Amazon Web Services Core Services Questions

Comprehensive knowledge of the foundational Amazon Web Services that are commonly used to design, deploy, and operate cloud applications. This includes compute services such as Amazon Elastic Compute Cloud for virtual machines and instance families, Amazon Web Services Lambda for serverless functions, and Amazon Elastic Beanstalk for managed application platforms; storage services such as Amazon Simple Storage Service for object storage, Amazon Elastic Block Store for block volumes, and Amazon Elastic File System for shared file storage; database services such as Amazon Relational Database Service for managed relational databases, Amazon DynamoDB for NoSQL, and Amazon ElastiCache for in memory caching; networking and content delivery including Amazon Virtual Private Cloud networking concepts, subnets, security groups, load balancers, and Amazon CloudFront; container and orchestration options such as Amazon Elastic Container Service and Amazon Elastic Kubernetes Service; and management and security services including Identity and Access Management, Amazon CloudWatch monitoring and logging, Auto Scaling, and cost and service limit considerations. Candidates should understand core service characteristics, common configuration choices and trade offs, operational considerations such as high availability and fault tolerance, basic security and compliance approaches, performance and cost optimization, and guidance for selecting one service over another for typical application patterns.

HardSystem Design

60 practiced

Describe how you would build an automated compliance and remediation framework using AWS Config, Security Hub, and EventBridge. Include how to author custom Config rules, aggregate compliance across accounts, implement automated remediation runbooks (SSM Automation or Lambda), and produce auditable evidence for regulators.

HardSystem Design

116 practiced

Design a bastionless operational model to provide secure shell-like access to EC2 instances and Kubernetes nodes without exposing SSH to the internet. Explain how to use SSM Session Manager, IAM authorization, KMS encryption for session data, logging/auditing via CloudTrail and CloudWatch, and how to limit egress and port forwarding through session manager preferences.

HardTechnical

117 practiced

Evaluate security trade-offs across compute platforms for a regulated workload that requires strong isolation and ability to load custom kernel modules. Compare running on EC2 (self-managed), EKS on EC2, ECS on EC2, ECS Fargate, and Lambda. Recommend a platform and list compensating controls for any residual risks.

MediumTechnical

69 practiced

Outline an automated incident response workflow for a GuardDuty finding that an EC2 instance is making suspicious outbound connections. Describe detection, containment (network isolation or security group changes), evidence capture (snapshots, logs), notification, and safe remediation using EventBridge, Lambda, Systems Manager and Security Hub. Explain least-privilege considerations for automation playbooks.

MediumTechnical

65 practiced

You must guarantee end-to-end encryption for a pipeline: external clients hit API Gateway -> Lambda -> storage in DynamoDB or RDS. Explain a KMS-based key management approach (SSE-KMS, data keys, CMKs, grants) that allows your analytics account to decrypt data for processing without exposing KMS keys broadly. Address envelope encryption, key grants, and auditability.

Unlock Full Question Bank

Get access to hundreds of Amazon Web Services Core Services interview questions and detailed answers.

Join thousands of developers preparing for their dream job.