04 EC2 - gannurohith/devops-interview-wiki GitHub Wiki

1. What is EC2 in AWS? EC2 stands for Elastic Compute Cloud, a web service that provides resizable compute capacity in the cloud.

2. What are the different EC2 instance types?

   • General Purpose (t2, t3, m5)
   • Compute Optimized (c5)
   • Memory Optimized (r5, x1)
   • Storage Optimized (i3, d2)

3. What is an AMI? Amazon Machine Image – a pre-configured template to launch EC2 instances.

4. What is the difference between instance stop and terminate?

   • Stop: Instance halts but resources persist.
   • Terminate: Instance and volumes are deleted.

5. How do you SSH into an EC2 instance? ssh -i key.pem ec2-user@<public-ip>

6. What is a key pair in EC2? A security credential (private/public key) to authenticate SSH access to EC2.

7. What are EC2 security groups? Virtual firewalls that control inbound and outbound traffic to instances.

8. What is a user-data script in EC2? A script run automatically on instance launch for initialization or configuration.

9. How do you assign a static IP to an EC2 instance? Use an Elastic IP and associate it with the instance.

10. What is EC2 instance metadata? A set of data accessible from the instance at http://169.254.169.254 (e.g., instance ID, region).

11. What are the lifecycle states of an EC2 instance? Pending → Running → Stopping → Stopped → Terminated

12. How do you resize an EC2 instance? Stop the instance, change the instance type, and restart it.

13. What is EBS? Elastic Block Store – persistent storage attached to EC2 instances.

14. Difference between instance store and EBS?

• Instance store: ephemeral and temporary.
• EBS: persistent and survives instance stop/start.

15. How do you take a backup of an EC2 instance? Create snapshots of attached EBS volumes.

16. What is an EC2 placement group? Logical grouping of instances to influence placement (cluster, spread, partition).

17. How do you automate EC2 instance creation? Use EC2 launch templates, Auto Scaling, or Infrastructure as Code (Terraform/CloudFormation).

18. What are spot instances? Cheap compute capacity available when AWS has spare capacity. Can be interrupted.

19. What is the difference between On-Demand, Reserved, and Spot?

• On-Demand: pay-as-you-go
• Reserved: 1–3 year commitment
• Spot: temporary, cost-effective

20. How do you monitor EC2 performance? Use CloudWatch for metrics like CPU, disk, network; install CloudWatch agent for memory and disk details.

21. What ports need to be open for SSH and HTTP?

• SSH: TCP 22
• HTTP: TCP 80

22. What is a bastion host? A secure instance used to SSH into private EC2 instances in a private subnet.

23. What is the use of EC2 roles? Attach IAM roles to EC2 to allow access to AWS services without storing credentials.

24. How do you automate EC2 shutdown? Use CloudWatch alarms with actions or a cron job inside the instance.

25. What is hibernation in EC2? Saves instance RAM to disk on stop; resumes quickly with previous state intact.

26. How do you enable detailed monitoring? Enable in EC2 settings to publish 1-minute metrics to CloudWatch.

27. What happens when an instance is terminated accidentally? Data on ephemeral storage is lost; EBS with delete-on-termination=true is deleted.

28. What is instance recovery in EC2? Automatically recovers an impaired instance on the same hardware using CloudWatch alarms.

29. How do you connect EC2 to a private database in another VPC? Use VPC peering, Transit Gateway, or VPN.

30. How do you secure EC2 instances?

• Use least-privilege IAM roles
• Harden OS (disable root SSH, install firewall)
• Use SSH key pairs, update packages regularly

---

1. How do you launch an EC2 instance using the AWS CLI? Answer: Use aws ec2 run-instances --image-id <ami> --instance-type t2.micro --key-name <key> --security-groups <sg>.

2. How do you troubleshoot an EC2 instance that is unreachable? Answer: Check security group rules, route table, NACLs, network interface attachment, and instance health checks. Use EC2 serial console or session manager.

3. How does an EC2 instance differ from traditional VMs? Answer: EC2 offers elastic scaling, integrated networking, IAM roles, pay-as-you-go pricing, and is provisioned via API/infrastructure-as-code.

4. What’s the difference between stopping and terminating an EC2 instance? Answer: Stop halts the instance and retains data on EBS; terminate deletes the instance and by default deletes EBS (unless flagged otherwise).

5. How do you attach an EBS volume to an EC2 instance? Answer: Use aws ec2 attach-volume or console. Then, mount it using mount or fstab after creating a filesystem.

6. How to resize an EBS volume without downtime? Answer: Modify the volume via console or CLI, then extend the filesystem using resize2fs (Linux) or Disk Management (Windows).

7. Explain user data scripts. How are they used in EC2? Answer: User data scripts are run on instance boot, commonly used for configuration like installing packages, starting services, or bootstrapping apps.

8. How do you SSH into an EC2 instance? Answer: Use ssh -i mykey.pem ec2-user@<public-ip>. Ensure port 22 is open in the security group.

9. How do you make an EC2 instance automatically recover from failure? Answer: Enable recovery in the CloudWatch alarm or use Auto Recovery alarm action.

10. What is an AMI? How do you create a custom AMI? Answer: AMI is a machine image snapshot. Create via console or create-image CLI, optionally include attached EBS volumes.

11. How to configure EC2 instances behind a Load Balancer? Answer: Launch EC2s in target groups, register with ALB/NLB, and ensure security group rules allow traffic from the load balancer.

12. What’s the use of EC2 key pairs? Answer: Key pairs authenticate SSH access. Public key is stored with the instance; private key is used by the user.

13. How to schedule EC2 instance start/stop using AWS services? Answer: Use EventBridge (CloudWatch Events) + Lambda or SSM Automation documents.

14. How do spot instances differ from on-demand? Answer: Spot instances are cheaper but can be interrupted anytime. Best for stateless, fault-tolerant workloads.

15. Explain EC2 instance metadata and its usage. Answer: Metadata provides instance info (IP, ID, IAM role, etc.) accessible via curl http://169.254.169.254/latest/meta-data/

16. What is EC2 instance store vs EBS? Answer: Instance store is ephemeral (lost on stop/terminate), EBS is persistent and can be reattached.

17. How do you enable SSH access only from your IP? Answer: Set inbound security group rule for port 22 with source IP set to your IP address or CIDR.

18. How to perform health checks for EC2 instances manually? Answer: Use ping, SSH, HTTP checks, curl, and view CloudWatch metrics like status checks.

19. What are EC2 Placement Groups? Answer: Strategies for instance placement: cluster (low latency), spread (high availability), partition (fault tolerance).

20. What is a bootstrap script? Where do you place it in EC2? Answer: It's a user data script that runs on first launch. Place it in the User Data section under instance configuration.

21. How do you enforce patching compliance on EC2? Answer: Use Systems Manager Patch Manager to automate OS patching across managed instances.

22. How can you log into EC2 instances without a key pair? Answer: Use EC2 Instance Connect or SSM Session Manager (requires IAM role and SSM agent).

23. Explain how EC2 Auto Scaling works. Answer: Auto Scaling adjusts number of instances based on demand, using scaling policies, CloudWatch alarms, and Launch Templates.

24. Can you change the instance type of a running EC2? Answer: No. You must stop the instance, change the type, and start it again.

25. How do you secure an EC2 instance in production? Answer: Use least-privilege IAM role, restrict security group access, enable CloudWatch Logs/GuardDuty, disable password auth, use logging/monitoring tools.

---

(Next: 06 – VPC Q&A with answers coming up)