AWS Interview Questions 2026: EC2, S3, IAM, VPC and Architecture

⏱️3 min read · 632 words

AWS interview questions test your understanding of cloud architecture, core services, security, and cost optimization. This guide covers the most commonly asked AWS questions for solutions architect, DevOps engineer, and cloud developer roles in 2026.

Core AWS Concepts

1. What is the difference between Availability Zones and Regions?

Region: Physical geographic location (e.g., us-east-1 in Virginia). Each region contains 2-6+ Availability Zones.

Availability Zone (AZ): One or more data centers in a region, isolated from failures. Connected by high-speed private fiber.

Best practice: Deploy across multiple AZs for high availability. Deploy across multiple regions for disaster recovery.

2. Explain the different EC2 pricing models

On-Demand: Pay by the second/hour, no commitment. Best for unpredictable workloads.
Reserved Instances: 1-3 year commitment, 40-75% discount. Best for steady-state production.
Spot Instances: Up to 90% discount, can be interrupted with 2-min warning. Best for batch jobs, testing.
Savings Plans: Flexible commitment to $/hour spend, applies to EC2, Lambda, Fargate.

3. What is the difference between S3 and EBS?

Feature	S3	EBS
Type	Object storage	Block storage
Access	HTTP API (globally accessible)	Attached to one EC2 instance
Scalability	Unlimited	Max 64TB per volume
Use case	Files, media, backups, static site	OS disk, database storage
Cost	$0.023/GB (standard)	$0.10/GB (gp3)

4. Explain IAM roles vs users vs groups

IAM Users: long-term credentials (access key + secret)
  - Human users accessing console
  - Service accounts (avoid - use roles instead)

IAM Roles: temporary credentials, assumed by services
  - EC2 role: allows EC2 to access S3 without hardcoded keys
  - Lambda role: allows Lambda to write to DynamoDB
  - Cross-account role: allows role assumption from another account
  - BEST PRACTICE: use roles for everything, avoid long-term keys

IAM Groups: collection of users with shared policies
  - Developers group: read/write to dev resources
  - Admins group: full access

IAM Policies: JSON documents defining permissions
  {
    "Effect": "Allow",
    "Action": ["s3:GetObject", "s3:PutObject"],
    "Resource": "arn:aws:s3:::mybucket/*"
  }

5. What is VPC and what does it contain?

VPC (Virtual Private Cloud) = your isolated network in AWS

Components:
  Subnets — segments of IP range
    Public subnet: routes to Internet Gateway (internet accessible)
    Private subnet: no direct internet access

  Internet Gateway — connects VPC to internet
  NAT Gateway — allows private subnets to access internet (outbound only)
  Route Tables — control traffic routing
  Security Groups — stateful firewall at instance level
  NACLs — stateless firewall at subnet level

Typical architecture:
  VPC: 10.0.0.0/16
    Public Subnet AZ-a: 10.0.1.0/24 → Internet Gateway
    Public Subnet AZ-b: 10.0.2.0/24 → Internet Gateway
    Private Subnet AZ-a: 10.0.10.0/24 → NAT Gateway
    Private Subnet AZ-b: 10.0.20.0/24 → NAT Gateway

6. Explain auto scaling and when to use it

# Auto Scaling Group configuration
AutoScalingGroup:
  MinSize: 2          # minimum instances (for HA)
  DesiredCapacity: 3  # normal operation
  MaxSize: 20         # maximum for peak load

# Scaling policies:
# 1. Target tracking (simplest):
#    Keep CPU at 70% → auto-scale
# 2. Step scaling: CPU 70-80% → add 1, 80-90% → add 2
# 3. Scheduled: add instances before known peak (8am weekdays)
# 4. Predictive scaling: ML-based, adds before load hits

# Use with: Application Load Balancer for traffic distribution
# Health checks: ALB health check → replace unhealthy instances

7. What are Lambda use cases and limitations?

Use Lambda when:

Event-driven (S3 upload, API Gateway, SQS, DynamoDB streams)
Infrequent, short-duration workloads
Unpredictable traffic (scales to 0 when idle)

Lambda limitations:

Max execution time: 15 minutes
Memory: 128MB-10GB
Cold starts: 100ms-2s (mitigated with SnapStart for Java)
Stateless: no persistent storage (use S3/DynamoDB)
Concurrent executions: 1,000 default (can request increase)

8. RDS vs DynamoDB — which to use?

Criteria	RDS (PostgreSQL/MySQL)	DynamoDB
Data model	Relational tables	Key-value/document
Scaling	Vertical + read replicas	Unlimited horizontal
Latency	ms range	Single-digit ms
Complex queries	SQL JOIN, aggregations	Limited (GSI for alt access)
Choose when	Complex relationships, ACID needed	Simple patterns, massive scale, serverless

AWS interview success: understand the Well-Architected Framework (reliability, security, performance, cost, operational excellence), know core service trade-offs (EC2 vs Lambda, S3 vs EBS, RDS vs DynamoDB), and demonstrate real production experience. The AWS Solutions Architect Associate certification validates this knowledge — highly recommended before interviewing for cloud roles.