AWS Devops Interview Questions and Answers

Q1. What are IAM custom policies. Explain with an use-case.

Apart from AWS managed IAM policies, we can create our own policies. These are called custom policies. Creating a policy to limit the merge to CodeCommit master branch to specific users is an use case for the same.

Refer: Example for creating custom policy

Q2. What is CodeBuild in AWS?

It is a build service provided by AWS to build and test code with elastic scaling. It launches and provisions a docker image and then shuts down once the build and test is completed. It is serverless and it is not required to wait for the build queue. We need to pay only for the build time we use. The Source can be GitHub or CodeCommit. Build instructions are defined in a file called buildspec.yml. Once the build is complete, the output can be send to S3 or CloudWatch logs.

Q3. How can CodeBuild Failures be notified?

CloudWatch events can be created to trigger notifications when a build fails.

Q4. Explain the steps involved to create a build in AWS using CodeBuild.

  • Create the build project.
  • Provide the Source of the code. It can be CodeCommit, S3, Github or Bitbucket.
  • Select the Environment. It can be managed or custom image.
  • Create the service role.
  • Provide the timeout and compute parameters.
  • Provide the Buildspec file.
  • Mention the logs destination.
  • Create the build and start it.

Q5. If we need to test multiple branch in the same repo, can we do it in a single build project?

No, we need to create multiple build project as we can select only one branch in the CodeBuild reference type.

Q6. When do you use custom image in CodeBuild?

When we need to install some specific software to build and test our code we use custom image.

Q7. What is the timeout for Lambda function?

15 mins

Q8. How can a CodeBuild be triggered?

  • We can start a build manually by clicking on Start Build in the build project.
  • We can create a CloudWatch event to trigger a CodeBuild when there are some code changes or merges in CodeCommit.
  • We can also add it to the CodePipeline for automatic execution.

Q9. What is CodeDeploy in AWS?

It is a service provided by AWS for deployment. If we need to automatically deploy our applications to many EC2 (or on-premise) instances  we use CodeDeploy. Each instance should have the CodeDeploy agent installed in it. The agent polls the AWS CodeDeploy continuously for work to do. Source will be pulled from S3 or Github and the instance will run the deployment as specified in the appspec.yml.

Q10. Explain the steps involved in AWS CodeDeploy.

  • Create an Application.
  • Choose the compute platform. It can be EC2, Lambda etc.
  • In order to create a new deployment, we need to first create a new deployment group.
  • Create a deployment group.
  • Create a service role in IAM for CodeDeploy that allow to access the EC2 instance and provide the service role name.
  • Choose deployment type. It can be in place or blue/green.
  • Choose the Environment group - EC2 or on-premise instances and tag groups.
  • Save deployment group.
  • Create a deployment.
  • Choose the deployment group created above.
  • Choose the revision type. The application where the code is present should be copied to S3 bucket or GitHub.
  • Start deployment.

Q11. Is it mandatory to create a deployment group in CodeDeploy for deployment.

Yes, it is mandatory to create a deployment group. It is used to group the servers by the environment type like DEV, QA, PROD, etc.

Q12. Explain buildspec.yml and appspec.yml

Buildspec.yml file is used for CodeBuild. It has different phases like install, pre_build, build and post_build. Install is used to install the pre-requisites in the docker build image. pre_build, build and post_build are used to execute the build commands.

Appspec.yml file is used for CodeDeploy. It has different sections like files and hooks. If we need to copy some files we need to specify the source and destination under the files section. Under the hooks section, we can specify the hooks like ApplicationStop, BeforeInstall, AfterInstall, ApplicationStart, ValidateService etc.

Q13. How is a CodeDeploy triggerred.

We can manually start a deployment or add it to the Codepipeline for automatic execution.

Q14. While creating a deployment in CodeDeploy, what is revision type or where should the application be stored?

The application can be stored in S3 or Github. We need to mention the revision location for the same. If the code is present in CodeCommit, we need to create a S3 bucket, enable versioning, zip the code and push it to S3.

Q15. Why is it advisable to send the CodeBuild output to S3 or CloudWatch?

The CodeBuild is done on a docker image which gets destroyed once the build is complete. So in case of any issues during the build and there is a need to verify the logs later, it should be send to CloudWatch or S3.

Q16. Can Lambda function be used in AWS Code pipeline? Explain with an use case. Is this chargeable?

Yes, Lambda functions can be used in the pipeline. A new stage or action can be created to invoke a lambda function. Yes, creating and running lambda functions are chargeable.
Use- cases:
- To create resources on demand and delete it later.
- To Backup resources by creating a snapshot.
- To test if an URL is reachable.

Q17.What is CodePipeline and explain the steps involved in it.

CodePipeline is used to orchestrate the entire CI/CD pipeline.
The data source can be from CodeCommit, CodeBuild or Jenkins for build,
CodeDeploy to deploy. CodePipeline brings everything together. Each pipeline creates artifacts. Artifacts are stored in S3 and passed to the next level.

Below are the steps involved:
- Create Pipeline.
- Create a Service role.
- Select the Artifact store. This will be the S3 bucket location.
- Add Source stage. This can be CodeCommit, Github or S3. Choose the repo and branch.
- Change Detection option. It can be CloudWatch events or CodePipeline.
  a. CloudWatch - Whenever we push commit to CodeCommit a CloudWatch event will be triggered to start the Codepipeline.
  b. CodePipeline - This periodically checks for changes in the code.
- Add Build stage. This can be CodeBuild or Jenkins
- Add Deploy stage. This can be CodeDeploy, S3, beanstalk,  CloudFormation etc.

Q18. What is the use of CloudFormation template?

CloudFormation is a declarative way of outlining AWS Infrastructure. It is also called as Infrastructure as code (IAC). We need to create a template, upload in S3 and reference in CloudFormation. The template should specify all the AWS resources that need to be created like EC2 instance, Elastic IP, Security group etc. CloudFormation takes care of provisioning and configuring these resources.

Q19. Name few CloudFormation template components.

Resources, Parameters, Mappings, Outputs, Conditionals and Metadata.

Q20. Explain the steps to create a EC2 instance via CloudFormation.

Create a stack in CloudFormation by providing the yaml file specifying the below configurations.

    Type: AWS::EC2::Instance
      AvailabilityZone: us-west-1a
      ImageId: ami-0xxxxxx48d0xxx6e52
      InstanceType: t2.micro

Q21. Is it possible to update a CloudFormation stack to add a new Elastic IP to the EC2 instance. Will it add to the same EC2 instance?

Yes, it is possible to update the stack. The existing EC2 instance will be replaced/terminated and a new EC2 instance will be created with the Elastic IP.

Q22. Name few status code of the CloudFormation stack.


Q23. Give an example for outputs in CF.

    Description: The security group
    Value: !Ref MySecurityGroup
     Name: SSHSecurityGroup

Q24. What happens when you delete the CloudFormation stack that was used to create a EC2 instance.

The EC2 instance gets terminated.

Q25. What are parameters in CloudFormation. How to pass secrets in the parameters?

Parameters are inputs to CloudFormation templates. To pass secrets use the type as NoEcho

Q26. How to reference parameters in Cloudformation template?

Use !Ref as mentioned below.

id: !Ref MyVPC

Q27. What are pseudo parameters in CF template?

These parameters can be used at any time and are enabled by default.
eg: AWS::Region

Q28. Give an example for conditionals in CF template.

  ProdResources: !Equals [ !Ref Environment, PROD ]

Other logical conditions are And, If, Not and Or

Conditions can be applied to resources, outputs etc..

Q29. What is the difference between !Ref and !GetAtt

!Ref is used to get the value of a parameter or the physical id of a resource.

!GetAtt is used to get the attributes attached to the resource. For eg, to get the AZ of an EC2 instance.

Q30. Name few of the intrinsic functions in CF.

Ref, GetAtt, Join, Sub, FindInMap, ImportValue and condition functions like If, Not, Equal etc.

Q31. How to prevent update stack in CloudFormation?

We need to use a stack policy. It is a json file. We can have statements in it
to allow and deny the updates on resources.

    "Statement": [
            "Effect": "Deny",
            "Action": "Update:*",
            "Principal": "*",
            "Resource": "ResourceId/MajorSecurityGroup"

Q32. How to rollback in CodeDeploy if the deploy fails?

In the ValidateService hook in appspec.yml, perform a simple test to validate if the build is done properly. Configure Codedeploy to rollback on deployment failures. If the hook fails, codedeploy will perform a  rollback.



I am a self mentored web enthusiast who likes to inspect element everything I see on the web.