Excellent Devops and Cloud Engineer Interview questions for ~2 Year Experience including feedback

00:00

[Music]

00:03

so hi Harish um welcome to this

00:05

interview we will um record this and

00:07

publish on social media okay sir good

00:10

morning sir good morning so uh Harish

00:13

you have around two and a half years of

00:15

experience in it

00:17

space can you brief about yourself um

00:21

what sort of experience you have and

00:23

then we can start discussion from there

00:25

yeah sure sir thank you for giving me

00:26

this opportunity to introduce myself I'm

00:28

Harish I'm from Hyderabad I completed my

00:30

graduation in 2021 in from LLY

00:32

professional University since then I

00:34

have been working in cap jimy as a deop

00:36

engineer I started my journey as AWS

00:38

deop training and then Junior devops

00:40

engineer so I'm currently working in a

00:42

project which is a network communication

00:44

project it is a US based project and it

00:46

is micros service project and in the

00:48

project what we do is we will manage the

00:50

network elements such as there will be W

00:53

and devices so we will make sure that we

00:55

will there a UI GUI for that and it is

00:58

useful for the network ad administrators

01:00

to manage the customer services like who

01:03

has the which connection and it is a

01:04

micros service based project and we

01:06

store all the data in GitHub and we use

01:09

G as our version control system and I

01:11

have expertise in various a services

01:13

like IM ec2 VPC um and um S3 all those

01:18

things and um I have experience in um

01:23

writing Docker files and Jen is pipeline

01:25

files which are used to building and

01:27

building doer image and pipeline okay

01:30

and I have I have experience in Asel

01:32

also yeah that's it sir so this role is

01:35

that of AWS technical consultant with

01:38

infosis uh just let me give you a brief

01:42

about this role in this role you will be

01:45

expected to work with multiple customers

01:47

and solve their problems understand

01:50

their situation find out certain gaps in

01:52

their systems and then based on maybe

01:55

automation or your Consulting skills you

01:58

will be implementing those Sol Solutions

02:00

as well have you done that that sort of

02:02

work in your current job uh no sir

02:05

actually we had meetings with the

02:06

clients but uh I never this directly

02:10

actually we our pipeline team will have

02:12

every week call I mean internal call

02:14

will be there every day but um we have

02:16

pipeline call every Tuesday so we had

02:18

meeting with the clients but not

02:20

Consultants like this so um is it more

02:23

of a product that one product that you

02:26

are working on uh specifically yes sir

02:29

it's a

02:30

actually the company has the oalt and

02:33

devices I mean it is an US based company

02:36

HSV so and you have like only experience

02:38

with one customer do you understand that

02:40

different customers will have different

02:42

uh requirements different yeah

02:45

they different yes yeah you you go ahead

02:49

yeah I know different customers have

02:50

different requirement but from the

02:52

beginning I've been the one only

02:54

actually once I joined I got the

02:56

training for this project only and I'm

02:58

in continuing in the same project this

03:00

project is going to end in the next

03:02

march but um yeah after that maybe I can

03:05

get new project if I stay here okay

03:07

let's let's discuss about your AWS

03:09

skills then uh because the role is uh

03:11

mainly focusing on AWS Consulting uh

03:14

role so yeah um what sort of how do you

03:18

manage your different um AWS

03:21

environments how do you manage your Dev

03:23

staging QA Brad environments in your

03:26

company so we have U we follow good

03:29

branches in git so they will have

03:31

different branches like de branch and

03:34

mly one master branch is there so and

03:36

then we have different feature branches

03:38

and developers work on the different

03:39

features and and the mind mind code will

03:42

go to the production

03:44

server sorry sir yeah mine will go to

03:47

the production server and we have

03:49

different pipelines for the each branch

03:50

we use multi branching strategy multi

03:52

branching pipeline strategy so whenever

03:55

developer commits a code it will go to

03:57

the complete life cycle and um we use um

04:01

AWS to create the instances for the

04:03

developers whenever they want to test

04:05

their code locally we use the AWS and

04:08

we'll be giving the IM permissions which

04:10

are required for them and we also write

04:12

terraform files to uh give them the I

04:15

mean um E2 instances like that we manage

04:19

a like this but then is it how do you

04:22

deploy this how pipelines are connected

04:25

to AWS accounts uh from the Jenkin

04:27

itself sir once we got the country

04:29

integration process we will deploy the

04:31

code into the continuous delivery I mean

04:34

right now we are using doer Hub I mean

04:36

um complete overview of your pipeline I

04:39

I understood there are future branches

04:41

then you deploy from main branch in

04:43

production but how do you deploy from

04:45

future branch and do you deploy to

04:47

production from future Branch how how

04:49

does that branch and AWS environment

04:53

relationship happening so okay sir I

04:55

will tell the complete life cycle of our

04:57

pipeline so whenever developer a code uh

05:01

we'll be having web web web web hook

05:03

triggers so it trigger the jenin

05:06

pipeline once it trigger Jen pipeline

05:08

will start the pipeline so there will be

05:11

different stages like um first it will

05:13

be get checkout anyway it will be pass

05:14

because it is directly connected to the

05:16

G and then we have build stages it will

05:19

done through it actually Java based

05:20

project it will be done through the m

05:22

and then we have unit testing and then

05:24

we have code scanning through sonar and

05:27

then we will be building the docker

05:28

images with the doer and then we will be

05:31

push that image to the any private

05:33

registry previously we were using

05:34

dockerhub now we are pushing to the ECR

05:37

recently we migrated to ECR and then we

05:39

will deploy that to eks eks Cluster

05:43

that's how we um connected from Jun

05:45

pipeline to I mean AWS till uploading

05:49

the image to the docker Hub it is

05:51

continuous integration after then we

05:53

will be using contest deployment which

05:55

in the E right but you still didn't tell

05:57

me how do you differentiate between your

05:59

Dev q and fraud account how will your

06:02

pipeline know that I have to deploy from

06:05

a future branch and I have to deploy to

06:08

some devb account so actually there will

06:11

be different different pipelines right

06:12

whenever if you um um

06:15

generally feature Branch will only I

06:17

mean um Master Branch will have separate

06:20

pipeline every time and feature Branch

06:22

will have have separate pipeline

06:24

whenever U if you want to go for the

06:27

release then we will merch the feature

06:29

to the m Branch then it will go for the

06:31

production likewise okay so these are

06:33

different pipelines yes or is it same

06:37

pipeline but some sort of branching

06:39

awareness no sir completely different

06:41

repositor will be there um I mean um we

06:45

use Branch strategy right there will be

06:47

it will show branch and um our

06:49

repository name and there will be um in

06:52

one stage it will um in in the branches

06:54

it is showing feature branches mind

06:56

branch and any sub branches so it will

07:00

there okay all right and how do you

07:02

manage different AWS accounts do you

07:05

have your Dev cluster in and production

07:08

cluster in same AWS account uh I don't

07:10

have much experience with the production

07:12

account but right now we have the same

07:14

same one only sir so you are mainly as a

07:16

as a devops engineer for lower accounts

07:19

is it you don't deploy to production no

07:21

sir we rarely deploy to the production

07:23

we mainly focus on the dev environment

07:26

are you aware who does that and how that

07:28

process works

07:29

uh slightly aware sir actually our

07:31

senior Dev engineer will do that and we

07:34

we'll take care of the development

07:35

environments but do you never interact

07:38

with them or they don't tell you what

07:40

what's how do they merge and how do they

07:42

deploy uh I know the process like how

07:45

they create the Clusters and how do they

07:48

um deploy the into production servers we

07:51

use actually the fargate um we don't use

07:54

we use farget for the our containers I

07:56

mean which is serverless so with far

07:58

farget they will deploy the code I mean

08:00

they create Eng controllers there and

08:03

with Eng controller they have they will

08:05

deploy the code to the you use ECS

08:07

farget or you use eks uh eks only sir we

08:11

we are not using ECS why farget uh yeah

08:14

farget is a serverless thing and we

08:16

don't need to manage the containers

08:18

actually if you manage the containers

08:19

there will be we need to monitor

08:21

everything I mean to say if you use the

08:24

E2 instance instead of forgate we have

08:26

to scale up and scale down but if you

08:28

use the forgate we no need to take care

08:30

of that ec2 will sorry a will take care

08:33

of them scaling up and down based on the

08:35

traffic so you define certain policies

08:37

and based on that it yes sir yes now

08:40

tell me if one of our customers says

08:42

that my um fargate ECS eks cost is going

08:47

up dramatically what steps would you

08:49

take to control their

08:51

cost I'm not sure about it right no

08:54

awareness on cost optimization yeah cost

08:57

optimization we can do with the a Lambda

09:00

functions so we can write a Lambda

09:02

function based on we can integrate with

09:05

a Lambda with the cloud watch so we we

09:07

have to give some necessary AWS roles

09:09

there so based upon that AWS cloudwatch

09:12

always monitor so according to the

09:14

metrics and can everything that is in

09:16

eks uh your farget can that be converted

09:20

to AWS Lambda yeah maybe so I'm not sure

09:24

no worries just study about this aspect

09:27

because with the recession and all that

09:30

lot of customers will be looking for

09:31

cost optimization so need some

09:34

Consulting there what what strategies

09:36

are possible in the cost optimization

09:38

area yeah sure sir okay now uh tell me a

09:42

little bit about uh these public and

09:45

private subnets are you aware what they

09:47

are yeah yes sir actually um there will

09:50

be public and private subnet we will be

09:53

uh first of all there will be one V VPC

09:55

is there VPC is one of the service by

09:57

the AWS in the VPC what we do is we will

10:00

create private Network inside the public

10:03

Cloud so likewise if you want to deploy

10:06

any other applications or um our own

10:08

application we will first create VPC in

10:11

that VPC we will have Public Sub private

10:13

subet and mostly we will deploy our

10:15

application inside the private sub

10:17

because if you create if you create any

10:19

instance in the private subet it won't

10:21

get the public IP directly so there

10:23

won't be um the connection to the public

10:25

world to them our instance that's why we

10:27

use public and private IP sorry public

10:29

and private subnets and in private the

10:33

instan which are in the private subnet

10:34

don't have IP address if we want to

10:36

connect to the public private instances

10:38

we can use the Bastion host which is in

10:39

the public IP or else um um that two

10:43

that is very secure private IP we can do

10:45

the knackles at the end at the subnet

10:47

level it it will increase the security

10:50

level of to our instances and there will

10:52

be a n Gateway N Gateway used to traffic

10:55

Route the traffic

10:57

from I mean private trans to the outer

11:00

internet I mean it just it do the

11:02

network translation but how will the

11:04

users will hit my website if if

11:06

everything is private then how will they

11:09

get access to the instance yes sir there

11:11

will be n Gateway the N Gateway will

11:13

have the static IP and static users can

11:17

hit only static IP they they won't be

11:19

exposed with the IP of our private

11:22

instances and we will also configure the

11:24

load balanc in the public subnet we

11:26

don't configure load balance in the

11:28

private subnet and we will configure

11:30

Autos scaling group in the private

11:31

subnet with the Autos scaling group in

11:34

may come up I mean inst may vary

11:36

according to the traffic and load load

11:38

balancer will rout the traffic and if

11:40

you want to go to that instance we can

11:42

go to the elastic IP of the N Gateway so

11:46

it can um it is it is fixed IP it yeah

11:49

it is very secure compared to um

11:51

deploying instance in the from basan

11:53

host are there other options to connect

11:55

to private subnet instances um I think

11:58

that is is the only way we can connect

12:00

if if are if they are in the same VPC we

12:03

can connect create but I best in host is

12:06

like it's costly for me I need to have

12:08

another instance running all the time

12:10

just to connect to my instances I don't

12:12

want to pay for that machine okay then

12:15

no IDE no worries just understand these

12:19

there are additional options available

12:21

so you can can study about them yeah uh

12:24

you mentioned about autoscaling uh

12:26

situation U the machines get created

12:29

automatically destroyed automatically so

12:32

if my current situation is I have two E2

12:34

instances there is an autoscaling event

12:37

because of high traffic maybe you

12:39

configured your policies correct

12:40

everything fine it created 10 instances

12:44

then it uh something happened in your

12:47

environment some eight machines got

12:49

crashed or some error was there and then

12:52

you back to two machines how would you

12:54

investigate those eight machines what

12:56

happened because they are not available

12:57

anymore but even though they are not

12:59

available there will be Cloud watch

13:02

watches all the locks so we can go to

13:04

Cloud watches we can check what happened

13:05

to that instances generally if you

13:08

configure Autos scaling group it can

13:10

based on the topic it will definitely um

13:12

make instances scale automatically but

13:15

if if in such cases we can go to Cloud

13:18

watch and we can check what happened to

13:19

that instances based on that we can

13:21

debug and we we have we can do like um

13:24

we should not make it next time happen

13:26

so what what steps you would take to

13:28

make sure that the logs are available to

13:30

you I have my Docker application running

13:34

how do I get those logs or my my web

13:36

application is running on say Tom Cat

13:38

whatever situation how do I get my app

13:41

logs available whenever we are creating

13:44

instance they there we will get option

13:46

of enable Cloud log cloud cloud watch

13:49

lcks so we have to enable that otherwise

13:51

we we won't get logs so if you enable in

13:54

AWS cloudwatch logs how will that

13:57

cloudwatch log will know that I have a

14:00

Docker file I have an application

14:02

running on this this port and my logs

14:05

are going to my folder logs are going to

14:07

folder called

14:08

SLV SL Harish how would that cloudwatch

14:12

know that I have to pick up logs from

14:15

here every application is different

14:17

right yes yes sir logs are different

14:19

yeah how would you get those logs yeah

14:22

need to look into it so I have you

14:24

created AWS Lambda serverless uh yes sir

14:28

I created Lambda Services can you give

14:30

like when you needed the serverless

14:33

function and what steps you took uh

14:35

serverless generally there are two two

14:36

types of Computer Services server server

14:38

Computer Service and serverless and

14:40

server is um E2 and serverless is we

14:42

have um Lambda and forget so coming to

14:45

Lambda we can use it for the functions

14:47

which don't require any server I mean we

14:49

have if you want to perform any task

14:51

after that we want that instance to be

14:53

automatically down and go shut down at

14:56

that time we can do surl functions like

14:58

a Lambda we can do a Lambda for the cost

15:01

optimation thing or we can do any number

15:03

of things with the Lambda like if you

15:05

want to um do mainly we can use it for

15:08

the cost optimization for cost

15:11

optimation we can say like if there are

15:12

any unused EBS snapshot we can write a

15:16

simple function for that um a Lambda

15:18

function it will check for the all the

15:20

instances it will check for all the

15:21

volumes and it will check for the

15:22

snapshot and we can write the conditions

15:25

there if condition like if the snapshot

15:27

is not connected with the volume we can

15:29

delete it otherwise we can check like if

15:31

Snapchat is connect with the volume but

15:33

volume is not connected with the

15:34

instance then you can delete it likewise

15:36

we can make sure everything is deleted

15:38

this is one type of cost optimation and

15:39

we can even write Lambda function for

15:42

the S3 also if S3 none of the object is

15:45

dried from last um certain days we can

15:47

delete the S3 buckets so like like this

15:50

we caned this setup uh I I seen the

15:53

setup in my organization but I never

15:55

implemented any function you have

15:57

implemented yourself no sir no what sort

16:00

of language are possible what sort of

16:02

platform you would choose if you have to

16:04

write some function python but at least

16:06

I would suggest you should write at

16:08

least one Lambda function with your

16:09

hands it could be any use case that that

16:12

you have you can the use case you

16:15

explained is fine but at least build it

16:17

yourself yeah sure sir I will I will

16:19

definitely try uh can you tell me what

16:21

is what is high availability and how to

16:24

achieve that in AWS High a high

16:27

availability means we have to make sure

16:29

our application is available all the

16:30

time so to make sure uh we have the high

16:33

availability we will use the um option

16:36

of multiple region and multiple

16:38

availabilities there is regions in AWS

16:41

like AWS has their servers throughout

16:44

the world and for every region there

16:46

will be available certain multiple

16:48

availability Jones so if you want to

16:50

deploy our application we can make sure

16:52

that we will be deing in multiple

16:53

available even though when one of the

16:56

available goes down we can make sure our

16:59

our application is up and running from

17:01

the other availability Z likewise we can

17:03

make sure with the we can make sure the

17:05

high availability of to our application

17:07

okay can you explain me at least five

17:11

security best practices that you have

17:13

implemented in your current project yeah

17:17

sure sir for security um security to the

17:20

instance first we need to configure

17:22

security groups so security groups are

17:25

the one which control the incoming

17:26

traffic and outgoing traffic mostly we

17:28

will control the inbound traffic only we

17:30

will give the only required traffic

17:32

likewise if you want only 80 port number

17:35

18 we will just give yeah we will just

17:37

allow port number 80 and anyway we will

17:40

allow the SS connection so like this is

17:42

one type of security measures and one

17:44

more security we can do it at the subnet

17:47

level which is n network access control

17:49

list we can um um we can create the

17:51

certain rules like what are the IPS

17:53

which can come into or with the ma we

17:56

can also deny the deny rules will be

17:57

also available we can also deny what

17:59

should not be come to our instances even

18:02

though um if something is allowed in the

18:04

security level and if you blocked the

18:06

NSA level it will blocked at the NSA

18:08

level only so it will be like our any

18:11

extra layer to our instances and one

18:13

more thing is giving proper IM am

18:15

permissions so if you if you don't have

18:17

any proper IM am Services any other any

18:20

users can have the access to all the

18:21

services so we should not we should not

18:24

want that so we will give proper uh SEC

18:27

sorry we will give only proper some

18:29

permissions and we will give them proper

18:32

policies there will be if if you take

18:34

the S3 bucket we will be giving the

18:36

policy documents I mean bucket policies

18:38

like who can access the bucket even

18:40

though they have the access to the S3

18:42

but we can make sure like our bucket

18:44

won't be um deleted like we can create

18:48

the policies for particular bucket so

18:50

likewise we can make sure our security

18:52

in the AWS okay all right uh that's

18:55

about um the the security thing any any

18:59

other security product that you have

19:00

used V or no sir and one more thing if

19:04

if you want security for the users we

19:06

can use multiactor authentication that

19:08

is one type of security I forgot to tell

19:10

so even though our password username

19:12

password got compromised and we don't

19:14

let anyone to access our account because

19:16

we can we are enabling the multiactor

19:17

authentication with that they should

19:20

have the device so that otherwise they

19:22

can't log in any security product you

19:24

have implemented in the pipeline uh no

19:27

sir uh have you used sonar cube in the

19:30

pipeline yes sir yes sir yeah we use

19:32

sonar cube in the pipeline it is used to

19:34

um check the code quality and it it will

19:37

be checking the code quality and um it

19:40

will check for the any code bux there

19:42

and it is check for the code

19:43

vulnerabilities so this is one way to

19:45

check check the code can you give me

19:47

like two three examples what sort of

19:49

information you get from sonar analysis

19:51

yeah there are any duplication lines it

19:54

will tell we will we will be getting

19:56

like what are the problem with that

19:57

lines and if you have any bugs I mean

20:00

there will be option of quod Ms and all

20:02

those things we can check the um sonar

20:04

Cube analysis and then based on that we

20:07

will notify the developer if there is a

20:09

failure in any pipeline first we will

20:10

try to debug it and if it is any

20:12

intermed issue we will just reun the

20:14

build if it is um related to the code

20:17

according to the sonar C we will mention

20:19

to the developer he will take care of

20:21

that okay now in in one of the scenario

20:23

the customer comes back to you and says

20:26

the application is not performing well

20:28

in the production environment maybe it's

20:31

your database is not responding properly

20:33

what what options we have in terms of

20:35

scaling databases in AWS uh first

20:39

database we have RDS service so we can

20:42

use RDS service with the RDS service

20:44

inside that we can do uh we can use

20:46

MySQL um and mango s for example you

20:50

created an RDS cluster with say T3

20:53

medium instance your customers are

20:55

complaining now what options what things

20:57

you have

20:59

sorry sir no idea about okay so here is

21:01

the I I got some idea about your profile

21:05

and the feedback that I want to give you

21:07

is you have very high level

21:09

understanding of things you have only

21:11

understanding of the things that you

21:12

have worked on if it is fargate or some

21:15

pipeline you know about it but if we go

21:18

anything outside anything that you have

21:20

not worked um that's where you are

21:22

struggling yes so if it is you haven't

21:25

worked in production environment you

21:27

don't know about that you haven't

21:28

touched base with your seniors in the

21:30

same company you haven't understood the

21:32

complete process being in the same

21:34

organization for like more than two

21:36

years you should probably have a good

21:38

understanding of that if you have to

21:40

work on cost optimization or any other

21:43

security aspects in terms of Dev SEC Ops

21:46

you don't understand similarly with

21:48

autoscaling uh of databases or you you

21:52

are not aware of anything that you

21:54

haven't worked on are you certified on

21:56

any of the AWS

21:58

exams no sir any any terraform or

22:01

kubernetes certification h no sir so

22:04

explore that opportunity also because

22:06

that uh shows you multiple scenarios and

22:10

then tells you how you would solve that

22:12

in in real world so certifications are

22:15

are a good way uh don't use any dumps

22:18

don't use any shortcuts study about it

22:20

they are especially AWS certification

22:22

very well planned so uh so that's my

22:24

honest uh suggestion you need to go

22:27

beyond your role you need to go beyond

22:30

uh you know look for other options

22:31

especially when you are applying for

22:32

companies like infosis uh service

22:35

companies and the these are your target

22:37

even in future maybe you apply for banks

22:39

or somewhere you need to uh show your

22:43

skills as a consultant you need to

22:46

understand the situation you may not be

22:48

providing solution right away but you

22:49

should have the options in yes sir okay

22:52

this is your problem we have three

22:53

different problem solution for you uh I

22:56

will try all these things I I'll do POC

22:58

I'll do something and I'll I'll you know

23:00

make sure that the best solution gets

23:02

implemented in your case you are not

23:04

aware of those options at all just being

23:06

aware of options as a consultant is the

23:09

primary skill okay right so I'm sure you

23:13

will do well for this interview just go

23:15

for uh go for it uh in the current state

23:18

don't be like hesitant based on this

23:20

interview um look at these options like

23:23

how you uh you know improve your

23:25

Consulting skills how you can uh suggest

23:28

different options in the interview um

23:31

give give some sort of options to the

23:34

employer if you have to do some scaling

23:36

talk about say horizontal scaling

23:38

vertical scaling ask them questions okay

23:41

can I bring a downtime to the

23:43

application because if you can bring um

23:45

if you can uh if you have a downtime

23:47

window in case of database scaling you

23:49

can snapshot it and create a bigger

23:52

instance or something um you can go for

23:55

uh you know other scaling options

23:57

available in RDS which will be expensive

24:00

but it will be useful for your short um

24:03

scaling options so look at all aspects

24:07

and try to get certified yeah okay sir

24:09

understood any any questions you have

24:11

that you want to clarify yes sir

24:13

consultant service means basically we

24:15

need to give the suggestions right I

24:17

mean according to your answer I got this

24:19

like we need to we we should be in state

24:22

like we have to answer any situation

24:24

like we have to tackle any situation yes

24:26

we have to we can't say any situation

24:28

just think take your time ask questions

24:31

maybe further questions and then based

24:33

on that try to come up with solution if

24:36

you were a certified person or something

24:38

you would have probably got at least

24:40

some ideas because in the certification

24:41

they will bring such uh scenarios

24:44

scenarios yeah yeah and and try to build

24:46

projects or something outside of your

24:48

organization also don't rely on the

24:50

company to give you all the scenarios

24:52

and everything that that's possible try

24:55

to use certain other um res resources

24:58

also so some sort of complex projects

25:01

maybe cost optimization Dev cops or or

25:04

kubernetes or or anything that that you

25:07

can U do outside company also because

25:10

eventually uh you will be applying for

25:12

jobs in future also so having good

25:15

experience will will be help yeah got it

25:17

sir anything else before we U wrap up

25:20

yeah everything fine sir I prepare my

25:22

best do share us how you go with with

25:25

this current interview and um let's stay

25:27

connected yeah sure sir thank you sir

25:30

thanks bye bye

25:40

sir