Aws Interview Questions & Answers for 2026

EC2 provides virtual servers — you manage the OS, runtime, scaling, and availability. Full control but high operational overhead. Lambda is serverless functions — you provide code, AWS manages all infrastructure. Functions run on demand, scale automatically, and bill per execution (great for event-driven workloads). ECS (Elastic Container Service) runs Docker containers on EC2 clusters (with Fargate, AWS manages the underlying servers). EKS is managed Kubernetes. Choose EC2 for full control, Lambda for event-driven or sporadic workloads, ECS/Fargate for containerised microservices without Kubernetes complexity, EKS when you need Kubernetes capabilities.

S3 Standard: frequently accessed data, high durability and availability, highest cost. S3 Intelligent-Tiering: automatically moves objects between access tiers based on usage — best when access patterns are unknown. S3 Standard-IA (Infrequent Access): lower storage cost, higher retrieval cost — for data accessed monthly. S3 Glacier Instant Retrieval: archive data accessed quarterly, retrieval in milliseconds. S3 Glacier Flexible Retrieval: archival with retrieval in minutes to hours, very low cost. S3 Glacier Deep Archive: lowest cost, retrieval in 12 hours — for compliance and long-term archival. Lifecycle rules automatically transition objects between classes.

A VPC (Virtual Private Cloud) is an isolated virtual network within AWS. Subnets divide the VPC into smaller segments — public subnets have a route to the Internet Gateway for internet-facing resources; private subnets route through a NAT Gateway for outbound-only internet access. Security Groups act as virtual firewalls at the instance/ENI level — they are stateful (return traffic is automatically allowed) and specify allowed inbound/outbound rules. NACLs (Network ACLs) operate at the subnet level — they are stateless (return traffic needs explicit rules) and evaluate rules in number order. Use both for defence in depth.

IAM (Identity and Access Management) controls authentication and authorisation in AWS. IAM Users represent people or applications with long-term credentials (access keys, passwords). IAM Roles are identities with temporary credentials assumed by AWS services, applications, or external identities — no long-term credentials. Best practices: never use root account for daily operations, create individual IAM users, use roles for EC2 instances and Lambda functions (instead of embedding access keys), follow least-privilege principle granting only required permissions, enable MFA for all human users, and regularly audit permissions with IAM Access Analyzer.

RDS (Relational Database Service) is a managed relational database supporting MySQL, PostgreSQL, Oracle, and SQL Server — handles patching, backups, replication, and Multi-AZ failover. Use for structured data with complex queries. DynamoDB is a fully managed NoSQL key-value and document database — millisecond latency at any scale, serverless pricing, and automatic replication across regions. Use for high-throughput, flexible-schema, or time-series data. ElastiCache provides managed Redis or Memcached — primarily used as an in-memory cache layer in front of a database to reduce read latency for repeated queries, session storage, and pub/sub messaging. These three often work together in production architectures.

CloudFormation is AWS's native Infrastructure as Code service — define resources in JSON or YAML templates, and AWS provisions and manages them as a stack. Tightly integrated with AWS services and free to use. The downside is it is AWS-only and the template syntax is verbose. Terraform (by HashiCorp) is cloud-agnostic — the same HCL configuration language manages AWS, GCP, Azure, and hundreds of providers. Terraform's plan/apply workflow shows exactly what will change before execution. In practice many organisations use Terraform for multi-cloud or community module reuse, and CloudFormation when they want native AWS integration without an additional tool dependency.

Auto Scaling maintains application availability by automatically adding or removing EC2 instances (or ECS tasks, Lambda concurrency) based on defined policies. Scale-out triggers: CPU utilisation above 70%, request count per target above a threshold, custom CloudWatch metrics (queue depth, memory), or scheduled scaling for predictable traffic spikes. Scale-in removes instances when load drops, with a configurable cooldown period to prevent thrashing. Target Tracking Scaling is the simplest policy — you specify a target metric value and Auto Scaling adjusts capacity automatically. Combined with an Application Load Balancer, new instances receive traffic only after passing health checks.