Back to all articles
Interview prep posts 8 min read

50 AWS Interview Questions for Freshers (With Answers)

Stop memorizing Wikipedia definitions. Prepare exactly what recruiters and technical leads ask freshers in modern AWS cloud interviews.

CS
Cloudshalla Interviews
Published 2026-03-15

Acing the Fresher AWS Technical Interview

50 AWS Interview Questions for Freshers

Recruiters do not expect freshers to know how to architect multi-region, active-active failover systems. What they *do* expect is a rock-solid, concrete understanding of the fundamentals, networking, and security.

Core Compute (EC2) Questions

1. Can you explain the difference between an On-Demand, Spot, and Reserved EC2 instance?

Answer: On-Demand is pay-by-the-second with no commitment, used for unpredictable workloads. Spot instances use spare AWS capacity at up to 90% discount, but AWS can terminate them with a 2-minute warning (good for batch processing). Reserved Instances require a 1-3 year contract in exchange for up to 72% discount, perfect for steady-state databases or primary app servers.

2. How would you connect securely to a private Linux EC2 instance from your laptop?

Answer: I would not open Port 22 to the internet (0.0.0.0/0). Instead, I would use AWS Systems Manager Session Manager (SSM) which allows secure shell access via the browser without requiring inbound ports, or use an EC2 Instance Connect Endpoint via a Bastion Host.

Storage (S3 & EBS) Questions

3. When would you use EBS instead of S3?

Answer: EBS (Elastic Block Store) is block storage attached directly to a single EC2 instance, running an OS or database. It is fast and local. S3 (Simple Storage Service) is object storage over the internet (HTTP via high-level API). I would use EBS for my C: drive or database files, and S3 for storing user-uploaded images or backups.

4. What happens if you accidentally delete a critical file in an S3 bucket? How do you prevent this?

Answer: To prevent accidental deletion, I would enable S3 Versioning alongside MFA Delete. If versioning is enabled and a file is deleted, AWS simply places a "delete marker" on top of it, but the old version is fully retrievable.

Networking (VPC) Fundamentals

5. What is the fundamental difference between a Public and Private Subnet?

Answer: A public subnet has a route table entry pointing to an Internet Gateway (IGW), allowing direct internet access. A private subnet does not have a route to an IGW; it can only access the internet outwards via a NAT Gateway that sits in the public subnet.

6. Security Groups vs NACLs—how do they differ?

Answer: Security Groups operate at the Instance level, act as a virtual firewall, and are stateful (if traffic is allowed in, return traffic is automatically allowed out). NACLs (Network Access Control Lists) operate at the Subnet level, are stateless (inbound and outbound rules must be explicitly defined), and support explicit DENY rules.


(Looking for more? Dive into our interactive portal to practice all 50+ scenario-driven questions inside modern cloud environments.)

Ready to start your journey?

Stop reading and start building. Access scenario-based labs, practice exams, and interview roadmaps today.

Start Practicing Free