devops Community AWS devops versus aure devops AWS devops scenario based interview question question one infrastructure automation question scenario you are given a task of automating the deployment of a multi-tier web application in AWS the application should be highly available and scalable question is how would you design the infrastructure and what AWS Services would you use you have to design an infrastructure on AWS multier application two tier three tier ner infrastructure for a muler application AWS service that I will be using to create a multi- tier web applications infrastructure is cloud formul now I will be using cloud formation to create resources like S3 buckets to store the static data to ECS to uh ECR for storing and loading the images for my application RDS in order to store the data for the database in case I need to use non- relational database I will be using Dynamo Deb so this way I will be using uh cloud formation for all of my resources and in terms of Automation and scaling as I'm interviewing for AWS devops I will be using AWS code pipeline to automate the cicd process in order to use the repository I will be using Code commit in order to build I will be using Code build and to automatically deploy to my ECR ECS I will be using Code deploy scenarios C S3 static files Lo EC ECS application Lo Rd question continuous integration and continuous deployment scenario your team is transitioning to a cicd model for faster and Reliable Software delivery you are responsible for setting up cicd pipeline in AWS question is what steps will you take to set up the cicd pipeline how will you ensure that it is efficient and secure question what steps will you take for CD Pipeline and ensure if it is efficient and secure so in order to move from an existing kind of deployment to a cicd based deployment I would be using AWS devop stack which is AWS code commit for the repository code build for the building process code deploy for deploy M of my applications to ec2 ECR sorry ECS and if I want to do the entire cicd I would be using AWS code pipeline now to ensure everything is secure I will be using IM am based role based security policies in that case every service will be having a role there won't be any users created to uh use this kind of cicd process there will will be service roles created for that in order to ensure that my applications are securely and efficiently deployed I will be using AWS Secrets manager for my application so to store all of the passwords I will be using KMS or AWS Key Management Service in order to store all the keys do the key rotation to ensure that I have the best practices and to ensure my cic pipeline works well the pipeline will be monitored by AWS Cloud watch every stage there will be artifacts generated and stored in AWS artifactory so this way up her step a a service as a devops engineer as AWS devops engineer AWS okay next question question three which is on monitoring and logging scenario here you need to set up a comprehensive monitoring and logging system for your AWS infrastructure what AWS Services would you use how would you ensure that your monitoring and logging system is effective question and L so you have to answer very carefully so in order to enable monitoring and logging for my AWS uh for my applications on AWS I would be using AWS cloudwatch also I will be making sure that there are AWS cloudwatch alerts for every metrics in my application I would would be using AWS cloud trail in order to see the logs all the trails and I also would be using AWS open search dashboards so that all of my logs which are kept or which are aggregated I could easily visualize them into dashboards making it effective for other teams to collaborate and watch the logs important devop engine P you can even tell AWS xray to Monitor and log microservices but as a devop engineer devop open search dashbo which AWS devops engineer should know next question I scenars fourth question tough one disaster recovery and high availability your company's web application is critical and must have a robust Disaster Recovery plan with minimal down time how would you design a disaster recovery strategy in AWS what services and approaches you would use to ensure High availability as a devops engineer I would ensure that my clients my applications they are fall tolerant and they have Disaster Recovery strategies I will be using multi- asit deployments for my RDS which is uh my database Services as there is multi-az it if at all there is a disaster in one of the regions I will be having a backup in other region even my static files will be saved because I will be using S3 cross region replication so that the static files are not lost all these things would ensure that the that the system is highly available even after having multier deployments on my ECS or bean stock I would be preferring to go for eks or elastic kubernetes service so that my application is fa tolerant because of kubernetes architecture making sure that the entire application design is well and uh is perfect I will also ensure that the entire system is under a VPC or a virtual private Cloud so that it is safe from the outer attacks and I'll also ensure that Route 53 would basically do the correct routing with web access fire wall or web application firewall to ensure that the disaster recovery in case it happens it is redirected to uh the backup plan or whatever Disaster Recovery plan I have so next question crazy security and compliance question scenario you are responsible for ensuring that your AWS infrastructure complies with industry standards this is your scenario question is what measures would you take to secure your AWS environment and maintain compliance question for example you can tell about the services that you use for security so ensuring that the best practices best security practi practices are followed in my AWS environment I would highly recommend all of my users who are logging into the system have an I am role based access and in case any user is not having a MFA or all these kind of security policies their system access would be revoked I would be ensuring that the application is in a VPC NS or security groups for maintaining the Ingress and ESS of security practices in order to make sure that the data is encrypted I would be using AWS KMS and apart from that following all of the security policies I would also ensure that this compliance policies are followed I would be highly encouraging the team to have Hippa compliance gdpr compliance and all of those state-ofthe-art and best practices which are followed by every country every kind of organization which are having amazing applications to ensure that my databases are protected with proper keys I will be using AWS Secrets manager in order to make sure that my applications have U you know less kind of Dos attack or some kind of you know security threat I would be using Route 53 integrated with Amazon a w which is web access firewall so that all of the requests that are coming they are safe and our application is now protected there will be instances where I'll be using AWS x-ray AWS Cloud watch to monitor the entire application to make sure no kind of suspicious activities are going on in the application as a devops engineer security and compliance is one of the things that I have to ensure in each of my projects so questions answers I'm pretty sure questions devop Z to her bat start 27th of January Channel thanks for watching