like Docker to package each microservice along with its dependencies into a container image.

• Leverage orchestration tools like Kubernetes to manage and deploy multiple microservices across a cluster of machines.

• Implement continuous integration and continuous deployment (CI/CD) pipelines to automate the deployment process and ensure smooth up...read more

S3 life cycle rules automate the management of objects in S3 buckets based on predefined criteria.

• Automate the transition of objects to different storage classes based on age or other criteria

• Automatically delete objects after a certain period of time

• Reduce storage costs by moving less frequently accessed data to cheaper storage options

I have experience with various DevOps tools including Jenkins, Docker, Ansible, and Terraform.

• Jenkins

• Docker

• Ansible

• Terraform

Docker attached mode runs a container in the foreground, while detached mode runs it in the background.

• In attached mode, you can see the container's output in the terminal where it was started.

• In detached mode, the container runs in the background and you can continue using the terminal.

• To exit a Docker exec session without closing the terminal, press Ctrl + P, Ctrl + Q.

• You can also use the command 'exit' or 'Ctrl + D' to exit the Docker exec session.