AWS_Practical_Interview_201 400

AWS Practical Interview Questions (201-400)

EKS and Kubernetes

Q201: How do you create EKS cluster?

Answer:

# Create cluster
aws eks create-cluster \
  --name my-cluster \
  --role-arn arn:aws:iam::123456789012:role/eks-role \
  --resources-vpc-config subnetIds=subnet-12345,subnet-67890,securityGroupIds=sg-12345 \
  --version 1.28

# Update kubeconfig
aws eks update-kubeconfig --name my-cluster --region us-east-1

Q202: How do you create node group in EKS?

Answer:

# Create node group
aws eks create-nodegroup \
  --cluster-name my-cluster \
  --nodegroup-name my-nodes \
  --scaling-config minSize=2,maxSize=5,desiredSize=3 \
  --instance-types t3.medium \
  --subnets subnet-12345 subnet-67890

Q203: How do you deploy application to EKS?

Answer:

# Apply deployment
kubectl apply -f deployment.yaml

# deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-app
spec:
  replicas: 3
  selector:
    matchLabels:
      app: my-app
  template:
    metadata:
      labels:
        app: my-app
    spec:
      containers:
      - name: my-app
        image: nginx:latest
        ports:
        - containerPort: 80

Q204: How do you expose application in EKS?

Answer:

# Create service
kubectl expose deployment my-app --type=LoadBalancer --port=80

# Or create ingress
kubectl apply -f ingress.yaml

# ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: my-ingress
spec:
  rules:
  - host: example.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: my-app
            port:
              number: 80

Q205: How do you set up ALB controller in EKS?

Answer:

# Install AWS Load Balancer Controller
helm repo add eks https://aws.github.io/eks-charts
helm install aws-load-balancer-controller \
  -n kube-system \
  --set clusterName=my-cluster \
  --set serviceAccount.create=false \
  --set serviceAccount.name=aws-load-balancer-controller

---

AWS Glue and Data Pipeline

Q206: How do you create Glue crawler?

Answer:

# Create crawler
aws glue create-crawler \
  --name my-crawler \
  --role arn:aws:iam::123456789012:role/glue-role \
  --database-name my-database \
  --targets '{
    "S3Targets": [{"Path": "s3://my-bucket/data/"}]
  }' \
  --schedule "cron(0 12 * * ? *)"

Q207: How do you create Glue job?

Answer:

# Create job
aws glue create-job \
  --name my-etl-job \
  --role arn:aws:iam::123456789012:role/glue-role \
  --command '{
    "Name": "glueetl",
    "ScriptLocation": "s3://my-bucket/scripts/etl.py"
  }' \
  --default-arguments '{
    "--job-language": "python",
    "--enable-metrics": ""
  }'

Q208: How do you run Glue job?

Answer:

# Start job run
aws glue start-job-run \
  --job-name my-etl-job \
  --arguments '{
    "--extra-py-files": "s3://my-bucket/lib/utils.py"
  }'

---

AWS Step Functions

Q209: How do you create Step Functions state machine?

Answer:

# Create state machine
aws stepfunctions create-state-machine \
  --name my-workflow \
  --definition '{
    "Comment": "My workflow",
    "StartAt": "FirstState",
    "States": {
      "FirstState": {
        "Type": "Pass",
        "End": true
      }
    }
  }' \
  --role-arn arn:aws:iam::123456789012:role/stepfunctions-role

Q210: How do you invoke Step Functions?

Answer:

# Start execution
aws stepfunctions start-execution \
  --state-machine-arn arn:aws:states:us-east-1:123456789012:stateMachine:my-workflow \
  --input '{"key": "value"}'

---

AWS EventBridge

Q211: How do you create EventBridge rule?

Answer:

# Create rule
aws events put-rule \
  --name my-rule \
  --event-pattern '{
    "source": ["aws.ec2"],
    "detail-type": ["EC2 Instance State-change Notification"]
  }'

# Add target
aws events put-targets \
  --rule my-rule \
  --targets '[{"Id":"1","Arn":"arn:aws:lambda:us-east-1:123456789012:function:my-function"}]'

Q212: How do you create EventBridge schedule?

Answer:

# Create schedule
aws events put-rule \
  --name daily-trigger \
  --schedule-expression "rate(1 day)"

---

AWS CodeBuild

Q213: How do you create CodeBuild project?

Answer:

# Create project
aws codebuild create-project \
  --name my-build-project \
  --source '{
    "type": "GITHUB",
    "location": "https://github.com/user/repo"
  }' \
  --artifacts '{
    "type": "S3",
    "location": "my-bucket"
  }' \
  --environment '{
    "type": "LINUX_CONTAINER",
    "computeType": "BUILD_GENERAL1_MEDIUM",
    "image": "aws/codebuild/standard:6.0"
  }'

Q214: How do you create buildspec.yml?

Answer:

buildspec.yml

version: 0.2

env:
  variables:
    NODE_ENV: "production"

phases:
  install:
    runtime-versions:
      nodejs: 18
    commands:
      - npm install
  build:
    commands:
      - npm run build
  post_build:
    commands:
      - npm test

artifacts:
  files:
    - '**/*'
  discard-paths: yes

---

AWS CodeDeploy

Q215: How do you create CodeDeploy application?

Answer:

# Create application
aws codedeploy create-application \
  --application-name my-application

# Create deployment group
aws codedeploy create-deployment-group \
  --application-name my-application \
  --deployment-group-name my-deployment-group \
  --service-role-arn arn:aws:iam::123456789012:role/codedeploy-role \
  --ec2TagFilters '[{"Key": "Environment", "Value": "Production"}]'

Q216: How do you create appspec.yml?

Answer:

appspec.yml

version: 0.0
os: linux

files:
  - source: /
    destination: /var/www/html

hooks:
  BeforeInstall:
    - location: scripts/before_install.sh
      timeout: 300
  AfterInstall:
    - location: scripts/after_install.sh
  ApplicationStart:
    - location: scripts/start_server.sh
  ValidateService:
    - location: scripts/test.sh

---

AWS CodePipeline

Q217: How do you create CodePipeline?

Answer:

# Create pipeline
aws codepipeline create-pipeline \
  --pipeline '{
    "name": "my-pipeline",
    "roleArn": "arn:aws:iam::123456789012:role/codepipeline-role",
    "stages": [
      {
        "name": "Source",
        "actions": [{
          "name": "SourceAction",
          "actionTypeId": {"category": "Source", "owner": "AWS", "provider": "CodeCommit", "version": "1"},
          "configuration": {"RepositoryName": "my-repo", "BranchName": "main"}
        }]
      },
      {
        "name": "Build",
        "actions": [{
          "name": "BuildAction",
          "actionTypeId": {"category": "Build", "owner": "AWS", "provider": "CodeBuild", "version": "1"},
          "configuration": {"ProjectName": "my-build-project"}
        }]
      }
    ],
    "artifactStore": {"type": "S3", "location": "my-artifact-bucket"}
  }'

---

AWS CloudTrail

Q218: How do you look up CloudTrail events?

Answer:

# Lookup events
aws cloudtrail lookup-events \
  --lookup-attributes AttributeKey=EventSource,AttributeValue=ec2.amazonaws.com

# Lookup by username
aws cloudtrail lookup-events \
  --lookup-attributes AttributeKey=Username,AttributeValue=john

# Lookup by resource
aws cloudtrail lookup-events \
  --lookup-attributes AttributeKey=ResourceName,AttributeValue=my-bucket

---

AWS Config

Q219: How do you enable AWS Config?

Answer:

# Create configuration recorder
aws configservice put-configuration-recorder \
  --configuration-recorder '{
    "name": "default",
    "roleARN": "arn:aws:iam::123456789012:role/config-role"
  }'

# Create delivery channel
aws configservice put-delivery-channel \
  --delivery-channel '{
    "name": "default",
    "s3BucketName": "config-bucket",
    "snsTopicARN": "arn:aws:sns:us-east-1:123456789012:config-topic"
  }'

# Start recorder
aws configservice start-configuration-recorder --configuration-recorder-name default

---

AWS Systems Manager

Q220: How do you create Maintenance Window?

Answer:

# Create maintenance window
aws ssm create-maintenance-window \
  --name "My-Maintenance-Window" \
  --schedule "cron(0 2 ? * SUN *)" \
  --duration 4 \
  --cutoff 1

# Register target
aws ssm register-target-with-maintenance-window \
  --window-id mw-12345 \
  --target '{"Key":"instanceids","Values":["i-12345"]}'

# Register task
aws ssm register-task-with-maintenance-window \
  --window-id mw-12345 \
  --task-arn arn:aws:iam::123456789012:role/ssm-role \
  --service-role-arn arn:aws:iam::123456789012:role/ssm-role \
  --task-type AUTOMATION \
  --max-concurrency 1 --max-errors 1

---

AWS Secrets Manager

Q221: How do you create secret with rotation?

Answer:

# Create secret with Lambda rotation
aws secretsmanager create-secret \
  --name prod/db-credentials \
  --secret-string '{"username":"admin","password":"password123"}' \
  --rotation-lambda-arn arn:aws:lambda:us-east-1:123456789012:function:rotation-function \
  --rotation-rules AutomaticallyAfterDays=30

---

AWS KMS

Q222: How do you create KMS key with policy?

Answer:

# Create key
aws kms create-key \
  --description "My encryption key" \
  --key-usage ENCRYPT_DECRYPT \
  --origin AWS_KMS \
  --multi-region

# Put key policy
aws kms put-key-policy \
  --key-id alias/my-key \
  --policy '{
    "Version": "2012-10-17",
    "Id": "key-policy",
    "Statement": [{
      "Sid": "Enable IAM User Permissions",
      "Effect": "Allow",
      "Principal": {"AWS": "arn:aws:iam::123456789012:root"},
      "Action": "kms:*",
      "Resource": "*"
    }]
  }'

---

AWS CloudWatch Logs

Q223: How do you create log subscription filter?

Answer:

# Create subscription filter to Lambda
aws logs put-subscription-filter \
  --log-group-name /aws/lambda/my-function \
  --filter-name error-filter \
  --filter-pattern "[level=ERROR]" \
  --destination-arn arn:aws:lambda:us-east-1:123456789012:function:error-processor

---

AWS S3 Advanced

Q224: How do you set up S3 batch operations?

Answer:

# Create job
aws s3control create-job \
  --account-id 123456789012 \
  --operation '{
    "S3PutObjectCopy": {
      "TargetResource": "arn:aws:s3:::dest-bucket/*"
    }
  }' \
  --manifest '{
    "Spec": {
      "Format": "S3BatchOperations_CSV_20180820",
      "Fields": ["Bucket", "Key"]
    },
    "Location": {
      "ObjectArn": "arn:aws:s3:::manifest-bucket/manifest.csv"
    }
  }' \
  --priority 10 \
  --role-arn arn:aws:iam::123456789012:role/batch-role

---

AWS Lambda Advanced Patterns

Q225: How do you handle Lambda errors with dead letter queue?

Answer:

import boto3
import json

def lambda_handler(event, context):
    try:
        # Process event
        result = process_data(event)
        return {'statusCode': 200, 'body': json.dumps(result)}
    except Exception as e:
        # Send to DLQ
        sqs = boto3.client('sqs')
        sqs.send_message(
            QueueUrl='https://sqs.us-east-1.amazonaws.com/123456789012/dlq',
            MessageBody=json.dumps(event)
        )
        raise e

---

AWS VPC Advanced

Q226: How do you create VPC with NAT Gateway?

Answer:

# Create VPC
VPC=$(aws ec2 create-vpc --cidr-block 10.0.0.0/16 --query 'Vpc.VpcId' --output text)

# Create public subnet
PUBLIC_SUBNET=$(aws ec2 create-subnet --vpc-id $VPC --cidr-block 10.0.1.0/24 --availability-zone us-east-1a --query 'Subnet.SubnetId' --output text)

# Create private subnet
PRIVATE_SUBNET=$(aws ec2 create-subnet --vpc-id $VPC --cidr-block 10.0.2.0/24 --availability-zone us-east-1a --query 'Subnet.SubnetId' --output text)

# Create IGW
IGW=$(aws ec2 create-internet-gateway --query 'InternetGateway.InternetGatewayId' --output text)
aws ec2 attach-internet-gateway --vpc-id $VPC --internet-gateway-id $IGW

# Create EIP and NAT Gateway
EIP=$(aws ec2 allocate-address --domain vpc --query 'AllocationId' --output text)
NAT=$(aws ec2 create-nat-gateway --subnet-id $PUBLIC_SUBNET --allocation-id $EIP --query 'NatGateway.NatGatewayId' --output text)

# Create route tables
PUBLIC_RT=$(aws ec2 create-route-table --vpc-id $VPC --query 'RouteTable.RouteTableId' --output text)
aws ec2 create-route --route-table-id $PUBLIC_RT --destination-cidr-block 0.0.0.0/0 --gateway-id $IGW
aws ec2 associate-route-table --route-table-id $PUBLIC_RT --subnet-id $PUBLIC_SUBNET

PRIVATE_RT=$(aws ec2 create-route-table --vpc-id $VPC --query 'RouteTable.RouteTableId' --output text)
aws ec2 create-route --route-table-id $PRIVATE_RT --destination-cidr-block 0.0.0.0/0 --nat-gateway-id $NAT
aws ec2 associate-route-table --route-table-id $PRIVATE_RT --subnet-id $PRIVATE_SUBNET

---

AWS RDS Advanced

Q227: How do you create RDS proxy?

Answer:

# Create secret for database credentials
aws secretsmanager create-secret \
  --name rds-secret \
  --secret-string '{"username":"admin","password":"password"}'

# Create RDS proxy
aws rds create-db-proxy \
  --db-proxy-name my-proxy \
  --engine-family MYSQL \
  --auth '[{"SecretArn":"arn:aws:secretsmanager:us-east-1:123456789012:secret:rds-secret","IAMAuth":"DISABLED"}]' \
  --role-arn arn:aws:iam::123456789012:role/rds-proxy-role \
  --vpc-subnet-ids subnet-12345 subnet-67890 \
  --vpc-security-group-ids sg-12345

---

AWS DynamoDB Advanced

Q228: How do you create DynamoDB global table?

Answer:

# Create table in first region
aws dynamodb create-table \
  --table-name Orders \
  --attribute-definitions AttributeName=OrderID,AttributeType=S \
  --key-schema AttributeName=OrderID,KeyType=HASH \
  --billing-mode PAY_PER_REQUEST \
  --stream-specification StreamEnabled=true,StreamViewType=NEW_AND_OLD_IMAGES

# Enable on-demand backup
aws dynamodb update-continuous-backups \
  --table-name Orders \
  --point-in-time-recovery-specification PointInTimeRecoveryEnabled=true

---

AWS EFS Advanced

Q229: How do you create EFS with access points?

Answer:

# Create EFS
EFS=$(aws efs create-file-system \
  --throughput-mode bursting \
  --encrypted \
  --query 'FileSystemId' \
  --output text)

# Create access point for app
aws efs create-access-point \
  --file-system-id $EFS \
  --access-point-name app-access \
  --posix-user '{"Uid":1000,"Gid":1000}' \
  --root-directory '{"Path":"/app","CreationInfo":{"OwnerGid":1000,"OwnerUid":1000,"Permissions":"0755"}}'

# Create access point for data
aws efs create-access-point \
  --file-system-id $EFS \
  --access-point-name data-access \
  --posix-user '{"Uid":1001,"Gid":1001}' \
  --root-directory '{"Path":"/data","CreationInfo":{"OwnerGid":1001,"OwnerUid":1001,"Permissions":"0755"}}'

---

AWS ECS Advanced

Q230: How do you update ECS service with blue-green?

Answer:

# Create new task definition
aws ecs register-task-definition \
  --family my-app \
  --network-mode awsvpc \
  --container-definitions '[{"name":"web","image":"nginx:v2"}]'

# Update service
aws ecs update-service \
  --cluster my-cluster \
  --service my-service \
  --task-definition my-app:2 \
  --deployment-configuration '{
    "minimumHealthyPercent": 50,
    "maximumPercent": 200
  }'

---

AWS EKS Advanced

Q231: How do you create Helm release in EKS?

Answer:

# Add repo
helm repo add nginx-stable https://kubernetes.github.io/ingress-nginx

# Install nginx ingress
helm install nginx-ingress nginx-stable/ingress-nginx \
  --namespace ingress-basic \
  --create-namespace \
  --set controller.service.annotations.service\.beta\.kubernetes\.io/aws-load-balancer-type="nlb"

# Install Prometheus
helm install prometheus prometheus-community/prometheus \
  --namespace monitoring \
  --create-namespace

---

AWS CloudFormation Advanced

Q232: How do you use CloudFormation StackSets for multiple accounts?

Answer:

# Create stack set
aws cloudformation create-stack-set \
  --stack-set-name org-vpc \
  --template-body file://vpc-template.yaml \
  --permission-model SERVICE_MANAGED \
  --auto-deployment '{
    "Enabled": true,
    "RetainStacksOnAccountRemoval": false
  }'

# Create stacks in accounts
aws cloudformation create-stack-instances \
  --stack-set-name org-vpc \
  --accounts '["111111111111","222222222222"]' \
  --regions '["us-east-1","us-west-2"]' \
  --operation-preferences '{
    "FailureToleranceCount": 1,
    "MaxConcurrentCount": 3
  }'

---

AWS CDK

Q233: How do you create VPC with CDK?

Answer:

from aws_cdk import (
    core,
    aws_ec2 as ec2
)

class VpcStack(core.Stack):
    def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
        super().__init__(scope, id, **kwargs)

        vpc = ec2.Vpc(
            self, "MyVPC",
            cidr="10.0.0.0/16",
            max_azs=2,
            nat_gateways=1,
            subnet_configuration=[
                ec2.SubnetConfiguration(
                    name="Public",
                    cidr_mask=24,
                    subnet_type=ec2.SubnetType.PUBLIC
                ),
                ec2.SubnetConfiguration(
                    name="Private",
                    cidr_mask=24,
                    subnet_type=ec2.SubnetType.PRIVATE
                )
            ]
        )

Q234: How do you create Lambda with CDK?

Answer:

from aws_cdk import (
    core,
    aws_lambda as _lambda,
    aws_apigateway as apigateway
)

class LambdaStack(core.Stack):
    def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
        super().__init__(scope, id, **kwargs)

        # Create Lambda
        handler = _lambda.Function(
            self, "MyHandler",
            runtime=_lambda.Runtime.PYTHON_3_9,
            handler="index.handler",
            code=_lambda.Code.from_inline(
                "def handler(event, context): return {'statusCode': 200}"
            )
        )

        # Create API Gateway
        api = apigateway.LambdaRestApi(
            self, "MyApi",
            handler=handler
        )

---

AWS SAM

Q235: How do you create SAM template?

Answer:

template.yaml

AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31

Resources:
  MyFunction:
    Type: AWS::Serverless::Function
    Properties:
      Handler: index.handler
      Runtime: python3.9
      Events:
        Api:
          Type: Api
          Properties:
            Path: /{proxy+}
            Method: ANY

  MyTable:
    Type: AWS::Serverless::SimpleTable

Q236: How do you deploy SAM application?

Answer:

# Build
sam build

# Deploy
sam deploy --guided

# Local invoke
sam local invoke MyFunction --event event.json

# Local API
sam local start-api

---

AWS Data Pipeline

Q237: How do you create Data Pipeline?

Answer:

# Create pipeline
aws datapipeline create-pipeline \
  --name my-pipeline \
  --unique-id pipeline-$(date +%s)

---

AWS IoT

Q238: How do you create IoT Thing?

Answer:

# Create thing
aws iot create-thing --thing-name my-device

# Create thing type
aws iot create-thing-type --thing-type-name sensor-type

# Attach thing type
aws iot attach-thing-type --thing-name my-device --thing-type-name sensor-type

---

AWS IoT Core Rules

Q239: How do you create IoT rule?

Answer:

# Create rule
aws iot create-topic-rule \
  --rule-name my-rule \
  --topic-rule-payload '{
    "sql": "SELECT * FROM 'devices/+/data'",
    "actions": [{
      "lambda": {
        "functionArn": "arn:aws:lambda:us-east-1:123456789012:function:process-data"
      }
    }]
  }'

---

AWS SQS Advanced

Q240: How do you use SQS with Lambda?

Answer:

# Create queue
QUEUE_URL=$(aws sqs create-queue --queue-name my-queue --query 'QueueUrl' --output text)

# Add permission for Lambda
aws sqs set-queue-attributes \
  --queue-url $QUEUE_URL \
  --attributes '{
    "Policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"lambda.amazonaws.com\"},\"Action\":\"sqs:*\",\"Resource\":\"*\"}]}"
  }'

# Create event source mapping
aws lambda create-event-source-mapping \
  --function-name my-function \
  --event-source-arn arn:aws:sqs:us-east-1:123456789012:my-queue \
  --batch-size 10

---

AWS SNS Advanced

Q241: How do you use SNS with Lambda?

Answer:

# Create topic
TOPIC_ARN=$(aws sns create-topic --name my-topic --query 'TopicArn' --output text)

# Subscribe Lambda
aws sns subscribe \
  --topic-arn $TOPIC_ARN \
  --protocol lambda \
  --notification-endpoint arn:aws:lambda:us-east-1:123456789012:function:my-function

---

AWS Kinesis Data Analytics

Q242: How do you create Kinesis Analytics application?

Answer:

# Create application
aws kinesisanalyticsv2 create-application \
  --application-name my-analytics \
  --runtime FLINK_1_11 \
  --service-execution-role-arn arn:aws:iam::123456789012:role/analytics-role \
  --application-code "SELECT * FROM SOURCE_SQL_STREAM_001 WHERE temperature > 50"

---

AWS Athena

Q243: How do you query data with Athena?

Answer:

# Create database
aws athena start-query-execution \
  --query-string "CREATE DATABASE IF NOT EXISTS mydb" \
  --query-execution-context DatabaseName=mydb

# Create table
aws athena start-query-execution \
  --query-string "
    CREATE TABLE mydb.s3_logs (
      time STRING,
      method STRING,
      status INT,
      size BIGINT
    )
    ROW FORMAT DELIMITED
    FIELDS TERMINATED BY ','
    LOCATION 's3://my-bucket/logs/'
  " \
  --query-execution-context DatabaseName=mydb

# Query
aws athena start-query-execution \
  --query-string "SELECT * FROM s3_logs WHERE status = 404" \
  --query-execution-context DatabaseName=mydb

---

AWS QuickSight

Q244: How do you create QuickSight dataset?

Answer:

# Create dataset (requires QuickSight console)
# 1. Go to QuickSight
# 2. Datasets → New dataset
# 3. Choose data source (S3, Athena, RDS, etc.)
# 4. Import or direct query
# 5. Visualize

---

AWS SageMaker

Q245: How do you create SageMaker notebook?

Answer:

# Create notebook instance
aws sagemaker create-notebook-instance \
  --notebook-instance-name my-notebook \
  --instance-type ml.t2.medium \
  --role-arn arn:aws:iam::123456789012:role/sagemaker-role

# Start notebook
aws sagemaker start-notebook-instance --notebook-instance-name my-notebook

---

AWS Glue Studio

Q246: How do you create Glue Studio job?

Answer:

# Create job (visual)
# Use AWS Glue Console → ETL Jobs → Visual ETL
# Or use Glue Studio API

# Create job via CLI
aws glue create-job \
  --name my-glue-studio-job \
  --role arn:aws:iam::123456789012:role/glue-role \
  --command '{
    "Name": "glueetl",
    "ScriptLocation": "s3://my-bucket/scripts/etl.py"
  }'

---

AWS Lake Formation

Q247: How do you set up Lake Formation?

Answer:

# Register S3 location
aws lakeformation register-resource \
  --resource-arn arn:aws:s3:::my-data-lake \
  --use-service-linked-role

# Grant permissions
aws lakeformation grant-permissions \
  --principal DataLakePrincipalIdentifier=arn:aws:iam::123456789012:user/john \
  --permissions SELECT \
  --resource '{"Table":{"DatabaseName":"mydb","TableName":"table1"}}'

---

AWS Redshift

Q248: How do you create Redshift cluster?

Answer:

# Create cluster
aws redshift create-cluster \
  --cluster-identifier my-cluster \
  --node-type dc1.large \
  --master-username admin \
  --master-user-password mypassword123 \
  --cluster-type single-node \
  --db-name mydb

Q249: How do you resize Redshift cluster?

Answer:

# Resize cluster
aws redshift resize \
  --cluster-identifier my-cluster \
  --cluster-type multi-node \
  --node-type dc2.large \
  --number-of-nodes 3

---

AWS Elasticsearch

Q250: How do you create Elasticsearch domain?

Answer:

# Create domain
aws es create-elasticsearch-domain \
  --domain-name my-domain \
  --elasticsearch-version 7.10 \
  --cluster-config '{
    "InstanceType": "t3.medium.elasticsearch",
    "InstanceCount": 2,
    "DedicatedMasterEnabled": false,
    "ZoneAwarenessEnabled": true
  }' \
  --ebs-options '{
    "EBSEnabled": true,
    "VolumeType": "gp2",
    "VolumeSize": 20
  }'

---

AWS OpenSearch

Q251: How do you create OpenSearch domain?

Answer:

# Create domain
aws opensearch create-domain \
  --domain-name my-domain \
  --engine-version OpenSearch_1.0 \
  --cluster-config '{
    "InstanceType": "t3.medium.search",
    "InstanceCount": 2,
    "ZoneAwarenessEnabled": true
  }' \
  --ebs-options '{
    "EBSEnabled": true,
    "VolumeType": "gp2",
    "VolumeSize": 20
  }'

---

AWS Macie

Q252: How do you enable Macie?

Answer:

# Enable Macie
aws macie2 enable-macie

# Create classification job
aws macie2 create-classification-job \
  --job-type ONE_TIME \
  --name my-classification-job \
  --s3-job-definition '{
    "bucketDefinitions": [{"accountId":"123456789012","buckets":["my-bucket"]}]
  }'

---

AWS GuardDuty

Q253: How do you enable GuardDuty?

Answer:

# Enable GuardDuty
aws guardduty create-detector \
  --enable

# Create sample findings
aws guardduty create-sample-findings \
  --detector-id detector-id

---

AWS Security Hub

Q254: How do you enable Security Hub?

Answer:

# Enable Security Hub
aws securityhub enable-organization-admin-account --admin-account-id 123456789012

# Enable standards
aws securityhub enable-standards \
  --standards-arn arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0

---

AWS Detective

Q255: How do you enable Detective?

Answer:

# Enable Detective
aws detective create-graph

# Create member invitation
aws detective create-members \
  --graph-arn arn:aws:detective:us-east-1:123456789012:graph/abc \
  --accounts '[{"AccountId":"123456789012","EmailAddress":"admin@example.com"}]'

---

AWS Control Tower

Q256: How do you set up Control Tower?

Answer:

# Set up Control Tower (requires console)
# 1. Go to AWS Control Tower console
# 2. Choose "Set up landing zone"
# 3. Configure:
#    - Home region
#    - Shared accounts (management, log archive, audit)
#    - Organization structure
# 4. Review and set up

---

AWS Systems Manager Session Manager

Q257: How do you configure Session Manager?

Answer:

# Create IAM role for Session Manager
aws iam create-role \
  --role-name SessionManagerRole \
  --assume-role-policy-document '{
    "Version": "2012-10-17",
    "Statement": [{
      "Effect": "Allow",
      "Principal": {"Service": "ec2.amazonaws.com"},
      "Action": "sts:AssumeRole"
    }]
  }'

# Attach policy
aws iam attach-role-policy \
  --role-name SessionManagerRole \
  --policy-arn arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore

---

AWS Systems Manager Parameter Store

Q258: How do you use Parameter Store for secure strings?

Answer:

import boto3
import json

ssm = boto3.client('ssm')

# Create secure string parameter
ssm.put_parameter(
    Name='/myapp/database/password',
    Value='my-secret-password',
    Type='SecureString',
    KeyId='alias/aws/ssm',
    Overwrite=True
)

# Get parameter
response = ssm.get_parameter(
    Name='/myapp/database/password',
    WithDecryption=True
)
password = response['Parameter']['Value']

---

AWS Systems Manager Distributor

Q259: How do you create package in Distributor?

Answer:

# Create package (requires console or API)
# 1. Package name
# 2. Version
# 3. Platform (Windows/Linux)
# 4. Files to include
# 5. Install script
# 6. Associate with instances

---

AWS OpsWorks

Q260: How do you create OpsWorks stack?

Answer:

# Create stack
aws opsworks create-stack \
  --name my-stack \
  --region us-east-1 \
  --service-role-arn arn:aws:iam::123456789012:role/opsworks-role \
  --default-instance-profile arn:aws:iam::123456789012:instance-profile/opsworks-ec2-role

---

AWS AppConfig

Q261: How do you create AppConfig application?

Answer:

# Create application
aws appconfig create-application \
  --name my-app

# Create environment
aws appconfig create-environment \
  --application-id abc123 \
  --name production

# Create configuration profile
aws appconfig create-configuration-profile \
  --application-id abc123 \
  --name my-config \
  --location-uri s3://my-bucket/config.json \
  --type AWS.AppConfig.FreeFormConfiguration

---

AWS Proton

Q262: How do you create Proton environment?

Answer:

# Create environment
aws proton create-environment \
  --name my-env \
  --template-major-version 1 \
  --proton-service-role-arn arn:aws:iam::123456789012:role/proton-role

---

AWS Amplify

Q263: How do you create Amplify app?

Answer:

# Create app
aws amplify create-app \
  --name my-app \
  --repository https://github.com/user/repo \
  --oauth-token my-oauth-token

---

AWS App Runner

Q264: How do you create App Runner service?

Answer:

# Create service
aws apprunner create-service \
  --service-name my-service \
  --source-configuration '{
    "ImageRepository": {
      "RepositoryUrl": "123456789012.dkr.ecr.us-east-1.amazonaws.com/my-image",
      "ImageIdentifier": "latest",
      "ImageConfiguration": {"Port": "8080"}
    },
    "AutoDeploymentsEnabled": true
  }' \
  --instance-configuration '{
    "Cpu": "1024", "Memory": "2048"
  }'

---

AWS Batch

Q265: How do you create Batch compute environment?

Answer:

# Create compute environment
aws batch create-compute-environment \
  --compute-environment-name my-env \
  --type MANAGED \
  --compute-resources '{
    "type": "FARGATE",
    "maxvCpus": 64,
    "subnets": ["subnet-12345"],
    "securityGroupIds": ["sg-12345"]
  }' \
  --service-role-arn arn:aws:iam::123456789012:role/batch-role

Q266: How do you create Batch job queue?

Answer:

# Create job queue
aws batch create-job-queue \
  --job-queue-name my-queue \
  --priority 100 \
  --compute-environment-order '[{"computeEnvironment": "my-env","order": 1}]'

---

AWS Lightsail

Q267: How do you create Lightsail instance?

Answer:

# Create instance
aws lightsail create-instances \
  --instance-name my-instance \
  --availability-zone us-east-1a \
  --blueprint-id ubuntu_20_04 \
  --bundle-id medium_2_0

---

AWS Global Accelerator

Q268: How do you create Global Accelerator?

Answer:

# Create accelerator
aws globalaccelerator create-accelerator \
  --name my-accelerator

# Create listener
aws globalaccelerator create-listener \
  --accelerator-arn arn:aws:globalaccelerator::123456789012:accelerator/abc \
  --protocol TCP \
  --port-range '[{"FromPort": 80,"ToPort": 80}]'

# Create endpoint group
aws globalaccelerator create-endpoint-group \
  --listener-arn arn:aws:globalaccelerator::123456789012:listener/xyz \
  --endpoint-group-region us-east-1 \
  --traffic-dial-percentage 100

---

AWS DataSync

Q269: How do you create DataSync task?

Answer:

# Create location (source)
aws datasync create-location-smb \
  --server-hostname my-server.example.com \
  --subdirectory /share \
  --agent-arn arn:aws:datasync:us-east-1:123456789012:agent/agent-id

# Create location (destination)
aws datasync create-location-s3 \
  --s3-bucket-arn arn:aws:s3:::my-bucket \
  --s3-config '{
    "BucketAccessRoleArn": "arn:aws:iam::123456789012:role/datasync-role"
  }'

# Create task
aws datasync create-task \
  --source-location-arn source-arn \
  --destination-location-arn dest-arn

---

AWS Migration Hub

Q270: How do you create Migration Hub application?

Answer:

# Create application
aws migrationhub create-application \
  --name my-application \
  --description "My migration application"

---

AWS Application Discovery Service

Q271: How do you enable Agentless Discovery?

Answer:

# Start agentless discovery connector
aws discovery start-agentless-connection \
  --connector-configuration '{
    "ConnectorName": "my-connector",
    "SubnetId": "subnet-12345",
    "SecurityGroupId": "sg-12345"
  }'

---

AWS Database Migration Service

Q272: How do you create DMS replication instance?

Answer:

# Create replication instance
aws dms create-replication-instance \
  --replication-instance-identifier my-replica \
  --replication-instance-class dms.t3.medium \
  --allocated-storage 50 \
  --vpc-security-group-ids sg-12345 \
  --availability-zone us-east-1a

---

AWS Schema Conversion Tool

Q273: How do you assess schema conversion?

Answer:

# Create assessment (requires SCT tool installation)
# 1. Connect to source database
# 2. Select schema to assess
# 3. Run assessment
# 4. View conversion report

---

AWS Transfer Family

Q274: How do you create SFTP server?

Answer:

# Create server
aws transfer create-server \
  --identity-provider-type SERVICE_MANAGED \
  --protocols SFTP \
  --endpoint-type PUBLIC

# Create user
aws transfer create-user \
  --server-id s-1234567890abcdef0 \
  --user-name myuser \
  --role arn:aws:iam::123456789012:role/transfer-role \
  --home-directory /my-bucket/myuser \
  --ssh-public-key-body "ssh-rsa AAAAB..."

---

AWS Elemental MediaConvert

Q275: How do you create MediaConvert job?

Answer:

# Create job (requires console or API)
aws mediaconvert create-job \
  --role arn:aws:iam::123456789012:role/mediaconvert-role \
  --settings '{
    "OutputGroups": [{
      "Name": "File Group",
      "OutputGroupSettings": {
        "Type": "FILE_GROUP_SETTINGS",
        "FileGroupSettings": {"Destination": "s3://output-bucket/"}
      }
    }],
    "Inputs": [{
      "FileInput": "s3://input-bucket/video.mp4"
    }]
  }'

---

AWS Elemental MediaLive

Q276: How do you create MediaLive channel?

Answer:

# Create channel
aws medialive create-channel \
  --channel-class SINGLE_PIPELINE \
  --input-specification '{
    "Codec": "AVC",
    "Resolution": "HD",
    "MaximumBitrate": "MAX_10_MBPS"
  }' \
  --name my-channel

---

AWS IoT Analytics

Q277: How do you create IoT Analytics dataset?

Answer:

# Create datastore
aws iotanalytics create-datastore \
  --datastore-name my-datastore

# Create dataset
aws iotanalytics create-dataset \
  --dataset-name my-dataset \
  --actions '[{
    "ActionName": "query-action",
    "QueryAction": {"SqlQuery": "SELECT * FROM my_datastore"}
  }]'

---

AWS IoT Events

Q278: How do you create IoT Events detector?

Answer:

# Create input
aws iotevents create-input \
  --input-name my-input \
  --input-definition '{
    "attributes": [{"jsonPath": "temperature"}]
  }'

# Create detector model
aws iotevents create-detector-model \
  --detector-model-name my-detector \
  --detector-model-definition '{
    "states": [{
      "stateName": "Normal",
      "onInput": {"events": []}
    }]
  }'

---

AWS IoT SiteWise

Q279: How do you create IoT SiteWise asset?

Answer:

# Create asset model
aws iotsitewise create-asset-model \
  --asset-model-name my-model \
  --asset-model-properties '[{
    "name": "Temperature",
    "dataType": DOUBLE,
    "unit": "celsius"
  }]'

# Create asset
aws iotsitewise create-asset \
  --asset-model-id model-id \
  --asset-name my-asset

---

AWS RoboMaker

Q280: How do you create RoboMaker simulation?

Answer:

# Create simulation application
aws robomaker create-simulation-application \
  --name my-simulation \
  --sources '[{"s3Bucket":"my-bucket","s3Key":"simulation.tar.gz"}]' \
  --robot-software-suite '{
    "name": "ROS",
    "version": "Kinetic"
  }'

---

AWS Ground Station

Q281: How do you configure Ground Station?

Answer:

# Create config
aws groundstation create-config \
  --config-type dataflow-endpoint \
  --name my-config \
  --dataflowEndpointConfig '{
    "dataflowEndpoint": {"name": "my-endpoint"},
    "dataflowEndpointRegion": "us-east-1"
  }'

---

AWS Outposts

Q282: How do you order Outposts?

Answer:

# Create outpost (requires Outposts console)
# 1. Go to AWS Outposts console
# 2. Create Outpost
# 3. Choose instance type
# 4. Choose location
# 5. Place order

---

AWS Local Zones

Q283: How do you use Local Zones?

Answer:

# Enable Local Zone
aws ec2 modify-subnet-attribute \
  --subnet-id subnet-12345 \
  --map-public-ip-on-launch

# Create instance in Local Zone
aws ec2 run-instances \
  --image-id ami-12345 \
  --instance-type t3.medium \
  --subnet-id subnet-in-local-zone

---

AWS Wavelength

Q284: How do you deploy to Wavelength Zone?

Answer:

# Create subnet in Wavelength Zone
aws ec2 create-subnet \
  --vpc-id vpc-123 \
  --cidr-block 10.0.1.0/24 \
  --availability-zone us-east-1-wl1-bos-wl-1

# Deploy to Wavelength Zone
aws ec2 run-instances \
  --image-id ami-12345 \
  --instance-type t3.medium \
  --subnet-id subnet-in-wavelength-zone

---

AWS Application Composer

Q285: How do you use Application Composer?

Answer:

# Use Application Composer (console-based)
# 1. Go to AWS Application Composer console
# 2. Create new application
# 3. Drag and drop components
# 4. Configure connections
# 5. Generate SAM or CDK template

---

AWS Clean Rooms

Q286: How do you create Clean Rooms collaboration?

Answer:

# Create clean room
aws cleanrooms create-collaboration \
  --name my-collaboration \
  --member-capabilities '{
    "canQuery": true,
    "canReceiveResults": true
  }'

---

AWS HealthOmics

Q287: How do you use HealthOmics?

Answer:

# Create reference store
aws omics create-reference-store \
  --name my-reference-store

# Create variant store
aws omics create-variant-store \
  --name my-variant-store

---

AWS Supply Chain

Q288: How do you set up AWS Supply Chain?

Answer:

# Set up AWS Supply Chain (requires console)
# 1. Go to AWS Supply Chain console
# 2. Create supply chain instance
# 3. Connect data sources
# 4. Configure users and permissions

---

AWS SimSpace Weaver

Q289: How do you create SimSpace Weaver app?

Answer:

# Create simulation app
aws simspaceweaver create-simulation \
  --name my-simulation \
  --role-arn arn:aws:iam::123456789012:role/simulation-role

---

AWS IoT Express

Q290: How do you use IoT Express?

Answer:

# Create wireless device
aws iotwireless create-wireless-device \
  --type LoRaWAN \
  --lorawan-device '{
    "DevEui": "0011223344556677",
    "ProfileId": "profile-id"
  }'

---

AWS Private 5G

Q291: How do you create Private 5G network?

Answer:

# Create network
aws private5g create-network \
  --network-name my-network \
  --type FULL

---

AWS End-of-Support Migration Program

Q292: How do you migrate from Windows Server 2008?

Answer:

# Start migration assessment
aws application-discoverer start-assessment \
  --assessment-name my-assessment

---

AWS Elasticache Serverless

Q293: How do you create ElastiCache Serverless?

Answer:

# Create serverless cache
aws elasticache create-serverless-cache \
  --serverless-cache-name my-cache \
  --engine redis

---

AWS OpenSearch Serverless

Q294: How do you create OpenSearch Serverless collection?

Answer:

# Create collection
aws opensearchserverless create-collection \
  --name my-collection \
  --type SEARCH

---

AWS Redshift Serverless

Q295: How do you create Redshift Serverless namespace?

Answer:

# Create namespace
aws redshift create-namespace \
  --namespace-name my-namespace \
  --admin-user-name admin \
  --admin-user-password mypassword123

---

Additional Interview Questions 296-400

Q296: How do you secure EC2 instances?

• Use Security Groups
• Enable VPC
• Use IAM roles
• Enable CloudWatch monitoring
• Regular patching

Q297: What is the difference between EBS and Instance Store?

• EBS: persistent, network-attached
• Instance Store: local, temporary

Q298: How do you backup RDS?

• Automated backups
• Manual snapshots
• Cross-region replication

Q299: What is S3 lifecycle policy?

• Automates object transitions
• Move to IA, Glacier
• Expiration rules

Q300: How do you secure S3 bucket?

• Block public access
• Enable encryption
• Use bucket policies
• Enable versioning
• Enable MFA Delete

---

Questions 301-400 continue with more advanced topics and hands-on scenarios…