1. How will you migrate on servers from on-premises to AWS?

`
- convert the physical server to a virtual machine using vmware converter
standalone tool!
- convert the VM to AWS ec2 instance using Server migration tool

2. How will you migrate on DB from on-premises to AWS?

3. If an EC2 instance is not responding ,what are all the steps you take to solve it?
- check the ec2 instance screenshot
 - check the system log

4. Tell v about your environment / Architecture?

5. What are all the instance types used for the EC2?
- m4large
- m4Xlarge

Instance Name vCPU Count RAM

m4.large 2 8 GiB

m4.xlarge 4 16 GiB
6. How will you take up the AMI backup periodically?

AMI backup:

#!/bin/bash
var=$(date +%d-%m-%Y-%H-%M-%S)
aws ec2 create-image --instance-id i-0693be27bc2d82684 --name
web-$var --no-reboot --description "new-ami-sep"

7. How will you take up the Snapshot backup periodically?

#!/bin/bash
var=$(date +%d-%m-%Y-%H-%M-%S)
aws ec2 create-snapshot --volume-id vol-00ced1b184f5f8793 --
description volume-backup-$var --tag-specifications
'ResourceType=snapshot,Tags=[{Key=Name,Value=java-prod}]’

8. If the webservice is down how will you troubleshoot?

- check the service using “systemctl status httpd”
- check the /var/log files

9. How will you migrate AMI to another region?

- right click the AMI image and choose “Copy AMI” option

10. What is EC2?

- It's an elastic compute cloud , and it’s a virtual machine in AWS.

11. What are the purchasing options in EC2?

- ondemand - we can buy whenever we want and we can terminate. 100rs
- reserved instance - we can reserve an instance for a year or many! 70 rs
- spot instance - we will get an instance from a free resource! 12 hours - 30 rs
- scheduled instance - we can schedule an instance build!
- Dedicated host - Ec2 instances from a dedicated host!

12. What is the region and availability zone?

- Region is a country
- AZ - Data centre inside the country
13.How to create an SSM agent for centralised control!

Step1: Installation

sudo yum install -y https://s3.amazonaws.com/ec2-downloads-

windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm

systemctl start amazon-ssm-agent

systemctl status amazon-ssm-agent

Step 2: Adding IAM role

Policy name:

AmazonSSMManagedInstanceCore

Now do a centralized control:

search the below:

Document name prefix : Equals : AWS-RunShellScript

—------------------------------------------------------------------------------------------------------------------------

1. If disk volume is full,how will you troubleshoot?

- df -h
- unwanted logs we can clear
- Disk usage command:
#du -sh * | sort -rh | head -10
- inodes lock
- lsof | grep deleted
- then kill the process
#kill -9 <process-id>

2. How will you reduce the disk volume?

- lvm reduce (if we are reducing 2gb)
- steps:
- umount /java
- e2fsck /dev/vgname/lvname
- resize2fs /dev/vgname/lvname 2G
- lvreduce -L -2G /dev/vgname/lvname
- resize2fs /dev/vgname/lvname
- mount /java

3. What are all the types of EBS volume?

- general purpose
 - provisioned IOPS
- throughput optimised
- Cold HDD
- Magnetic

4. What is EFS storage?

- EFs storage is used to share storage across Availability zones!

5. What is the port we used for the EFS stoarge?

- 2049

6. What is the package we used to connect EFS storage?

- “efs-utils” for Amazon linux
- “nfs-utils” for other linux

7. Tell about your network architecture?

- We have 1 single VPC for all the accounts and multiple subnets for each
zone!
- we are maintaining private subnets internet using NAT gateway
- and for specific s3 access we enabled end point
- we are using site to site VPN connection to connect our on-premise to AWS

8. How will you provide the internet to your private subnet?

- Nat gateway

9. What is an endpoint?
- Endpoint is used to provide internet access for a particular AWS service!
 10. How will you connect two different VPC’s?
- By using VPC peering

11. What is a VPC flow log?

- used to capture the incoming and Outgoing IP flow in VPC, subnet and EC2!

12. What is VPN and what are all the types of VPN available in AWS?
- VPN is a Virtual Private Network, which is used to provide a secured
connection between AWS and on-premise!
Types of VPN:
● Open VPN
● Site to Site
● Direct connect!

13. How to block IP’s and Ports in AWS at the instance level?
- Security group

14. How to block IP’s and Ports in AWS at the Subnet level?
- NACL - Network Access control list

—------------------------------------------------------------------------------------------------------------------------
1. What are all the types of Load Balancer in AWS?
- Classic LB
- Application LB
- Network LB
- Gateway LB

2. If a zone is not working in LB, what are the steps you follow ?
- we need to report to AWS support for zone failures , meanwhile we need to
create the instances in other zones to handle the load!

3. How will you do path based routing ?

- We can use ALB to do path based routing!

4. What are listeners?

- It is the service used in ALB to listen to http / https !

5. What is the Target group?

- Target groups are individual load balancers under ALB / NLB!

6. configuring a LB
- create a LB by the requirement! (clb / alb / nlb)
- enable http / https according to the ssl certificate we are having!
- select VPC and exact subnets!
- configure the health check
- add the instances
- add the security group
—--------------------------------------------------------------------------------------------------------------
 1. What is cloud front ?
- It is used to boost the website in all other regions!

2. How will you connect ssl to the cloud front ?

- by using sub domain
- create a wildcard ssl for the subdomain (eg: cloud.rajini.com)
- add this subdomain to connect the cloud front in route53

3. What are the regions it will support ?

- north america, europe
- north america, europe, asia, africa
- all edge locations!

4. What is CDN ?
- content delivery network, AWS using this service as Cloud front!
—-------------------------------------------------------------------------------------------------------------------

1. What is Route 53 ?
- it’s a DNS service

2. What are the types of records ?

● A record
● PTR record
● Mx record
● NS
● SOA
● Cname

3. How to connect an ec2 web server to route53 ?

- using the ec2 Public IP

4. How will you purchase a domain ?

- external domains can be purchased by using :
go daddy, freenom, NS 1 etc

5. What is a subdomain ?
It’s a prefix of the actual domain eg:
www.google.com
mail.google.com
drive.google.com

6. What are the routing policies ?

- weighted
- latency
 - failover
- simple routing
- geo location
- ip based

7. How to connect S3 and LB to Route53 ?

- by using static website hosting
- make sure the S3 name is the domain (eg: www.rajini.com)
- configure the static website hosting and add the html file
- finally connect the s3 in ROute53 directly by searching the s3 name
(www.rajini.com)
—--------------------------------------------------------------------------------------------------------

1. What is a cloud watch ?

- It’s a default monitoring service in AWS

2. How will you monitor Ec2 and other services using cloud watch ?
- we can use Alarms and events to monitor the Ec2 instances!

3. Do you have any knowledge of 3rd party monitoring tools ?

- Yes, prometheus, grafana, alert manager!

4. how to monitor a web service or other application service using cloud watch ?
5. if we want to monitor a service (eg: httpd) follow the velow steps

Cloud watch service monitoring:

1. attach the below IAM role:

CloudWatchAgentServerPolicy

2. create a script
vi cloud.sh

#!/bin/bash
var=$(netstat -an | grep -w “80” | wc -l)
sleep 5
aws cloudwatch put-metric-data --metric-name web_service --
dimensions Instance=i-003dc78458139a9b2 --namespace
"custom/WEB" --value $var --region us-west-2

chmod a+x cloud.sh

Add the script in the crontab.

crontab -e
* * * * * sh /root/cloud.sh

6. What is a log group ?

- which is used to collect logs in cloud watch

7. What is an alarm ?
- Alarm is a threshold limit for a service performance! eg: Ec2
8. What is an event ?
 - It captures all the machine state in AWS - creating , shutting down,
terminate etc
9. What is a cloud trail ?
It captures all the log events in AWS!
—-----------------------------------------------------------------------------------------------------------

1. What is S3 ?
- s3 is a object storage

2. What is versioning in S3 ?
- each files can be maintained as versions in s3, if the existing file is deleted it
can be easily replaced!

3. What is static website hosting ?

- we can run a small website directly using static website hosting in S3!

4. What is S3 lifecycle management ?

- to clear old datas we can use this!
 5. aws s3 cli commands ?
- to do s3 operations in Linux we need aws s3 cli commands
syntax:
aws s3 cp
aws s3 sync
etc

6. What is an S3 replica ?
- by using s3 replica we can replicate the storage in other regions for backup!

7. What are the options available in S3 to upload a file ?

- Intelligent-Tiering
- Standard-IA
- One Zone-IA
- Glacier Instant Retrieval
- Glacier Flexible Retrieval
- Glacier Deep Archive
- Reduced redundancy

—-----------------------------------------------------------------------------------------
1. What is IAM ?
- Identity access management
- It is a user management service in AWS

2. What is role and policy ?

- role : used to provide access from service to service
eg: vpc flow log, admin access to ec2
- policy : used to provide access from user to service

3. how to create a user and group in IAM ?

4. What is MFA ?
- Multi factor authentication
 - we can use mobile app to login as a additional security!
- eg: google authenticator

5. What are password policies in IAM ?

—--------------------------------------------------------------------------------------------
1. What is ECS ?
- Elastic container service
- It’s a Docker service in AWS

2. What is ECR ?
- It’s a AWS docker image repository
- we can store all the docker images here!

3. how to upload a docker image to ECR ?

Install AWS cli if it is not available

And aws configure
$(aws ecr get-login --no-include-email --region us-west-2)
aws ecr create-repository --repository-name rajini
docker tag web1:v1 <awsaccountid>.dkr.ecr.<region>.amazonaws.com/test-repository:latest
eg: docker tag web1:v1 401231317770.dkr.ecr.us-west-2.amazonaws.com/rajini:v1
docker push 401231317770.dkr.ecr.us-west-2.amazonaws.com/rajini:v1

—--------------------------------------------------------------------------------------------
1. What is autoscaling ?
- autoscaling is used to scale up the instances whenever the
load is high in load balancer!

2. how to scale up and scale down ec2 instances using autoscaling ?

- first we should use an existing AMI and add the AMI in Launch
configuration
- we can set up the threshold values in autoscaling to scale up
or scale down the servers
- make sure that we add a LB to autoscaling
 3. What is launch configuration and launch template ?
- Launch configuration is a default setup in auto scaling to add
AMI and configure the instances according to the organisation
standard
- Launch template is same like Launch configuration but we can
use launch template to directly create an EC2 instance with the
required setup!

4. What is SNS ?
- It’s a simple notification service in AWS, which is used to notify
alerts!
—-------------------------------------------------------------------------------------------------
1. What is RDS ?
- Ir’s a relational data base service to maintain data base
engine!
2. What are the DBs the RDS can handle ?
- Amazon aurora
- postgre sql
- oracle
- Mysql
- Ms sql
- maria DB

3. What is multi A-z ?

- It’s used to provide a backup replica of a RDS DB in other
zone!

4. What is a Read replica ?

- It is used to create read replication of a DB in other regions!

5. What is the subnet group in RDS ?

- Subnet group is used to maintain the DB specific subnets,
where we can mention the DB to be crated in what subnet we
required!
6. What is the parameter group and option group ?
- Parameter groups are a centralised configuration where we
can attach them to DBs. It is easy to modify!
- ption groups are some options enabled for particular DBs eg:
memcached option, backup option etc! and it is not mostly
used!
—-------------------------------------------------------------------------------------------
1. What is cloud formation ?
- It’s an automation infra as a code service in aws, we can use this to create
any service in AWS in one single click!

2. How will you design an infra as a code using Cloud formation ?

- we can directly deploy the below sample code in cloud formation
 sample code:
Resources:
MyEC2Instance:
Type: 'AWS::EC2::Instance'
Properties:
ImageId: ami-00f7e5c52c0f43726
InstanceType: t2.micro
KeyName: july-2021-key
SecurityGroupIds:
- sg-0d89443098ea23379
BlockDeviceMappings:
- DeviceName: /dev/sdm
Ebs:
VolumeType: io1
Iops: 200
DeleteOnTermination: false
 VolumeSize: 20
—------------------------------------------------------------------------------------------
1. What is a trusted advisor ?
- It’s a guidance service in aws to track our cost, fault tolerance, security etc in
AWS but we need to subscribe for this!

2. What is NACL ?
- It's the same as a security group but we can use this to control the entire
subnet under VPC!
3. What is Elastic beanstalk ?
- Elastic Beanstalk is the simplest way to deploy and run your web application on
Amazon Web Services. Elastic Beanstalk automatically handles the deployment
details of capacity provisioning, load balancing, automatic scaling, and web
application health monitoring.

4. What is Lamda ?
- AWS Lambda is a serverless, event-driven compute service that lets
you run code for virtually any type of application or backend service
without provisioning or managing servers.

5. What is ACM ?
- Amazon certificate manager, It provides SSL certificates to AWS instances
and LBs!

—------------------------------------------------------------------------------------

Roles and Responsibilities:

1. Hi this is bala, i have 2 years of experience in AWS cloud computing,

Currently i am working in Fiserv!
2. My roles and responsibilities are i am handing EC2 instances, AMI, EBS ,
EFS volumes, Configuring networking using VPC, subnet, IGW and NAT
gateway.
3. Connecting multiple VPC using VPC peering
4. Configuring Load balancers and autoscaling
5. Trouble shooting instances and services
6. Increasing and decreasing volume using LVM
7. Creating SSL certificate using ACM
8. Deploying infrastructure using Terraform!
9. Creating job schedulers in Linux using CRON (monitoring scripts, vulnerability
scripts, job scripts)
10. Ticketing tool - Jira