Q-1-How many instances can I run in Amazon EC2?

Ans-The number of instances you can run in Amazon EC2 depends on several factors.
Here are some key points to consider:
-Account limit
-Instance Types
-Region
-Pricing Model

Q-2-What is the purpose of user data in an EC2 instance launch configuration?

Ans- User data in an EC2 instance launch configuration serves a specific and useful
purpose. It allows you to customize the configuration of your EC2 instances during
the launch process by providing a script or data that is executed when the instance
starts up.

Q-3-Difference between Ami and Snapshot?

Ans- Ami:-An AMI is a complete image of a virtual server (EC2 instance) that
includes the operating system, application software, and any data associated with
the instance. It captures the entire instance's state at a specific point in time.
Snapshot:-A snapshot is a point-in-time copy of data stored on an Amazon Elastic
Block Store (EBS) volume, such as an EC2 instance's root or data volume. It
captures the volume's data and does not include the entire instance configuration.

Q-4-How many security groups can be attached to an ec2 instance?

Ans-You can specify one or more security groups for each EC2 instance, with a
maximum of five per network interface. Additionally, each instance in a subnet in
your VPC can be assigned to a different set of security groups.

Q-5-What is the purpose of an Elastic IP address, and how is it different from a

public IP assigned to an EC2 instance?
Ans-Elastic IP:- It is assigned to your AWS account and Elastic IP do not change
and they remain same even if you terminate the instance and later again restart the
same instance.
Public IP:-It is assigned to your launched instance and when an instance is
terminated the public IP attached to it gets released and further when you relaunch
the same instance new IP address is assigned.

### 1. What is Amazon EKS?

Amazon Elastic Kubernetes Service (Amazon EKS) is a fully managed Kubernetes
service that makes it easier to deploy, manage, and scale containerized
applications using Kubernetes.

### 2. How does Amazon EKS work?

Amazon EKS eliminates the need to install, operate, and maintain your own
Kubernetes control plane. It provides a managed environment for deploying,
managing, and scaling containerized applications using Kubernetes.

### 3. What are the key features of Amazon EKS?

Key features of Amazon EKS include automatic upgrades, integration with AWS
services, high availability with multiple availability zones, security with IAM and
VPC, and simplified Kubernetes operations.
### 4. How can you scale applications in Amazon EKS?
You can scale applications in EKS by adjusting the desired replica count of
Kubernetes Deployments or StatefulSets. EKS automatically manages the scaling of
underlying resources.

### 5. What is the role of Amazon EKS Managed Node Groups?

Amazon EKS Managed Node Groups simplify the deployment and management of worker
nodes in an EKS cluster. They automatically provision, configure, and scale nodes.

### 6. How does Amazon EKS handle networking?

Amazon EKS uses Amazon VPC for networking. It creates a VPC and subnets for your
cluster, and each pod in the cluster gets an IP address from the subnet.

### 7. How does Amazon EKS integrate with AWS services?

Amazon EKS integrates with various AWS services like IAM for access control, Amazon
VPC for networking, and CloudWatch for monitoring and logging.

### 8. Can you run multiple Kubernetes clusters on Amazon EKS?

Yes, you can run multiple Kubernetes clusters on Amazon EKS, each with its own set
of worker nodes and applications.

### 9. How can you secure an Amazon EKS cluster?

You can secure an EKS cluster by using AWS Identity and Access Management (IAM)
roles, integrating with Amazon VPC for networking isolation, and applying security
best practices to your Kubernetes workloads.

### 10. How does Amazon EKS handle high availability?

Amazon EKS supports high availability by distributing control plane components
across multiple availability zones. It also offers features like managed node
groups and Auto Scaling for worker nodes.

AWS

1. What is S3 in AWS?
Answer: Amazon S3 (Simple Storage Service) is a storage service that provides
object storage through a web service interface.

2. What are the benefits of using S3?

Answer: Some benefits of using S3 include scalability, durability, availability,
security, and cost-effectiveness.

3. What is an *S3 bucket*?

Answer: An S3 bucket is a container for storing objects in S3.

4. What is an object in S3?

Answer: An object in S3 is a file and its metadata stored in a bucket.

5. What is an S3 lifecycle policy?

Answer: An S3 lifecycle policy defines actions that Amazon S3 applies to a group of
objects based on their age or other criteria.

6. What is S3 versioning?
Answer: S3 versioning is a feature that allows you to keep multiple versions of an
object in the same bucket.
hashtag#awsdevops
7. What is an S3 Glacier?
Answer: Amazon S3 Glacier is a secure, durable, and low-cost storage service for
data archiving and long-term backup.

8. What is an S3 Transfer Acceleration?

Answer: Amazon S3 Transfer Acceleration enables fast, easy, and secure transfers of
files over long distances between your client and an S3 bucket.

9. What is an S3 cross-region replication?

Answer: S3 cross-region replication is a feature that automatically replicates
objects from one S3 bucket to another in a different region.

10. What is an S3 pre-signed URL?

Answer: An S3 pre-signed URL is a URL that provides temporary access to an S3
object for a specific duration.

1. ❓ What is a VPC, and how do you set it up?

A VPC (Virtual Private Cloud) is your private AWS space where you keep resources
like servers and databases secure and organized. 🏠

To set up: Go to VPC dashboard, choose an IP range, add subnets (smaller sections),
route tables for connections, and gateways for internet access.

2. 🔒 Network ACL (NACL) vs. Security Group (SG)

NACLs are like neighborhood gate security 🛂, controlling traffic in and out of
subnets, stateless (set rules for both in and out).
Security Groups are more personal, like home security 🔔 for each instance, stateful
(if traffic is let in, it can go out).

3. 🌐 How do you know if a subnet is private or public?

Public subnets have an Internet Gateway for internet access 🌍; private ones don’t.
Check the route table—if there’s a route to the gateway, it’s public; if not, it’s
private.

4. ☁️ How do you access S3 from an EC2 instance?

Attach an IAM role to the EC2 instance with S3 permissions 📜, then use the AWS CLI
to access files directly from S3.

5. 🔑 IAM Role vs. IAM Policy

IAM Role is a job title 🎓 for AWS resources, showing what they’re allowed to do.

IAM Policy is a rulebook 📃 detailing what the role can access.

6. ⚙️ Creating a Role for EC2 to Access S3

Choose EC2 as the trusted service and add a policy that gives S3 access. This lets
the instance work with S3 files directly. 🔄

7. 📜 What is an ARN in AWS?

An ARN (Amazon Resource Name) is a unique label AWS assigns to each resource (like
S3 buckets or IAM roles) for easy identification.

8. 📈 What is Auto Scaling in AWS?

Auto Scaling automatically adjusts instance numbers based on demand 📈—adds
instances with high traffic, removes with low traffic, keeping performance steady
and costs low.

9. 📊 Managing Dependencies and Data with Auto Scaling

Store data in S3 or EFS so new instances can access it, and use user data scripts
to configure instances automatically for consistency. ⚙️

10. 🔗 Connecting Two Different VPCs

Use VPC Peering for a secure link 🤝 between two VPCs. Set up the connection, accept
it, and update route tables to enable traffic. Use a Transit Gateway for linking
multiple VPCs.

Please do follow me for such content and post the answers in the comments in short
1.What is AWS Auto Scaling, and why is it useful?
2.Explain the difference between Amazon EC2 Auto Scaling and AWS Application Auto
Scaling?
3.What are the components of an Auto Scaling group?
4.How does AWS Auto Scaling work with CloudWatch alarms?
5.Describe a scenario where you would use Target Tracking Scaling Policy over Step
Scaling Policy?
6.What is a cooldown period in Auto Scaling, and why is it important?
7. How would you approach scaling for an application with varying loads throughout
the day?
8. How can you ensure high availability with Auto Scaling in multiple Availability
Zones?
9. What are the best practices for configuring Auto Scaling in a production
environment?
10. Explain how you would monitor an Auto Scaling setup to ensure it meets
application performance needs.
11. What are lifecycle hooks in Auto Scaling, and how would you use them?
12. Explain the difference between Launch Configurations and Launch Templates in
AWS Auto Scaling?
13. What’s the difference between scaling vertically and scaling horizontally?
Which does AWS Auto Scaling support?
14. How does predictive scaling differ from dynamic scaling in AWS Auto Scaling?
15. What is the significance of using multiple Auto Scaling policies together, and
when would you combine them?
16. How would you configure Auto Scaling for a stateless vs. a stateful
application?
17. What is Warm Pooling, and how does it improve Auto Scaling efficiency?
18. How does AWS Auto Scaling handle Spot Instances, and what challenges are
associated with using them?
19. Describe how you’d use a combination of Auto Scaling and Elastic Load Balancing
(ELB) to improve fault tolerance?
20. What are mixed instances policies in AWS Auto Scaling, and how would you use
them?
21. How do you handle Auto Scaling for applications with long-lived connections or
persistent sessions?
22. How can you use AWS Auto Scaling for non-EC2 resources, and what are some
examples?
23. What are some ways to optimize the cost of AWS Auto Scaling setups?
24. How does AWS Auto Scaling maintain health checks, and what happens when an
instance fails a health check?
25. Can you customize scaling policies to react to multiple CloudWatch metrics? How
would you do it?

1. What is the role of IAM roles and policies?

2. Can you explain the Terraform plan and its purpose?
3. What is AWS Lambda, and how does it work?
4. How do you invoke a Lambda function, and where do you configure it?
5. Can you describe how Lambda handles scaling and event-based invocations?
6. What is Amazon CloudWatch, and have you configured any custom metrics?
7. What metrics are available on your CloudWatch dashboard?
8. How do you configure CPU utilization on your CloudWatch dashboard?
9. How do you attach an SSL certificate to an S3 bucket?
10. What type of encryption have you implemented in your project?
11. If an S3 bucket has a read-only policy, can you modify objects in the bucket?
12. Why did you choose Terraform over Boto3 for infrastructure provisioning?
13. What is a Content Delivery Network (CDN), and how does it work?
14. Have you created a Jenkins pipeline for your project?
15. How do you attach policies to IAM users, either individually or by group?
16. What type of deployment strategies are you using in your project?
17. Have you used any tools to create customized Amazon Machine Images (AMIs)?
18. What is connection draining, and how does it work?
19. How does an Elastic Load Balancer (ELB) distribute traffic?
20. What is auto-scaling, and how does it work?
21. Can you describe the different types of Load Balancers and provide examples?
22. What is the maximum runtime for a Lambda function?
23. What is the maximum memory size for a Lambda function?
24. How can you increase the runtime for a Lambda function?
25. What automations have you performed using Lambda in your project?
26. Why did you choose Terraform over Boto3 for infrastructure provisioning?
27. What modules have you used in your Lambda function?
28. Have you created an SNS topic for your project?
29. If you've exhausted IP addresses in your VPC, how would you provision new
resources?
30. What is Groovy, and how is it used in Jenkins?
31. Why do you use Groovy in Jenkins, and where do you save Jenkins files?
32. What is Ansible, and what is its purpose?
33. What language do you use in Ansible?
34. Where do you run Terraform code, remotely or locally?
35. What is the purpose of access keys and secret keys in AWS?
36. What are Terraform modules, and have you used any in your project?
37. What environments have you set up for your project?
38. Do you use the same AWS account for all environments?
39. Do you have separate Jenkins servers for each environment?
40. Where do you write and save your Lambda function code?

DEVOPS

1. What are your typical daily responsibilities in your current role?

2. Where is your current project hosted?

3. What AWS services have you worked with so far?

4. Do you have practical experience with AWS CloudFormation?

5. Are you more comfortable using CloudFormation or Terraform?

6. Have you worked with Prometheus and Grafana in your projects?

7. What tasks related to Prometheus are you currently handling?

8. Have you ever created a Dockerfile?

9. What CI/CD tools have you used in your projects?

10. Can you describe the process that occurs when a developer commits code or
creates a pull request?

11. Where do you usually execute your Dockerfiles?

12. What is the difference between a Docker image and a container?

13. If you have a 5GB Docker image but need to deploy it on an EC2 instance with
only 2GB of RAM, how would you address this?

14. When working with Terraform, do you generally create modules or scripts?

15. What types of Terraform blocks have you written?

16. Can you explain the different Terraform blocks you’ve used?

17. Why would you use a dynamic block in Terraform?

18. What is the difference between a dynamic block and an output block in
Terraform?

19. How many environments are you managing?

20. Does each environment have its own Kubernetes cluster?

21. How many nodes are there in your Kubernetes clusters?

22. What are the specifications for the nodes in your Kubernetes clusters?

23. How many pods are currently running in your clusters?

24. Are pods allocated to specific nodes?

25. If not, why is it still referred to as a cluster?

26. What types of services are you utilizing in Kubernetes?

27. Are Kubernetes services exposed to the outside world?

28. Have you worked with an Ingress controller in your projects?

29. When writing Kubernetes YAML files, do you specify the kind as Pod, ReplicaSet,
or Deployment?

30. Why would you use kind: Pod, kind: ReplicaSet, and kind: Deployment in separate
YAML files when it seems possible to use only kind: Deployment?

31. Why are Kubernetes resources like Pod, ReplicaSet, and Deployment defined
separately when a Deployment can manage both Pods and ReplicaSets?

32. What is your reason for seeking a change in your current role?

Important Questions mostly asked in the DevOps Interviews

1. How do you ensure security in CI/CD pipelines?
Utilize advanced secret management tools like HashiCorp Vault, AWS Secrets Manager,
or Azure Key Vault to securely store sensitive credentials and keys.
Implement secure communication channels with SSH keys, TLS encryption, and access
controls.
Integrate static application security testing (SAST) and dynamic application
security testing (DAST) tools in the CI pipeline to identify vulnerabilities early.
Enforce code signing and dependency scanning for third-party libraries using tools
like SonarQube or Dependabot.
2. What strategies do you use for testing in CI/CD?
Automate unit testing to validate code functionality and logic at the granular
level.
Leverage integration testing frameworks to test interactions between modules and
services.
Perform end-to-end (E2E) testing using tools like Selenium or Cypress to validate
complete workflows in real-world scenarios.
Include performance testing (e.g., JMeter) and security testing to ensure
reliability and robustness.
3. How do you manage environments in CI/CD?
Use Infrastructure-as-Code (IaC) tools like Terraform or AWS CloudFormation to
define and provision consistent environments.
Define environment-specific configurations for development, staging, and production
using tools like Ansible or Kubernetes ConfigMaps.
Implement environment isolation through containerization (Docker) and namespace
management in Kubernetes to avoid conflicts.
Manage environment variables securely and dynamically using CI/CD secrets
management systems.
4. What happens if a build fails?
The CI/CD pipeline halts immediately, and failure notifications are sent via
integrated communication tools like Slack, Microsoft Teams, or email.
Utilize detailed build logs and error reports for debugging and root cause
analysis.
Employ automated rollback mechanisms for critical environments using blue/green or
canary deployment strategies.
Conduct post-mortem analysis and implement pipeline improvements to prevent similar
failures.

DevOps Interview Questions for Experience

1. Your team reports that builds are frequently failing in the CI/CD pipeline due
to dependency mismatches. How would you debug this issue and ensure it doesn’t
happen again?

2. You are asked to deploy a new microservice to production with zero downtime.
Explain how you would achieve this using tools like Kubernetes and a CI/CD
pipeline.

3. You need to provision infrastructure for a scalable web application. Describe

how you would use Infrastructure as Code (IaC) tools like Terraform or
CloudFormation to achieve this.

4. A colleague introduces manual changes to the server configurations during a

critical update. The changes cause inconsistencies in your environment. How would
you prevent such incidents in the future?

5. Your application is experiencing intermittent high latency in production. What

steps would you take to identify and resolve the root cause?

6. You are tasked with creating a robust monitoring solution for a distributed
system. How would you design this solution to ensure both real-time alerting and
long-term insights?

7. One of your Docker containers is crashing repeatedly in production. Logs

indicate a memory leak. How would you debug and resolve this issue?

8. You are tasked with migrating a legacy application to Kubernetes. What steps
would you take to containerize the application and deploy it using Kubernetes best
practices?

9. During a security audit, it is discovered that sensitive environment variables

are exposed in your CI/CD pipeline logs. How would you address this issue?

10. You are responsible for implementing a security-first CI/CD pipeline. How would
you integrate vulnerability scanning and secrets management into the workflow?

11. Your production environment is running on AWS, and a region-wide outage occurs.
How would you ensure high availability and disaster recovery for your application?

12. You are asked to design a backup strategy for a critical database running on-
premise. What factors would you consider, and how would you implement it?

13. Your team reports slow application performance under high traffic. How would
you identify bottlenecks and optimize the application for scalability?

14. You notice that your CI/CD pipeline execution time has increased significantly.
How would you optimize it for better efficiency?

15. The development team frequently delivers code that causes production failures.
How would you improve the collaboration between development and operations teams to
prevent this?

Terraform

Terraform Questions:
1. What is Terraform, and why is it used?
• Explain Terraform as an open-source IaC tool that allows managing, provisioning,
and versioning cloud resources.
2. What does terraform init do?
 • Discuss how it initializes the working directory, downloads plugins, and
prepares Terraform for use.
3. How do you auto-approve changes in Terraform?
• Use the terraform apply -auto-approve command to skip interactive approval.
4. What is the difference between terraform plan and terraform apply?
• Explain how terraform plan previews changes, while terraform apply executes
them.
5. How do you manage sensitive data in Terraform?
• Use environment variables, .tfvars files, or HashiCorp Vault.
6. What are Terraform providers?
• Providers are plugins that interact with cloud platforms, services, or APIs,
such as AWS, Azure, or Google Cloud.
7. What is the difference between count and for_each in Terraform?
• Highlight that count is used for identical resources, while for_each is for
unique resources like lists or maps.
8. How do you import an existing resource into Terraform?
• Use terraform import <resource_type>.<resource_name> <resource_id>.
9. What are Terraform modules, and why are they important?
• Define modules as reusable and shareable components to manage infrastructure
efficiently.
10. What is a Terraform state file, and why is it critical?
• Discuss how it tracks resource mappings and ensures infrastructure consistency.
11. What are Terraform workspaces?
• Explain workspaces as a way to manage multiple environments (e.g., dev, staging,
prod) within the same configuration.
12. What are provisioners in Terraform?
• Provisioners execute scripts or commands on resources during creation or
destruction.
13. What is a remote backend in Terraform, and why use it?
• Describe a remote backend as a storage solution for state files, enabling team
collaboration and locking.
14. What is the purpose of terraform fmt?
• It formats Terraform code to make it more readable and consistent.
15. How do you roll back changes in Terraform?
• Use version control or revert to a previous state file.

Linux

🔹 Linux Boot Process

• Steps: BIOS → Bootloader (e.g., GRUB) → Kernel → Init/Systemd → Services/Runlevel
• Purpose: Initializes hardware, mounts root filesystem, and starts user-space
processes.
🔹 Troubleshooting a Slow Server
• Tools: top, vmstat, free (CPU, memory), df (disk), ss/netstat (network).
• Action: Optimize processes, terminate resource hogs, or consider hardware
upgrades.
🔹 Linux File Permissions
• Types: Read, write, execute for owner, group, others.
• Commands:
chmod (change permissions)
chown (change owner)
chgrp (change group).
🔹 What is LVM?
• Definition: Logical Volume Manager (LVM) provides flexible disk management.
• Commands:
pvcreate (physical volume)
vgcreate (volume group)
lvcreate (logical volume).
Resize: lvextend/lvreduce.
🔹 Securing a Linux Server
• Steps:
Disable unused services.
Configure iptables/firewalld.
Enforce SSH security (disable root login, use SSH keys).
Enable SELinux/AppArmor.
Patch regularly.
Use Fail2ban for brute-force protection.
🔹 Managing Services
• Commands:
systemctl (start, enable services).
Legacy: service or /etc/init.d/.
🔹 Adding Users & Managing Permissions
• Commands:
Add: useradd username, passwd username.
Groups: usermod -aG groupname username.
Permissions: chmod, chown.
🔹 Monitoring Server Performance
• Tools:
Real-time: top, htop.
Historical: sar.
Disk: iostat.
Network: ss, netstat.

**File and Directory Management:**

1. **ls:** List files and directories.

2. **cd:** Change directory.
3. **pwd:** Display the current directory.
4. **mkdir:** Create a new directory.
5. **rm:** Remove files or directories.
6. **cp:** Copy files or directories.
7. **mv:** Move or rename files.
8. **touch:** Create an empty file.
9. **tree:** Display directory structure.

**File Viewing and Editing:**

10. **cat:** Display file content.

11. **less / more:** View files page by page.
12. **head:** Show the first 10 lines.
13. **tail:** Show the last 10 lines.
14. **nano:** A simple text editor.
15. **vi / vim:** An advanced text editor.

**Search Operations:**

16. **find:** Locate files and directories.

17. **grep:** Search within files.
18. **locate:** Quickly find files using a database.
19. **which:** Locate a command’s path.

**Disk and File System Management:**

20. **df:** Display disk space usage.
21. **du:** Show directory or file size.
22. **mount / umount:** Mount or unmount file systems.
23. **lsblk:** List all block devices.
24. **fsck:** Check and repair file systems.

**Process and System Monitoring:**

25. **ps:** Display running processes.

26. **top:** Monitor system processes.
27. **htop:** Interactive process manager.
28. **kill:** Terminate a process.
29. **uptime:** Show system uptime.
30. **free:** Check memory usage.

**Networking Commands:**

31. **ping:** Check connectivity.

32. **curl:** Transfer data to/from servers.
33. **wget:** Download files from the internet.
34. **ifconfig / ip:** View or configure network interfaces.
35. **netstat:** Show network statistics.
36. **ssh:** Remote access to servers.
**37. SCP: Securely Copy Files Between Systems**

**Permissions and Ownership:**

38. chmod: Modify file permissions
39. chown: Change file owner/group
40. umask: Set default permissions

**Archiving and Compression:**

41. tar: Archive and compress files
42. gzip/gunzip: Compress and decompress files
43. zip/unzip: Handle zip files

**System Information:**
44. uname -a: Show system information
45. hostname: Display system hostname
46. whoami: Current user
47. id: Show user and group IDs
48. dmesg: Kernel log messages
49. lscpu: CPU architecture information
50. lsusb: List USB devices
51. lspci: Show PCI devices

**System Control:**
52. reboot: Restart the system
53. shutdown: Power off the system
54. systemctl: Manage system services

Kuberneets

Kubernetes Interview Related Question & Answers:

1. What is Kubernetes? Why is it used?
Kubernetes is an open-source container orchestration platform for automating
deployment, scaling, and management of containerized applications. It ensures
application reliability, scalability, and efficient resource utilization across
clusters.

2. What are the core components of Kubernetes architecture?

· Master Node Components:
o API Server: Manages the cluster and serves the Kubernetes API.
o Controller Manager: Ensures desired states by monitoring and acting on changes.
o Scheduler: Allocates Pods to Nodes based on resource requirements.
o etcd: A distributed key-value store for cluster data.
· Worker Node Components:
o Kubelet: Communicates with the API server and ensures Pods are running.
o Kube-proxy: Manages networking and load balancing.
o Container Runtime: Runs the containers (e.g., Docker, CRI-O, or containerd).

3. Explain the difference between a Pod and a Container.

· A Pod is the smallest deployable unit in Kubernetes, containing one or more
containers.
· A Container is an isolated runtime environment. Kubernetes manages containers
within Pods, not directly.

4. What is a Node in Kubernetes?

A Node is a physical or virtual machine that runs Pods and contains necessary
components like the kubelet, kube-proxy, and a container runtime.

5. What is a Pod in Kubernetes, and why is it considered the smallest deployable

unit?
A Pod is a logical group of one or more containers sharing storage, network, and
specifications. It represents the smallest deployable unit because Kubernetes
manages workloads at the Pod level.

6. What is a ReplicaSet, and how is it different from a ReplicationController?

· ReplicaSet: Ensures a specified number of replicas of a Pod are running. Supports
set-based label selectors.
· ReplicationController: Similar but supports equality-based selectors only.

7. What is the purpose of a Service in Kubernetes?

A Service provides a stable network endpoint and load balancing for a set of Pods,
abstracting their dynamic IP addresses.

8. Explain the concept of Namespaces in Kubernetes.

Namespaces partition cluster resources into isolated segments, enabling multi-
tenant environments or resource segmentation.

9. What is a Deployment in Kubernetes? How does it manage Pods?

A Deployment provides declarative updates for Pods and ReplicaSets, managing
scaling, rolling updates, and rollbacks.

10. What is the role of etcd in Kubernetes?

etcd is a distributed key-value store that stores all cluster data, ensuring
consistency and availability for state management.

11. Explain ConfigMaps and Secrets. How do they differ?

· ConfigMaps: Store configuration data as key-value pairs, not sensitive.
· Secrets: Store sensitive data like passwords, encoded in base64 for security.