engineering · Experienced
Cloud Engineer interview questions on AWS, Azure, GCP, infrastructure-as-code, and cloud architecture concepts.
What are the three main cloud service models? Give an AWS example for each.
Tip: IaaS: raw compute/storage/network (EC2, S3). PaaS: managed runtime/framework (Elastic Beanstalk, RDS). SaaS: complete software (Gmail, Salesforce). Most cloud engineering work is at the IaaS/PaaS boundary.
What is an AWS VPC? What does it provide that a default public setup does not?
Tip: A VPC is a logically isolated virtual network. You define IP ranges, subnets (public vs private), routing tables, and security groups. Private subnets have no direct internet access — databases and app servers should live there.
Explain AWS IAM. What is the difference between a role, a policy, a user, and a group?
Tip: Policy: JSON permission document. User: human identity. Group: collection of users sharing policies. Role: assumable identity (by a service, Lambda, EC2 instance profile) with no long-term credentials. Follow principle of least privilege for all.
What is the difference between AWS S3 and EBS? When would you use each?
Tip: S3: object storage, HTTP accessible, unlimited scale, not mountable. EBS: block storage, mountable as a disk, attached to a single EC2 instance, low-latency reads. Use S3 for static assets/backups, EBS for OS disks and databases.
How does AWS auto-scaling work? What metrics can trigger scale-out?
Tip: Auto Scaling Groups monitor CloudWatch metrics and launch/terminate EC2 instances based on policies. Triggers: CPU utilisation (most common), SQS queue depth, custom metrics. Define min/max/desired capacity. Pair with ALB for traffic distribution.
What is serverless computing? Name two AWS serverless services and a use case each.
Tip: Serverless: no server provisioning, pay per invocation. Lambda: event-driven compute (API Gateway backend, S3 trigger, cron jobs). DynamoDB: serverless NoSQL DB (user sessions, game leaderboards). Cold start latency is the key trade-off.
What is the shared responsibility model in cloud security?
Tip: AWS is responsible for security OF the cloud (physical infrastructure, hypervisor, global network). You are responsible for security IN the cloud (OS patching, IAM config, data encryption, security groups). Misunderstanding this is a top cause of cloud data breaches.
Tell me about a cloud architecture you designed. What were the key design decisions?
Tip: Cover: availability (multi-AZ?), scalability (ASG? Lambda?), cost (reserved vs on-demand?), security (VPC, IAM, encryption). Explain one specific trade-off you made and why.
An EC2 instance is consistently at 95% CPU. What is your immediate and long-term response?
Tip: Immediate: check CloudWatch for context (sustained vs spike), add capacity if needed, check for runaway process. Long-term: analyse the workload, consider right-sizing, horizontal scaling via ASG, or offloading to Lambda/Fargate. Avoid vertical scaling as a permanent fix.
What is a CDN and when should you use one?
Tip: A CDN caches static content at edge locations close to users. Use for: static files (JS, CSS, images), video streaming, global audiences. AWS CloudFront integrates tightly with S3 and ALB. CDNs also absorb DDoS traffic.
How do you approach cloud cost optimisation for a production workload?
Tip: Right-size instances (AWS Compute Optimizer), use Savings Plans/Reserved Instances for steady-state, Spot for fault-tolerant batch. Identify S3 storage class mismatches. Set billing alerts. Cost optimisation is a continuous process, not a one-time audit.
AWS vs Azure vs GCP — what experience do you have, and how do you approach learning a new cloud platform?
Tip: Name specific services in the clouds you have used. For unfamiliar platforms: official docs, hands-on labs (AWS Skill Builder, Qwiklabs), mapping services you already know to their equivalents. Depth in one cloud beats surface-level knowledge of three.
Practice, not just reading
Upload your resume and practice a full Cloud Engineer mock interview with AI-generated questions and rubric-based scoring across 5 dimensions — free to start.