Geekflare is supported by our audience. We may earn affiliate commissions from buying links on this site.
Share on:

50+ Frequently Asked AWS Interview Questions and Answers [2023]

Invicti Web Application Security Scanner – the only solution that delivers automatic verification of vulnerabilities with Proof-Based Scanning™.

Are you preparing for an AWS interview? Or looking to get familiar with AWS product offerings? We answered the most commonly asked AWS interview questions to help you better understand AWS product offerings.

We covered all aspects of AWS services, including security, database, Config, load balancing, elastic block storage, and other general questions. After studying this resource, you will be able to answer any AWS service-related questions.

What is auto-scaling?

Auto-scaling, popularly called auto-scaling or automatic scaling, is a cloud computing approach for dynamically allocating computational resources based on the current load on a server farm. AWS auto-scaling monitors users’ applications and automatically adjusts the capacity to maintain consistent, predictable, and steady performance.

Users can build scaling plans for various AWS resources, including  Amazon EC2 instances and Spot Fleets, Amazon ECS tasks, Amazon DynamoDB tables and indexes, and Amazon Aurora Replicas. 

What is geo-targeting?

The practice of delivering personalized content to users based on their specific location is geo-targeting. It’s used to deliver custom content to individuals in a particular country, region/state, city, metro code/zip code, or IP address.

Amazon uses CloudFront via CloudFront-Viewer-Country –a static and dynamic web content delivery network (CDN) service offered by Amazon Web Services (AWS) to detect the user’s country of origin and customize the contents they will receive.

What is a DDos attack?

A denial-of-service attack (DDoS) happens when malicious actors temporarily or indefinitely make network or web resources unavailable to the intended users by sending multiple requests to the system (up to the system’s maximum capacity limit) with the aim of overwhelming it and preventing legitimate traffic from accessing the resources.

A DDoS attack goal is to disrupt normal traffic of a targeted server, service, or network by flooding the target or its surrounding infrastructure with massive fake requests, essentially overloading the system and preventing it from responding to legitimate requests.   

What tools can help to deny DDos attacks?

There are several Anti-DDoS tools that can help organizations prevent DDoS attacks. The top-rated ones are: AWS Shield, Kona DDoS Defender from Akamai, AppTrana, Cloudflare, and StackPath.

What is Amazon EC2?

Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides users with scalable compute capacity in the AWS cloud. With a service-level agreement (SLA) of 99.99% availability, organizations can leverage Amazon EC2 to develop and deploy applications fast without the need to invest in hardware.

The tool allows users to launch and configure as many or as few virtual machines or servers, called instances, and scale the capacity up during peak hours or traffic spikes and down during off-peak hours.

Mention the different types of instances in EC2

Amazon EC2 offers multiple instance types for various use cases. The five types of EC2 instances are:

  • General purpose instance is built to handle different workloads. It balances computing, memory and networking resources. General purpose instance is the best option for most resource-intensive workloads like web servers and software development. 
  • Compute-optimized instances are designed for compute-bound applications that require high-performance processors to function correctly. This type of instance is best for media transcoding, high-performance web servers, high-performance computing (HPC), batch-processing workloads and more.
  • Memory-optimized instances offer large memory sizes for memory-intensive workloads, such as real-time big data analytics projects.
  • Storage-optimized instances are well-suited for applications that require high I/O operations per second (IOPS). Data processing and data analytics-related workloads fare best with this type of instance.
  • Accelerated computing instances or graphics processing unit (GPU) instances run graphic-intensive workloads. It uses hardware accelerators to perform functions that require high processing capability, such as data pattern matching.

The best Amazon EC2 instance type to use for a particular workload depends on the application requirements and overall goal. 

What is the difference between stopping and terminating an EC2 instance?

Stopping an instance temporarily allows you to halt the instance’s compute resources but retains the instance’s data and configuration settings. When you stop an instance, you are no longer charged for compute resources but are still charged for any storage resources attached to the instance, such as Elastic Block Store (EBS) volumes. You can start a stopped instance later, and it will resume running with the same data and configuration settings.

Conversely, when you terminate an EC2 instance, it cannot be restarted. It is a permanent action that completely deletes the instance, the virtual machine that was provisioned to you and all associated data, including any EBS volumes attached to the instance. 

What is changing in Amazon EC2?

In AWS EC2, changing can mean different things. Changing can occur when a user migrates from one instance type to another. Amazon EC2 users can change from an over-utilized or under-utilized instance to efficiently manage workloads.

For example, if your t2.micro instance has reached its maximum capacity and has become too small for its workload, you can change it to a bigger T2 instance type like t2.large or change it to another instance type, such as m5.large.

Alternatively, changing is also the practice of switching from a previous generation to a current instance type to benefit from up-to-date features.

How to recover an EC2 Instance?

The steps to recover an EC2 instance depend on the specific situation that warrants the instance recovery. You may need to recover an instance when any of the following happens:

  • Network connectivity issue
  • System power failure
  • Hardware or software issues on the physical host that impact network reachability

You can use your instance default configuration settings or create an Amazon CloudWatch alarm to recover an instance that failed the system status check automatically. To recover a terminated instance, do the following: 

  • Launch the Amazon EC2 console at 
  • select Elastic Block Store, Snapshots in the navigation pane
  • Select create snapshot
  • Choose the volume and snapshot
  • Select actions, then create an image
  • Fill the necessary information in the “create image from EBS snapshot dialog box”
  • Select Create
  • Choose AMIs from the menu bar

After creating the image, launch an instance from this image to restore your terminated instance.

How to automate EC2 backup using EBS?

Amazon Data Lifecycle Manager (DLM) can automate creating, retaining, and deleting of EBS snapshots and EBS-backed Amazon Machine Images (AMIs). Note that AWS Backup differs from Amazon Data Lifecycle Manager in that it allows you to build a backup strategy that includes resources from various AWS services.

DLM enables you to automate the snapshot management process for EC2 instances plus their attached EBS volumes or separate EBS volumes. You can also use AWS Backup to automate EBS volume as well as RDS databases, DynamoDB tables, Storage Gateway volumes, and EFS file systems.

How to stop and terminate an EC2 Instance?

You can stop and terminate an EC2 instance via the console or command line. The following steps explain how to perform these actions using the console.

To stop the EC2 instance

  • Open Amazon EC2 console at
  • In the menu bar, select Instances and choose the instance
  • Click instance state, stop instance
  • Select stop when prompted for confirmation

To terminate the EC2 instance

  • Launch the Amazon EC2 console at 
  • Select instances in the navigation pane
  • Choose the instance, select the instance state, terminate the instance
  • Click terminate when prompted for confirmation.

When you stop your instance, AWS shuts it down and stops charging you usage or data transfer fees, but they charge for storage. Conversely, when you terminate the instance, Amazon deletes the data from any instance storage files connected it.

What is the difference between a spot, on-demand, and a reserved instance

Amazon offers different pricing models. Spot, on-demand and reserve are a type of Amazon instance licensing models.

On-demand instances use the pay-as-you-go model. This means you’ll only pay for the instance when you need and use them. With an on-demand instance, you may be charged per hour or second and use as much capacity as you require. Those who use AWS instances infrequently may find this plan beneficial because there is no long-term commitment. 

Unlike on-demand instances, with the reserved instance, you will make a down payment for a specified period, typically between 1 to 3 years. This model is cheaper than the on-demand instance, as reserved instances offer significant discounts.

Spot instance is ideal for those on a budget looking to save significantly. But with this affordability comes a lack of commitment from AWS.

Spot instance works as the inverse of an on-demand instance – in an on-demand instance, you do not commit to AWS, while in a spot instance, AWS doesn’t commit to you. Your instance usage is based on the cloud provider’s capacity availability.

This model is unreliable because AWS can terminate your instance almost immediately after you were notified.     

What are the different types of virtualization?

The following are the different types of virtualization:

  • Desktop virtualization
  • Network virtualization
  • Application virtualization
  • Storage virtualization
  • Data virtualization
  • Server virtualization

Virtualization technology provides you with the functions and benefits of various physical infrastructure.

What is Amazon’s virtual private cloud?

Amazon Virtual Private Cloud (Amazon VPC) enables users to launch AWS resources in a virtual network they’ve defined by provisioning a logically isolated section of Amazon Web Services Cloud. 

Name some security products in VPC

  • AWS network firewall
  • AWS Web Application Firewall (WAF)
  • AWS Identity and Access Management (IAM)
  • AWS Key Management Service (KMS)
  • AWS CloudTrail

Uses of virtual private cloud

VPC offers various use cases, including security, cost saving, high availability of resources, flexibility and scalability. 

How to monitor Amazon VPC?

Amazon provides various tools to enable you effectively monitor traffic or network access in your VPC. These tools can include VPC Flow Logs, Amazon VPC IP Address Manager (IPAM), Traffic Mirroring, Reachability Analyzer, Network Access Analyzer, and CloudTrail logs.

How many subnets can you have per VPC?

Amazon currently allows users to create up to 200 subnets per VPC. 

How to connect multiple sites to a VPC?

You can achieve this via multiple site-to-site VPN connections. Amazon VPC includes a virtual private gateway; configure your routing so that it will reroute any traffic from the VPC bound for your networks to the virtual private gateway.

What is CloudTrail?

AWS CloudTrail enables AWS account governance, compliance, operational auditing, and risk auditing. It’s a log-monitoring service that provides the event history of your AWS account activity.

How does AWS Config work with CloudTrail?

CloudTrail records activities that occur in AWS Config; it captures all API calls for AWS Config as events. To see the Amazon CloudTrail event link navigate to the Resource Timeline of specific resources in the AWS Config console.

What is AWS WAF?

AWS web application firewall (WAF) is a security service that enables you to define access rules to your web application. AWS WAF rules can be set to allow, block, or monitor web requests. Access request for your websites is sent to the WAF, which inspect the request based on the predefined rules and either allow or block it based on the conditions.

What are the different types of load balancers in AWS?

AWS Elastic Load Balancing supports four types of load balancers, including application load balancer, network load balancer, classic load balancer, and gateway load balancer.

Mention uses of the various load balancers

Each load balancer serves various purpose.

  • Application load balancer is used to make routing decisions at the application layer and support dynamic host port mapping.
  • Network load balancer is used to make routing decisions at the transport-layer protocols such as TCP, UDP, DCCP, and SCTP.
  • Gateway load balancer is used top deploy, scale, and manage virtual appliances and operates at the third layer of the OSI model –network layer.
  • Classic load balancer operates at both the request and connection levels – it’s used to manage incoming application traffic across multiple EC2 instances.

AWS load balancers increase application availability and helps scale workloads as needed.

Explain SES

Amazon Simple Email Service (SES) enable developers to include an email functionality in their  AWS application. It’s a pay-per-use service that can be used to communicate with customers via the cloud. 

Explain PaaS

Platform as a Service (PaaS) is a cloud computing model that provides development teams with the resources (servers, storage, network equipment, and data center) plus middleware and user interface they need to develop, run, test, and deliver a fully functional application over the internet.

What is Amazon S3?

The S3 in Amazon S3 stands for Simple Storage Service. Amazon S3 is a web-based object storage service that allows users to store and retrieve data at will. Amazon S3 stores data from various sources, including data lakes, mobile applications, and IoT devices as objects within buckets – buckets serve as the containers for objects.  

What is the difference between AWS S3 and EBS?

EBS uses block storage, has a file system interface and are limited to EC2 instances, while AWS S3 uses object storage, offers a web interface and are publicly accessible. Unlike EBS, Amazon S3 isn’t limited to EC2. 

What are storage classes in Amazon S3?

To help customers optimize cost, Amazon offers eight storage options, including 

  • S3 Standard
  • S3 Intelligent-Tiering
  • S3 Standard-Infrequent Access (S3 Standard-IA)
  • S3 One Zone-Infrequent Access (S3 One Zone-IA)
  • S3 Glacier Instant Retrieval, S3 Glacier Flexible Retrieval (formerly S3 Glacier)
  • Amazon S3 Glacier Deep Archive (S3 Glacier Deep Archive)
  • S3 Outposts

What is RTO?

Recovery Time Objective (RTO) is the acceptable or tolerable maximum length of time that a computer, an application, a network, or an enterprise system can take to restore to regular operation after an unexpected outage or disaster occur.

What is RPO?

Recovery Point Objective (RPO) is the tolerable amount of data an organization can afford to lose when a disruptive data-loss incident occurs. It is also the period of time in which data must be recovered after an outage.

What are the different types of instances?

Cumulatively, each EC2 instance offers over 600 types of instances for different use cases. For example, instance M7g, Mac, M6a, M5, A1, T2, T3, and T3g are type of general purpose instance. C7g, C7gn, and C4 are types of compute-optimized instances. R7g and R6in are types of memory-optimized instances. 

What are T2 instances?

T2 instances are type of general-purpose instance that balances compute, memory, and network resources. They offer a baseline level of CPU performance with the ability to burst above the baseline.

What is identity and access management?

IAM (identity and access management) is a framework of processes, policies, and technologies that controls access to resources. IAM manages user identities and access permissions and ensures that only the right people, software, and hardware can access organization data resources. With AWS IAM, you can centrally manage permission and control access to AWS resources.

What is the difference between an IAM role And an IAM user?

In simple terms: IAM Roles are associated with AWS resources, while IAM users are associated with people. IAM role is an identity that is assumable by anyone, either temporarily or permanently. While IAM user is, an identity has specific permissions for a single person or application and such a person or application can only access AWS resources when they meet a set of predefined conditions.

What are the advantages of AWS IAM?

With AWS IAM, admin can specify who (users and workload) can access (permission) what (AWS resources). AWS IAM provides organizations with improved security, reduced IT cost, lower-risks with multifactor authentication, enhanced regulatory compliance, and centralized management. 

What are key pairs in AWS?

Key pairs consists of public key and a private key. The public key is used to encrypt data, while the private key is used to decrypt data. In the Amazon EC2 instance, you can use a private key to prove your identity before being granted access to AWS resources.

Amazon EC2 stores the public key on instances and users store the private key – individuals with access to the private key can connect to the instances.

What are managed policies?

Policies created and managed by AWS are known as managed policies. AWS-managed policy  has its own Amazon Resource Name (ARN), and it enable admins assign appropriate permissions to users, groups, and roles.

What is a maintenance window?

A maintenance window is a designated period of time where a system can be taken offline for scheduled system maintenance like upgrades, backups, data collection, or general system repair. Maintenance windows usually occur overnight and have start and end times. 

What are the different types of scaling?

AWS offers different scaling options to meet the needs of different applications. 

  • Manual scaling
  • Scaling based on schedule
  • Scaling based on demand
  • Maintaining existing instance levels

You can also merge AWS Auto Scaling with Amazon EC2 Auto Scaling to scale resources – this is known as predictive scaling. 

What are the different types of cloud services?

There are four main types of cloud computing services

  • Infrastructure as a Service (IaaS) – provides virtualized computing resources over the internet.
  • Platform as a Service (PaaS) –  enables developers to deploy applications without the need for infrastructure setup or maintenance.
  • Software as a Service (SaaS) – provides users with access to applications over the internet without having to install and run the application on their own computers.
  • Functions as a Service (FaaS) – similar to serverless computing, FaaS allows users to create custom code that can be triggered by events without investing in the complex infrastructure required to develop and launch an app.

One thing they have in common is that each cloud service uses a remote infrastructure housed in a data center.

What is the difference between a domain and hosted zone?

A domain name is a website (URL) address, it’s a string of text mapped to an IP address used to access a website. For example  is the domain name of the Geekflare website. A hosted zone is a container for managing DNS records that contains information about how traffic should be routed to a specific domain and its subdomain.  

What is the difference between reserved instances and on-demand instances?

Reserved instances are long-term commitments to use an Amazon Web Services (AWS) instance. The customer pays an upfront fee period and receives a discounted rate (per hour or per second) for the duration of the agreement. Reserved instances can save money if the customer can predict their usage and commit to the instance for a period of one or three years. 

On-demand instances are used for short-term or unpredictable workloads. The customer pays a fixed rate per hour with no upfront commitment and can scale up or down as needed. On-demand instances are ideal for customers with unpredictable or short-term needs.

What is the difference between EBS and Instance Store?

EBS provides a persistent storage option that serves as backup and will retain data until you delete it – EBS is best for data you want to encrypt or store for a long period. Instance store is a temporary EC2 Instance storage option. The data in the instance store only persists during the lifetime of its instance, it cannot persist through reboot, stop or termination of the instance. 

What is Amazon CloudWatch?

Amazon CloudWatch enables real-time monitoring of your AWS resources, such as Amazon EC2 instances, Amazon EBS volumes, ELB and Amazon Relational Database Service (RDS) instances. It also provides metrics, event data, and logs data for hybrid and on-premises applications and infrastructure resources running on AWS in automated dashboards. 

What is AWS Snowball?

AWS Snowball uses hardware storage devices or “rugged devices” (Snowballs) to transfer data large amounts of data between into and out of the AWS cloud to your onsite data storage location. These devices works with Snowball Edge devices, which include on-board computing capabilities and storage.

What is connection draining?

Connection draining feature stops AWS classic load balancer from sending requests to instances that are de-registering or unhealthy while ensuring that existing connections are maintained. This allows for existing connections to continue without interruption while new requests are directed to other available servers. 

What is power user access?

A power user access policy provides administrator full access to AWS resources and services with the ability to create, use, manage KMS keys, and view all KMS keys and IAM identities. However, the power user lacks capability to manage users and permissions.

What is a Stateful firewall?

Stateful firewalls monitor the states of network connections to track and defend them based on the patterns and ensure that approved traffics are valid and authorized. Stateful firewall stores information about the current state of a network connection. 

What is a stateless firewall?

Unlike Stateful firewalls, Stateless firewalls doesn’s store information about the network connection state. It inspects the header information of each packet to determine whether to allow or block it. They are simple but offer limited usability.

What are the benefits of AWS Disaster Recovery?

Having a disaster recovery plan is very essential to reduce downtime in case of an unplanned system outages. AWS disaster recovery plan ensures business continuity, reduces recovery cost, and restore applications near-instant to the last known good state. 

What are the native AWS security logging capabilities?

AWS services features logging capabilities to track resource utilization. 

  • CloudTrail tracks all user actions and API calls made to AWS resources.
  • AWS Config records all changes made to AWS resources, including security groups or IAM policies.
  • AWS GuardDuty continuously monitors AWS resources for threat and unauthorized behavior.
  • AWS CloudWatch collects and track metrics, monitors log files, set alarms, and react to changes in your AWS resources.
  • AWS Inspector audits EC2 instances to detect potential security issues.

AWS also features centralized logging, which consolidates logs from various sources, including Amazon CloudWatch logs and display them in a single dashboard.

Mention some factors to consider while migrating to Amazon Web services

There are several factors to consider when migrating to AWS services. They are:

  • Operational costs and budget
  • Business objectives
  • Security and Compliance
  • User experience
  • Team skills and training
  • Data migration strategy

The process of migrating from on-premise or other cloud providers is usually complex and requires a careful planning to prevent data loss and costly mistakes. Hence the need to consider these factors and create a comprehensive migration strategy.

Final thoughts

As one of the leading cloud computing platforms, the demand for AWS professionals continues to grow rapidly.

Being able to answer the most frequently asked AWS interview questions can help you stand out from the competition and make a good impression on the interviewer. Not that the list is not exhaustive; take time to conduct further research. Theoretical knowledge is also not enough, you need hands-on practical and technical experience with the various AWS services. 

You may also explore AWS Key Terminology for beginners.

Thanks to our Sponsors
More great readings on Career
Power Your Business
Some of the tools and services to help your business grow.
  • Invicti uses the Proof-Based Scanning™ to automatically verify the identified vulnerabilities and generate actionable results within just hours.
    Try Invicti
  • Web scraping, residential proxy, proxy manager, web unlocker, search engine crawler, and all you need to collect web data.
    Try Brightdata
  • Semrush is an all-in-one digital marketing solution with more than 50 tools in SEO, social media, and content marketing.
    Try Semrush
  • Intruder is an online vulnerability scanner that finds cyber security weaknesses in your infrastructure, to avoid costly data breaches.
    Try Intruder