InterviewStack.io LogoInterviewStack.io

Amazon Web Services Core Services Questions

Comprehensive knowledge of the foundational Amazon Web Services that are commonly used to design, deploy, and operate cloud applications. This includes compute services such as Amazon Elastic Compute Cloud for virtual machines and instance families, Amazon Web Services Lambda for serverless functions, and Amazon Elastic Beanstalk for managed application platforms; storage services such as Amazon Simple Storage Service for object storage, Amazon Elastic Block Store for block volumes, and Amazon Elastic File System for shared file storage; database services such as Amazon Relational Database Service for managed relational databases, Amazon DynamoDB for NoSQL, and Amazon ElastiCache for in memory caching; networking and content delivery including Amazon Virtual Private Cloud networking concepts, subnets, security groups, load balancers, and Amazon CloudFront; container and orchestration options such as Amazon Elastic Container Service and Amazon Elastic Kubernetes Service; and management and security services including Identity and Access Management, Amazon CloudWatch monitoring and logging, Auto Scaling, and cost and service limit considerations. Candidates should understand core service characteristics, common configuration choices and trade offs, operational considerations such as high availability and fault tolerance, basic security and compliance approaches, performance and cost optimization, and guidance for selecting one service over another for typical application patterns.

MediumTechnical
54 practiced
You design a CI/CD pipeline that builds, scans, and deploys application artifacts to AWS. Describe how to handle secrets used in the pipeline, how to grant ephemeral credentials to build agents (including third-party runners), how to scan for secrets and vulnerabilities, and how to prevent code or build steps from exfiltrating production secrets during builds.
HardSystem Design
69 practiced
Design a multi-account, multi-region secure architecture for a global application that must remain available during a region outage and meet strict compliance requirements such as separate key custody and audit trails. Cover VPC/account design, cross-region replication for S3/DynamoDB/RDS, KMS key management patterns (regional vs multi-region), Route53 failover or latency routing, and controls to prevent accidental cross-region data leakage.
MediumSystem Design
102 practiced
Design a centralized logging and monitoring solution for a multi-account AWS environment that ingests CloudTrail, VPC Flow Logs, ELB logs, and application logs into a central account. Include secure log transport (cross-account roles or delivery), storage, indexing/search options (OpenSearch/3rd party), alerting architecture, retention, and analyst access controls.
MediumSystem Design
78 practiced
Design a secure, highly-available public web application on AWS. The app serves static content from S3/CloudFront and dynamic APIs backed by ECS/EKS or Lambda. For each layer (edge, load balancer, compute, storage, database, CI/CD) list the security controls you would deploy, justify TLS termination choices, WAF rules, DDoS mitigation, secrets handling, and how to integrate secure image and code scanning into the pipeline.
HardTechnical
69 practiced
Write a least-privilege IAM policy JSON (policy document only) that a Lambda execution role can have to: 1) GetObject from a specific S3 bucket prefix (arn:aws:s3:::example-bucket/secure-prefix/*), 2) PutItem into a specific DynamoDB table (arn:aws:dynamodb:region:acct:table/secure-table), and 3) Decrypt using a specific KMS key (arn:aws:kms:region:acct:key/abcd-1234). Include conditions to require secure transport for S3 and restrict S3 actions to calls from this role.

Unlock Full Question Bank

Get access to hundreds of Amazon Web Services Core Services interview questions and detailed answers.

Sign in to Continue

Join thousands of developers preparing for their dream job.