100+ AWS Devops Engineer Interview Questions and Answers

To get all IAM usernames whose access key age is above 75 in one mail.

• Create a script to check access key age for all IAM users

• Filter out users with access key age below 75

• Send email with list of usernames

Terraform will recreate the instance as per the template

• Terraform will detect that the instance is missing and recreate it based on the template

• The new instance will have the same configuration as defined in the template

• Any changes made to the instance outside of Terraform will be lost

Terraform will detect the manual EBS addition and attempt to reconcile the state, potentially removing the EBS volume.

• Terraform maintains a state file that tracks resources it manages.

• When you manually add an EBS volume, Terraform is unaware of this change.

• On running 'terraform apply', Terraform will compare the current state with the desired state defined in the configuration.

• Since the EBS volume is not defined in the Terraform template, Terraform may plan to remove it to ma...read more

To troubleshoot a dying docker container, we can use logs, inspect the container, and check resource usage.

• Check container logs using 'docker logs ' command

• Inspect the container using 'docker inspect ' command to check its status and configuration

• Check resource usage using 'docker stats ' command to see if it's running out of memory or CPU

• Restart the container using 'docker restart ' command if necessary

There are multiple ways to create a role in AWS.

• Using AWS Management Console

• Using AWS CLI

• Using AWS SDKs

• Using AWS CloudFormation

• Using AWS Identity and Access Management (IAM) APIs

Terraform will recreate the EC2 machine if it is deleted from AWS Console.

• Terraform will detect that the EC2 machine is missing and recreate it according to the defined configuration in the Terraform script.

• Deleting the EC2 machine from the AWS Console will not affect the Terraform configuration, as Terraform maintains its own state file.

• Running Terraform apply after deleting the EC2 machine will result in the creation of a new machine with the specified configuration.

I have used code reviews, automated testing, static code analysis tools, and continuous integration to check the quality of code.

• Code reviews by peers to catch bugs and ensure best practices

• Automated testing using tools like Selenium for functional testing and JUnit for unit testing

• Static code analysis tools like SonarQube to identify code smells and potential bugs

• Continuous integration with tools like Jenkins to automate testing and deployment processes

Health checks after creating instances ensure the instances are functioning properly.

• Instance status checks ensure the instance is reachable and responding to traffic.

• System status checks ensure the underlying hardware is functioning properly.

• Example: If an instance fails the system status check, it may indicate a problem with the underlying host hardware.

Use AWS Lambda and CloudWatch Events to automate data transfer from DynamoDB to S3 every Friday.

• Create an AWS Lambda function to read data from DynamoDB tables and write to S3 bucket

• Create a CloudWatch Events rule to trigger the Lambda function every Friday

• Ensure that the Lambda function has the necessary permissions to access DynamoDB and S3

• Test the automation job to ensure that data is transferred correctly

To give executable permissions of a file only to the user, use the chmod command with the u+x option.

• Open the terminal and navigate to the directory where the file is located.

• Use the command 'chmod u+x filename' to give executable permissions to the user only.

• Verify the permissions using the 'ls -l' command.

To create a soft link, use the 'ln -s' command. To create a hard link, use the 'ln' command. To create an empty file, use the 'touch' command.

• To create a soft link: ln -s

• To create a hard link: ln

• To create an empty file: touch

Blue green deployment is a deployment strategy where two identical production environments are used to minimize downtime and risk.

• Blue green deployment involves running two identical production environments, one 'blue' and one 'green'.

• Traffic is routed to the 'blue' environment while the 'green' environment is updated and tested.

• Once the 'green' environment is deemed stable, traffic is switched to it and the 'blue' environment becomes the new staging environment.

• This strategy...read more

The IP range for 500 IPs would typically be a /23 subnet.

• For 500 IPs, you would need at least a /23 subnet.

• A /23 subnet provides 512 IP addresses (2^9 = 512), with 510 usable IPs after subtracting network and broadcast addresses.

• The IP range for a /23 subnet would be from x.x.x.0 to x.x.x.255.

chmod and chown commands are used to change file permissions and ownership respectively.

• chmod command is used to change the permissions of a file or directory

• chown command is used to change the ownership of a file or directory

• Example: chmod 755 file.txt - This command gives read, write and execute permissions to the owner and read and execute permissions to group and others

• Example: chown user1 file.txt - This command changes the ownership of file.txt to user1

NAT gateway is used to provide internet access to private subnets while internet gateway is used to provide internet access to public subnets.

• NAT gateway is used for outbound traffic while internet gateway is used for inbound and outbound traffic.

• NAT gateway is associated with a private subnet while internet gateway is associated with a public subnet.

• NAT gateway performs network address translation while internet gateway does not.

• Example: NAT gateway is used to allow EC2 inst...read more

Data extraction from Azure blob storage to Amazon S3 can be done using AWS Data Pipeline or Azure Data Factory.

• Create a pipeline in AWS Data Pipeline or a data factory in Azure Data Factory

• Add a copy activity to the pipeline or data factory

• Configure the source as Azure Blob Storage and the destination as Amazon S3

• Provide the necessary credentials and permissions for both sources

• Run the pipeline or data factory to extract the data from Azure Blob Storage to Amazon S3

To create sub directories using mkdir command, use the -p option followed by the directory path.

• Use the command 'mkdir -p directory/subdirectory'

• The -p option creates parent directories if they don't exist

• Multiple subdirectories can be created at once using 'mkdir -p directory/subdirectory1/subdirectory2'

• Use 'mkdir -m' option to set permissions for the directory

Autoscaling was implemented based on CPU utilization and network traffic.

• Autoscaling was implemented to ensure that the application can handle sudden spikes in traffic.

• CPU utilization and network traffic were used as metrics to trigger autoscaling.

• The minimum and maximum number of instances were set based on the expected traffic.

• Load testing was done to determine the optimal scaling thresholds.

• Autoscaling policies were set to gradually add or remove instances to avoid sudden ...read more

I faced issues with network connectivity, configuration errors, and dependency mismatches while deploying the application.

• Network connectivity issues causing deployment failures

• Configuration errors leading to incorrect application setup

• Dependency mismatches causing compatibility issues

• Resource constraints impacting deployment performance

Explanation of NACL, Security Groups, Docker Swarm, and Jenkins installation process.

• NACL is a stateless firewall that controls inbound and outbound traffic at the subnet level.

• Security Groups are stateful firewalls that control inbound and outbound traffic at the instance level.

• Docker Swarm is a container orchestration tool that manages a cluster of Docker hosts.

• Jenkins can be installed on a server using a package manager or by downloading and running the Jenkins WAR file.

• Je...read more

To build and push a docker image to ECR, we need to create a Dockerfile, build the image, tag it, login to ECR, push the image to ECR.

• Create a Dockerfile with necessary configurations

• Build the image using docker build command

• Tag the image using docker tag command

• Login to ECR using AWS CLI command aws ecr get-login-password

• Push the image to ECR using docker push command

Launch an EC2 instance in a VPC and attach a role using Terraform

• Define a VPC resource in Terraform

• Define a subnet resource within the VPC

• Create a security group for the EC2 instance

• Define an IAM role for the EC2 instance

• Launch an EC2 instance within the subnet and attach the IAM role

Ingress controller is a Kubernetes resource that manages external access to services within a cluster.

• Ingress controller acts as a traffic manager, routing incoming traffic to the appropriate services based on rules defined in the Ingress resource.

• It allows for the configuration of HTTP and HTTPS routing, load balancing, SSL termination, and more.

• Popular Ingress controllers include Nginx Ingress Controller, Traefik, and HAProxy.

• Ingress controllers can be used to expose multip...read more

Answering questions related to Terraform, VPC, Route 53, S3 bucket, launch templates, and load balancer setup.

• Use Terraform's null_resource and provisioners to handle complex problems

• For deploying a new application in a VPC with exhausted IPs, consider using Elastic Load Balancing to distribute traffic

• Utilize Route 53 for DNS management and routing traffic to the application

• Host a static website on a private S3 bucket by configuring bucket policies and enabling static website...read more

Jenkins and Docker can be integrated using Jenkins Docker plugin.

• Install Docker plugin in Jenkins

• Configure Docker Cloud in Jenkins

• Create a Jenkins pipeline job and specify Docker image to be used

• Use Docker commands in Jenkinsfile to build and push Docker images

Grant access to S3 bucket securely by using IAM policies and roles.

• Create an IAM policy with specific permissions for the S3 bucket

• Attach the IAM policy to an IAM role

• Assign the IAM role to the user or group that needs access

• Use bucket policies for more granular control if needed

To take a backup of a particular table from AWS RDS instance, you can use the AWS Database Migration Service (DMS) or AWS Data Pipeline.

• Use AWS Database Migration Service (DMS) to create a task that includes the specific table you want to backup.

• Alternatively, you can use AWS Data Pipeline to schedule regular backups of the table to Amazon S3.

• Ensure that you have the necessary IAM permissions to perform backup operations on the RDS instance.