07 Route53,CDN,S3 - gannurohith/devops-interview-wiki GitHub Wiki

📁 09 - CloudWatch & CloudTrail (Basic to Intermediate Q&A)

  1. What is Amazon CloudWatch? A monitoring service for AWS resources and applications that collects and visualizes metrics, logs, and events.

  2. What is Amazon CloudTrail? A service that enables governance, compliance, and auditing by logging all API activity in your AWS account.

  3. What types of data can CloudWatch collect? Metrics, logs, events, and alarms.

  4. What are custom metrics in CloudWatch? User-defined metrics sent from applications or EC2 instances using AWS CLI or SDK.

  5. How do you monitor disk space or memory usage in CloudWatch? Install and configure the CloudWatch agent on the instance.

  6. What is a CloudWatch alarm? A condition that watches a metric and triggers actions such as notifications or auto-scaling.

  7. What are CloudWatch dashboards? Visual displays of your metrics and alarms in a single pane.

  8. What is the difference between CloudWatch Logs and Metrics?

    • Logs: Captures application/system logs.
    • Metrics: Numeric data points over time.

  9. What are metric filters in CloudWatch Logs? Patterns used to extract metric data from logs.

  10. How do you reduce log storage cost in CloudWatch? Set retention policies and remove unnecessary logs.

  11. What is CloudWatch Logs Insights? Interactive log analytics tool using SQL-like queries.

  12. How does CloudWatch Events differ from EventBridge? EventBridge is the evolved version with advanced routing and integration.

  13. How can CloudWatch automate actions? By integrating alarms with Auto Scaling, SNS, or Lambda functions.

  14. What are common use cases for CloudWatch?

  • EC2 health monitoring
  • Lambda invocations
  • Custom app metrics
  • Real-time alerting

  1. What is a CloudWatch namespace? A container for CloudWatch metrics.

  2. What is the default metric resolution in CloudWatch? 5 minutes (standard); 1-minute with detailed monitoring.

  3. What is the max retention period for logs in CloudWatch? Indefinite unless retention is configured.

  4. How is CloudTrail different from CloudWatch?

  • CloudTrail: Tracks who did what in your AWS account.
  • CloudWatch: Monitors what is happening on the system level.

  1. What is a CloudTrail trail? A configuration that enables CloudTrail to deliver log files to an S3 bucket.

  2. What kind of activities does CloudTrail capture? All management events, some data events, and all read/write operations.

  3. Can CloudTrail log data plane operations? Yes, like S3 object-level events and Lambda function invocations.

  4. Where does CloudTrail store its logs? In S3 buckets and optionally send to CloudWatch Logs.

  5. What is multi-region trail in CloudTrail? Collects events from all AWS regions for centralized monitoring.

  6. How can you secure CloudTrail logs? Enable encryption, use access policies, and log file validation.

  7. How do you monitor unauthorized API activity in CloudTrail? Use CloudWatch Alarms on specific API calls (e.g., DeleteBucket, CreateUser).

  8. How do you automate response to an event in CloudTrail? Use EventBridge rules to trigger Lambda functions or notifications.

  9. What is log file integrity validation in CloudTrail? Ensures the logs haven’t been tampered with using SHA-256 and digest files.

  10. How do you analyze CloudTrail logs?

  • Use Athena queries
  • CloudWatch Insights
  • SIEM tools

  1. How long are CloudTrail logs stored by default? As long as the S3 bucket retains them.

  2. How do CloudWatch and CloudTrail work together? CloudTrail logs API activity → Events routed via EventBridge → Actions/alarms managed in CloudWatch.

📁 08 - Route53, CDN, and S3 (Basic to Intermediate Q&A)

  1. What is Amazon Route 53? A scalable and highly available Domain Name System (DNS) web service.

  2. What are the main functions of Route 53?

    • Domain registration
    • DNS resolution
    • Health checking and routing traffic

  3. What types of routing policies does Route 53 support?

    • Simple, Weighted, Latency-based, Failover, Geolocation, Geoproximity, Multi-value answer

  4. What is a hosted zone? A container for DNS records for a specific domain.

  5. What is an A record in Route 53? Maps a domain name to an IPv4 address.

  6. What is an alias record in Route 53? A record that maps to AWS resources like ELB, CloudFront, or S3 static websites.

  7. How does health checking work in Route 53? Probes endpoints to check availability and routes traffic accordingly.

  8. How do you route traffic to the nearest region using Route 53? Use latency-based routing policy.

  9. What is Amazon CloudFront? A Content Delivery Network (CDN) that delivers content with low latency via edge locations.

  10. How does CloudFront improve performance? By caching content at edge locations near users.

  11. What are origin and edge locations in CloudFront?

  • Origin: source of content (e.g., S3, EC2)
  • Edge: CDN servers globally distributed

  1. What is an origin access control (OAC) in CloudFront? Grants CloudFront permission to access private content in S3.

  2. How do you secure a CloudFront distribution?

  • HTTPS only
  • Signed URLs or cookies
  • Restrict viewer access

  1. How do you invalidate objects from CloudFront cache? Use invalidation requests to remove outdated files.

  2. What is Amazon S3? Simple Storage Service – object storage for storing and retrieving any amount of data.

  3. What are S3 storage classes?

  • Standard, Intelligent-Tiering, One Zone-IA, Glacier, Deep Archive

  1. How do you make an S3 bucket publicly accessible? Update bucket policy and remove Block Public Access settings (not recommended in prod).

  2. How do you restrict access to an S3 bucket? Use bucket policies, IAM roles, or VPC endpoint policies.

  3. What is an S3 bucket policy? A resource-based policy in JSON format to control access at the bucket level.

  4. How do you encrypt data in S3?

  • SSE-S3, SSE-KMS, SSE-C (at rest)
  • HTTPS/TLS (in transit)

  1. What is versioning in S3? Keeps multiple versions of an object in the same bucket.

  2. How do you enable static website hosting in S3? Enable website hosting in bucket properties and add index/error document.

  3. What is S3 lifecycle policy? Automatically transitions objects between storage classes or deletes them after a period.

  4. How does S3 integrate with CloudFront? S3 is set as the origin; CloudFront caches the content.

  5. What is pre-signed URL in S3? A URL generated to grant temporary access to a private object.

  6. What is S3 Transfer Acceleration? Speeds up uploads using CloudFront’s edge locations.

  7. What is a multipart upload in S3? Used to upload large files in parts for faster and more reliable uploads.

  8. What are common causes of 403 errors in S3?

  • Missing permissions
  • Block Public Access enabled
  • Invalid bucket policy

  1. How do you monitor S3 access and changes? Use S3 access logs, CloudTrail, or CloudWatch events.

  2. How do you connect an S3 bucket to a custom domain using Route 53? Point Route 53 alias record to the S3 website endpoint (with static hosting enabled).

08. Route53, CDN, and S3 (Q&A)

  1. What is Route53 and its primary use case in AWS? Answer: Route53 is a scalable DNS web service used for domain registration, DNS routing (public/private), and health checking.

  2. Explain how routing policies work in Route53. Answer: Routing policies include: Simple, Weighted, Latency-based, Failover, Geolocation, and Multivalue Answer.

  3. How do you configure a custom domain name with an S3 static website? Answer: Point Route53 alias/A record to the S3 website endpoint. Enable static hosting in S3 and match bucket name to domain.

  4. What is an S3 bucket policy and how does it differ from IAM policy? Answer: Bucket policies are resource-based, attached directly to the bucket. IAM policies are identity-based and attached to users, roles, or groups.

  5. How do you restrict S3 access to only requests from your CloudFront distribution? Answer: Use OAC (Origin Access Control) or OAI (legacy) with a bucket policy allowing access only from that identity.

  6. Explain how CloudFront works with dynamic and static content. Answer: CloudFront caches static content at edge locations and forwards dynamic content to origin servers like EC2 or ALB.

  7. What are the use cases for different S3 storage classes? Answer: Standard (frequent), IA (infrequent), One Zone-IA (lower durability), Glacier/Deep Archive (long-term), Intelligent-Tiering (automated tiering).

  8. How do you troubleshoot 403 errors from S3? Answer: Check bucket policy, IAM policy, object ACLs, and ensure correct URL usage.

  9. How does CloudFront reduce latency? Answer: By delivering content from globally distributed edge locations close to users.

  10. What is a TTL in CloudFront and how does it affect caching? Answer: TTL (Time to Live) defines how long objects are cached at edge. Short TTL = frequent fetch; Long TTL = higher cache hit.

  11. What is the use of invalidation in CloudFront? Answer: Invalidation removes cached objects before TTL expiry. Useful for forcing updates.

  12. How to set up Route53 failover for a multi-region deployment? Answer: Create health checks and use failover routing policy with primary and secondary records.

  13. What is a hosted zone in Route53? Answer: A container for DNS records of a domain, either public or private.

  14. Can you point Route53 to a non-AWS resource? Answer: Yes, by creating an A or CNAME record pointing to an external IP or domain.

  15. How does versioning in S3 work? Answer: Allows multiple versions of objects. Deletes become non-permanent unless all versions are deleted.

  16. What is S3 lifecycle policy and why use it? Answer: Automates transition of objects between storage classes or expiration to manage cost and compliance.

  17. Explain signed URLs and signed cookies in CloudFront. Answer: Used for secure access to private content. URLs grant time-limited access; cookies work for session-based access.

  18. How do you prevent hotlinking of content in CloudFront? Answer: Use signed URLs or restrict referrer headers in behavior settings.

  19. Can CloudFront serve HTTPS content? How? Answer: Yes. Attach an ACM certificate and enforce HTTPS-only behavior in distribution settings.

  20. What are origin groups in CloudFront? Answer: Allow failover between two origins, such as S3 and EC2, improving availability.

  21. How do you use S3 for log storage from CloudFront or ELB? Answer: Enable logging in CloudFront/ELB settings and specify the S3 bucket destination.

  22. What’s the difference between CloudFront and Global Accelerator? Answer: CloudFront is for HTTP/HTTPS content delivery; Global Accelerator is for improving latency and availability of TCP/UDP apps.

  23. How to ensure high availability for static websites using S3 + CloudFront? Answer: Use multiple S3 buckets in different regions, Route53 failover routing, and CloudFront with fallback origins.

  24. What is the maximum number of records per hosted zone in Route53? Answer: 10,000 records (soft limit), can be increased via support.

  25. What monitoring tools are available for Route53 and S3? Answer: Route53: Health checks, query logs, CloudWatch. S3: CloudWatch metrics, CloudTrail, server access logs.