Interviewers test IAM least privilege, VPC basics, S3 security, when to pick RDS vs DynamoDB, high availability patterns, and cost awareness—not memorizing every service name.
Top themes
- Shared responsibility model and IAM (users, roles, policies, MFA)
- VPC: public/private subnets, security groups, NAT vs IGW
- EC2 lifecycle, EBS, Auto Scaling + ALB
- S3 storage classes, encryption, block public access
- RDS Multi-AZ, DynamoDB keys, ElastiCache use cases
- Lambda vs EC2 vs containers trade-offs
- Well-Architected pillars awareness (security, reliability, cost)
Sample architecture story
Prepare a 60-second walkthrough: users hit CloudFront → ALB in public subnets → Auto Scaling EC2 in private subnets → RDS PostgreSQL Multi-AZ; static assets on S3; secrets in Secrets Manager; IAM roles on instances.
Practice: Review prior modules, then answer interview prompts without notes. Optional: sketch a three-tier architecture on paper (ALB, EC2, RDS, S3).
Common pitfalls interviewers probe
- Root access keys in CI
- Public S3 buckets with PII
- SSH open to 0.0.0.0/0
- No backups tested
- Single AZ production
Important interview questions and answers
- Q: Shared responsibility?
A: AWS secures cloud infrastructure; customer secures data, IAM, network config, and encryption choices. - Q: When Lambda over EC2?
A: Event-driven, variable traffic, short tasks—avoid long-running stateful servers.
Self-check
- Explain public vs private subnet in one sentence.
- Name three Well-Architected pillar areas.
Tip: Prepare one architecture diagram story: ALB, private EC2, RDS Multi-AZ, S3 assets.
Interview prep
- Three-tier pattern?
ALB public → EC2 private → RDS private with IAM roles and encrypted S3.
- Public S3 risk?
Data leak—enable Block Public Access and least-privilege bucket policies.