Table of Contents
- Migration Strategies (6 Rs)
- Assessment & Planning
- Migration Approaches by Component
- Modernization Strategies
- Key AWS Services
- Common Interview Questions
- AWS Services One-Liners
1. Migration Strategies (6 Rs)
Rehost (Lift & Shift)
- What: Move applications as-is to AWS
- When: Quick migration, minimal changes
- Tools: AWS MGN (Application Migration Service), CloudEndure
- Example: Moving on-prem VMs to EC2 instances
Replatform (Lift, Tinker & Shift)
- What: Minor optimizations during migration
- When: Want cloud benefits without code changes
- Tools: AWS Elastic Beanstalk, RDS
- Example: Migrating SQL Server to RDS without app changes
Repurchase (Drop & Shop)
- What: Move to SaaS solution
- When: Legacy license costs high
- Example: Moving from on-prem CRM to Salesforce
Refactor/Re-architect
- What: Redesign application for cloud-native
- When: Need scalability, performance improvements
- Tools: Lambda, ECS/EKS, DynamoDB
- Example: Monolith to microservices
Retire
- What: Decommission unused applications
- When: Application no longer needed
- Benefit: Reduce costs and complexity
Retain
- What: Keep on-premises temporarily
- When: Not ready for migration, compliance issues
- Strategy: Revisit in future migration waves
2. Assessment & Planning
Discovery Phase
Tools:
├── AWS Application Discovery Service
│ └── "Automatically discovers and maps your on-premises servers,
│ applications, and dependencies for migration planning"
│
├── AWS Migration Evaluator (TSO Logic)
│ └── "Provides data-driven business case with projected AWS costs
│ based on actual resource utilization patterns"
│
├── CloudScape
│ └── "Open-source design system for building intuitive,
│ engaging cloud application experiences"
│
└── Third-party: Cloudamize, Turbonomic
└── "Advanced analytics for right-sizing and cost optimization
with AI-driven recommendations"
Key Metrics:
├── CPU/Memory utilization
├── Network dependencies
├── Storage requirements
└── Application portfolio inventory
Migration Planning Framework
- Portfolio Discovery → Identify all applications
- Prioritization → Business value vs. complexity matrix
- Wave Planning → Group applications logically
- Landing Zone Setup → AWS Control Tower, Organizations
- Pilot Migration → Validate approach
- Full Migration → Execute in waves
3. Migration Approaches by Component
A. Database Migration
Approach Matrix
| Source | Target | Strategy | Tool | Considerations |
|---|---|---|---|---|
| Oracle | RDS Oracle | Replatform | DMS | License costs |
| Oracle | Aurora PostgreSQL | Refactor | DMS + SCT | Schema conversion needed |
| SQL Server | RDS SQL Server | Replatform | DMS | Edition compatibility |
| SQL Server | Aurora MySQL | Refactor | DMS + SCT | Application changes |
| MongoDB | DocumentDB | Replatform | DMS | API compatibility |
| Cassandra | Keyspaces | Replatform | Custom scripts | Data model review |
Database Migration Service (DMS) Strategy
AWS DMS: "Migrates databases to AWS with minimal downtime, supporting
homogeneous and heterogeneous migrations with continuous
data replication"
Migration Types:
├── Full Load: One-time migration
├── CDC (Change Data Capture): Continuous replication
└── Full Load + CDC: Minimize downtime
Best Practices:
├── Use larger replication instances for initial load
├── Enable Multi-AZ for production
├── Use validation for data integrity
└── Implement table mapping rules
Schema Conversion Tool (SCT)
AWS SCT: "Automatically converts source database schemas and code objects
to target format, identifying incompatibilities and providing
conversion assessment reports"
Features:
- Converts database schemas
- Identifies incompatibilities
- Generates assessment reports
- Converts stored procedures, functions
B. Application Server Migration
Traditional Applications
Approach 1: Rehost
AWS MGN (Application Migration Service): "Automated lift-and-shift solution
that replicates source servers to AWS with minimal downtime and cutover
windows of minutes"
Source: Physical/Virtual Servers
Target: EC2 Instances
Steps:
1. Install replication agent on source
2. Configure replication settings
3. Monitor data sync
4. Launch test instances
5. Cutover to production
Approach 2: Containerization
AWS App2Container: "Analyzes and containerizes Java and .NET applications
running on-premises or EC2, generating container images and ECS/EKS
deployment artifacts"
Source: Traditional apps on VMs
Target: ECS/EKS
Steps:
1. Analyze application (Java/.NET)
2. Generate container image
3. Create deployment artifacts
4. Deploy to ECS/EKS
5. Configure load balancing
Web Applications
| Component | Traditional | Modernized | Migration Path |
|---|---|---|---|
| Web Server | IIS/Apache on EC2 | ALB + ECS/Fargate | Containerize → ECS |
| Static Content | Web server | S3 + CloudFront | Extract → S3 sync |
| Session State | In-memory | ElastiCache/DynamoDB | Refactor session mgmt |
| Load Balancer | Hardware LB | ALB/NLB | Configure ALB |
ALB (Application Load Balancer): "Layer 7 load balancer with advanced
routing, SSL termination, and native integration with ECS, Lambda,
and target groups"
CloudFront: "Global CDN that caches content at edge locations, reducing
latency and origin load with SSL/TLS, custom headers, and Lambda@Edge"
ElastiCache: "Fully managed in-memory caching service supporting Redis
and Memcached for microsecond latency and high throughput"
C. Storage Migration
File Storage
Approach Matrix
On-Premises NAS/SAN → AWS Options:
├── Lift & Shift
│ ├── FSx for Windows File Server (SMB)
│ │ └── "Fully managed Windows native file system with SMB protocol,
│ │ Active Directory integration, and sub-millisecond latency"
│ │
│ ├── FSx for Lustre (HPC workloads)
│ │ └── "High-performance file system for compute-intensive workloads,
│ │ delivering hundreds of GB/s throughput and millions of IOPS"
│ │
│ └── FSx for NetApp ONTAP (Enterprise)
│ └── "Enterprise-grade shared storage with NetApp features like
│ snapshots, cloning, and multi-protocol access (NFS, SMB, iSCSI)"
│
├── Cloud-Native
│ ├── EFS (Linux, NFS)
│ │ └── "Elastic, scalable NFS file system that grows/shrinks automatically,
│ │ accessible from thousands of EC2 instances simultaneously"
│ │
│ └── S3 (Object storage)
│ └── "Infinitely scalable object storage with 11 9's durability,
│ lifecycle policies, versioning, and multiple storage classes"
│
└── Hybrid
├── Storage Gateway (File Gateway)
│ └── "Hybrid storage service providing on-premises access to cloud
│ storage via NFS/SMB with local caching for low latency"
│
└── AWS DataSync (Migration/Sync)
└── "Automated data transfer service that moves data 10x faster than
open-source tools with built-in validation and monitoring"
Migration Tools
DataSync:
├── Automated data transfer
├── Bandwidth throttling
├── Data verification
└── Schedule-based sync
"Transfers data between on-premises and AWS, or between AWS services,
with automatic encryption, integrity validation, and network optimization"
Storage Gateway:
├── Cached volumes (frequent access)
├── Stored volumes (low latency)
└── File Gateway (NFS/SMB)
"Provides low-latency access to cloud storage by caching frequently
accessed data locally while storing full dataset in S3"
AWS Transfer Family:
├── SFTP/FTPS/FTP endpoints
└── Direct S3/EFS integration
"Fully managed file transfer service that enables SFTP, FTPS, and FTP
access directly to S3 or EFS without changing existing workflows"
AWS Snow Family:
├── Snowcone (8TB) - "Smallest edge device for data transfer and edge computing"
├── Snowball Edge (80TB) - "Petabyte-scale data transport with compute capabilities"
└── Snowmobile (100PB) - "Exabyte-scale data transfer via 45-foot shipping container"
D. Network Migration
Connectivity Options
Hybrid Connectivity
├── AWS Direct Connect
│ └── "Dedicated private network connection from on-premises to AWS,
│ bypassing internet for consistent performance and reduced costs"
│ ├── Dedicated connection (1/10/100 Gbps)
│ ├── Hosted connection (50 Mbps - 10 Gbps)
│ └── Use case: High bandwidth, consistent latency
│
├── Site-to-Site VPN
│ └── "Encrypted IPSec tunnels over internet connecting on-premises
│ networks to AWS VPCs with automatic failover"
│ ├── IPSec tunnels over internet
│ ├── Up to 1.25 Gbps per tunnel
│ └── Use case: Quick setup, cost-effective
│
├── AWS Transit Gateway
│ └── "Cloud router connecting thousands of VPCs and on-premises networks
│ through a central hub, simplifying network architecture"
│ ├── Central hub for VPCs and on-prem
│ ├── Simplifies network architecture
│ └── Supports thousands of connections
│
└── AWS PrivateLink
└── "Provides private connectivity between VPCs and AWS services without
exposing traffic to the internet, enhancing security"
DNS Migration
Amazon Route 53: "Highly available and scalable DNS web service with
traffic routing policies, health checks, and domain registration"
Approach:
1. Audit existing DNS records
2. Create Route 53 hosted zone
3. Replicate records to Route 53
4. Test with low TTL values
5. Update NS records at registrar
6. Monitor and validate
Routing Policies:
├── Simple routing - "Single resource for domain"
├── Weighted routing - "Distribute traffic across resources by percentage"
├── Latency routing - "Route to lowest latency endpoint"
├── Failover routing - "Active-passive failover for disaster recovery"
├── Geolocation routing - "Route based on user geographic location"
└── Geoproximity routing - "Route based on resource and user location with bias"
E. Mainframe Migration
Modernization Approaches
Approach 1: Replatform
AWS Mainframe Modernization: "Managed service for migrating and modernizing
mainframe applications with automated refactoring and managed runtime"
Source: IBM z/OS, COBOL, DB2
Target: AWS Mainframe Modernization
Tools: Micro Focus, Blu Age
Steps:
1. Assess mainframe workloads
2. Refactor COBOL to managed runtime
3. Migrate DB2 to RDS/Aurora
4. Deploy to managed service
Micro Focus: "Replatforms mainframe applications to run on x86 with
minimal code changes, preserving COBOL and JCL"
Blu Age: "Automatically refactors mainframe code to modern languages
(Java) with cloud-native architecture"
Approach 2: Refactor
Source: Mainframe applications
Target: Modern architecture
Approach: Rewrite in modern languages
Components:
├── COBOL → Java/Python
├── CICS → Microservices (ECS/Lambda)
├── DB2 → Aurora PostgreSQL
└── Batch Jobs → AWS Batch/Step Functions
AWS Batch: "Fully managed batch processing service that dynamically
provisions optimal compute resources based on job requirements"
AWS Step Functions: "Serverless workflow orchestration service coordinating
distributed applications with visual workflows and
automatic error handling"
4. Modernization Strategies
A. Microservices Architecture
Migration Path
Monolith → Microservices
Phase 1: Strangler Fig Pattern
├── Identify bounded contexts
├── Extract services incrementally
├── Route traffic (ALB path-based)
└── Gradually retire monolith
Phase 2: Service Decomposition
├── API Gateway for entry point
├── ECS/EKS for containers
├── Service mesh (App Mesh)
└── Event-driven (EventBridge, SQS)
Technology Stack
Container Orchestration:
├── Amazon ECS: "AWS-native container orchestration with deep AWS integration,
│ simpler than Kubernetes, supports Fargate serverless"
│
├── Amazon EKS: "Managed Kubernetes service providing certified conformant
│ Kubernetes with automatic upgrades and patching"
│
└── AWS Fargate: "Serverless compute engine for containers eliminating
server management, paying only for resources used"
Service Discovery:
├── AWS Cloud Map: "Service discovery for cloud resources with health checking
│ and automatic DNS updates for dynamic environments"
│
└── ECS Service Discovery: "Native ECS integration for automatic service
registration and DNS-based discovery"
Communication:
├── Synchronous:
│ ├── ALB - "Layer 7 load balancing with path/host-based routing"
│ └── API Gateway - "Managed API service with throttling, caching, and auth"
│
└── Asynchronous:
├── SQS - "Fully managed message queuing for decoupling microservices"
├── SNS - "Pub/sub messaging for fanout to multiple subscribers"
└── EventBridge - "Serverless event bus connecting applications with
SaaS and AWS services using event patterns"
AWS App Mesh: "Service mesh providing application-level networking for
microservices with traffic control, observability, and security"
B. Serverless Modernization
Use Cases & Patterns
| Pattern | Traditional | Serverless | Benefits |
|---|---|---|---|
| API Backend | EC2 + Express | API Gateway + Lambda | Auto-scaling, pay-per-use |
| Batch Processing | Cron jobs on servers | EventBridge + Lambda | No server management |
| Data Processing | ETL servers | Lambda + Step Functions | Orchestration, retry logic |
| File Processing | Always-on workers | S3 + Lambda trigger | Event-driven, cost-effective |
Key Serverless Services
AWS Lambda: "Event-driven serverless compute running code without provisioning
servers, scaling automatically, and charging only for compute time"
Amazon API Gateway: "Fully managed service for creating, publishing, and
securing REST, HTTP, and WebSocket APIs at any scale"
AWS EventBridge: "Serverless event bus routing events between AWS services,
SaaS applications, and custom applications using rules"
Amazon DynamoDB: "Fully managed NoSQL database with single-digit millisecond
latency, automatic scaling, and built-in security"
AWS Step Functions: "Visual workflow service coordinating Lambda functions
and AWS services with built-in error handling and retry"
Amazon SQS: "Fully managed message queuing service for decoupling and scaling
microservices with standard and FIFO queues"
Amazon SNS: "Pub/sub messaging service for application-to-application and
application-to-person notifications with fanout"
AWS AppSync: "Managed GraphQL service with real-time data synchronization,
offline support, and multiple data source integration"
Migration Approach
Step 1: Identify serverless candidates
├── Stateless functions
├── Event-driven workloads
├── Intermittent traffic
└── Short-running tasks
Step 2: Refactor
├── Break into functions
├── Externalize state (DynamoDB, S3)
├── Implement idempotency
└── Handle cold starts
Step 3: Deploy
├── SAM/CDK for IaC
│ ├── AWS SAM: "Framework for building serverless applications with
│ │ simplified syntax for Lambda, API Gateway, and DynamoDB"
│ └── AWS CDK: "Infrastructure as code framework using familiar programming
│ languages to define cloud resources"
│
├── CI/CD pipeline
├── Monitoring (X-Ray, CloudWatch)
└── Cost optimization
AWS X-Ray: "Distributed tracing service analyzing and debugging production
applications, identifying performance bottlenecks"
Amazon CloudWatch: "Monitoring and observability service collecting metrics,
logs, and events from AWS resources and applications"
C. Data Lake & Analytics Modernization
Traditional Data Warehouse → Modern Data Lake
Architecture Evolution:
Legacy:
├── On-prem data warehouse
├── ETL batch jobs
├── Limited scalability
└── High licensing costs
Modern:
├── Amazon S3 Data Lake: "Infinitely scalable object storage forming foundation
│ of data lakes with 11 9's durability and lifecycle"
│
├── AWS Glue: "Serverless ETL service discovering, preparing, and combining
│ data with automatic schema discovery and job scheduling"
│
├── Amazon Athena: "Serverless interactive query service analyzing S3 data
│ using standard SQL without infrastructure management"
│
├── Amazon Redshift: "Fully managed petabyte-scale data warehouse with
│ columnar storage and massively parallel processing"
│
├── Amazon QuickSight: "Serverless BI service creating interactive dashboards
│ with ML-powered insights and embedded analytics"
│
└── AWS Lake Formation: "Service simplifying data lake setup with centralized
permissions, cataloging, and data governance"
Migration Steps
1. Data Ingestion
├── Batch:
│ ├── DataSync - "10x faster than open-source tools with validation"
│ └── Snowball - "Petabyte-scale physical data transport device"
│
├── Streaming:
│ ├── Kinesis Data Streams - "Real-time data streaming with millisecond
│ │ latency and custom processing"
│ ├── Kinesis Data Firehose - "Fully managed streaming ETL to S3, Redshift,
│ │ and Elasticsearch with transformation"
│ └── Amazon MSK - "Managed Apache Kafka service for streaming data pipelines"
│
└── Database:
└── DMS - "Continuous replication from databases to S3 data lake"
2. Data Processing
├── AWS Glue ETL: "Serverless Spark-based ETL with Python/Scala support"
├── Amazon EMR: "Managed Hadoop/Spark clusters for big data processing
│ with auto-scaling and spot instance support"
└── Lambda: "Lightweight transforms for event-driven processing"
3. Data Cataloging
├── AWS Glue Crawler: "Automatically discovers schemas and populates
│ Data Catalog by scanning data sources"
└── Lake Formation: "Centralized catalog with fine-grained access control"
4. Analytics
├── Athena: "Ad-hoc SQL queries on S3 with pay-per-query pricing"
├── Redshift: "Complex analytics and BI workloads with AQUA acceleration"
├── Amazon SageMaker: "Fully managed ML service for building, training,
│ and deploying models at scale"
└── Amazon OpenSearch: "Managed search and analytics engine for log
analytics and full-text search"
D. CI/CD Modernization
Traditional → Cloud-Native DevOps
Component Migration:
Source Control:
├── AWS CodeCommit: "Fully managed Git repository service with encryption
│ at rest and in transit, integrated with IAM"
└── GitHub/GitLab: "Third-party Git services with native AWS integration"
Build:
├── AWS CodeBuild: "Fully managed build service compiling code, running tests,
│ and producing artifacts with custom build environments"
├── Containerized builds
└── Parallel execution
Artifact Storage:
├── Amazon ECR: "Fully managed Docker container registry with image scanning,
│ encryption, and lifecycle policies"
├── AWS CodeArtifact: "Managed artifact repository for software packages
│ supporting Maven, npm, Python, and NuGet"
└── S3: "Object storage for build artifacts with versioning"
Deployment:
├── AWS CodeDeploy: "Automated deployment service supporting EC2, Lambda,
│ ECS with blue/green and canary deployments"
├── AWS CodePipeline: "Continuous delivery service orchestrating build, test,
│ and deploy phases with visual workflow"
├── Blue/Green deployments
├── Canary releases
└── Automated rollback
AWS CodeStar: "Unified interface for managing software development activities
with project templates and team collaboration"
AWS Cloud9: "Cloud-based IDE for writing, running, and debugging code with
built-in terminal and collaboration features"
Infrastructure as Code
AWS CloudFormation: "Infrastructure as code service provisioning AWS resources
using JSON/YAML templates with drift detection"
AWS CDK (Cloud Development Kit): "Framework defining cloud infrastructure using
familiar programming languages (TypeScript,
Python, Java, C#)"
Terraform: "Third-party IaC tool with AWS provider for multi-cloud deployments"
AWS Systems Manager: "Operations hub for viewing and controlling AWS
infrastructure with automation, patching, and compliance"
5. Key AWS Services Reference
Migration Services
| Service | One-Liner | Use Case |
|---|---|---|
| AWS MGN | "Automated lift-and-shift replicating servers to AWS with minimal downtime" | Rehost VMs to EC2 |
| DMS | "Migrates databases with continuous replication supporting homogeneous and heterogeneous migrations" | Homogeneous/heterogeneous DB migration |
| DataSync | "Automated data transfer 10x faster than open-source tools with validation" | NAS/SAN to AWS storage |
| Snow Family | "Physical devices for petabyte to exabyte-scale offline data transfer" | Petabyte-scale offline migration |
| Transfer Family | "Managed SFTP/FTPS/FTP service providing direct access to S3 and EFS" | SFTP/FTPS to S3/EFS |
| Migration Hub | "Centralized tracking and monitoring of application migrations across AWS and partner tools" | Centralized migration tracking |
| App2Container | "Containerizes Java and .NET applications with automated ECS/EKS deployment artifacts" | Lift Java/.NET to containers |
| SCT | "Converts database schemas and code objects between different database engines" | Database schema conversion |
Modernization Services
| Service | One-Liner | Use Case |
|---|---|---|
| Lambda | "Event-driven serverless compute running code without server management" | Event-driven functions |
| ECS | "AWS-native container orchestration with deep integration and Fargate support" | Microservices |
| EKS | "Managed Kubernetes service with automatic upgrades and AWS integration" | Kubernetes workloads |
| API Gateway | "Managed API service with throttling, caching, authentication, and monitoring" | RESTful APIs, WebSocket |
| Step Functions | "Visual workflow orchestration coordinating distributed applications with error handling" | Complex business processes |
| EventBridge | "Serverless event bus connecting applications using event-driven patterns" | Event-driven architecture |
| App Mesh | "Service mesh providing observability, traffic control, and security for microservices" | Microservices networking |
| AppSync | "Managed GraphQL service with real-time sync and offline support" | GraphQL APIs |
Compute Services
| Service | One-Liner | Use Case |
|---|---|---|
| EC2 | "Resizable virtual servers with 500+ instance types for any workload" | General compute |
| Fargate | "Serverless container compute eliminating server management" | Serverless containers |
| Batch | "Fully managed batch processing dynamically provisioning optimal compute" | Batch jobs |
| Lightsail | "Simple VPS with predictable pricing for small applications" | Simple web apps |
| Elastic Beanstalk | "PaaS deploying and scaling web applications without infrastructure management" | Web app deployment |
Storage Services
| Service | One-Liner | Use Case |
|---|---|---|
| S3 | "Infinitely scalable object storage with 11 9's durability and lifecycle policies" | Object storage |
| EBS | "Block storage for EC2 with SSD and HDD options up to 64,000 IOPS" | EC2 volumes |
| EFS | "Elastic NFS file system scaling automatically with petabyte capacity" | Shared file storage |
| FSx | "Managed file systems (Windows, Lustre, NetApp, OpenZFS) with native features" | Enterprise file storage |
| S3 Glacier | "Low-cost archival storage with retrieval times from minutes to hours" | Long-term archival |
Database Services
| Service | One-Liner | Use Case |
|---|---|---|
| RDS | "Managed relational databases (MySQL, PostgreSQL, Oracle, SQL Server) with automated backups" | Relational databases |
| Aurora | "MySQL and PostgreSQL-compatible database with 5x performance and auto-scaling" | High-performance RDBMS |
| DynamoDB | "Serverless NoSQL with single-digit millisecond latency and automatic scaling" | NoSQL key-value |
| DocumentDB | "MongoDB-compatible document database with managed scaling and backups" | Document database |
| ElastiCache | "In-memory caching (Redis, Memcached) with microsecond latency" | Caching layer |
| Neptune | "Managed graph database for highly connected datasets with SPARQL and Gremlin" | Graph database |
| Keyspaces | "Managed Cassandra-compatible database with serverless scaling" | Wide-column store |
| Timestream | "Serverless time-series database analyzing trillions of events per day" | Time-series data |
| QLDB | "Immutable ledger database with cryptographically verifiable transaction log" | Ledger/audit trail |
Networking Services
| Service | One-Liner | Use Case |
|---|---|---|
| VPC | "Isolated virtual network with complete control over IP ranges and routing" | Network isolation |
| CloudFront | "Global CDN caching content at 400+ edge locations with Lambda@Edge" | Content delivery |
| Route 53 | "Scalable DNS with health checks and traffic routing policies" | DNS management |
| Direct Connect | "Dedicated private connection from on-premises to AWS bypassing internet" | Hybrid connectivity |
| Transit Gateway | "Cloud router connecting thousands of VPCs and on-premises networks" | Network hub |
| PrivateLink | "Private connectivity to services without internet exposure" | Private endpoints |
| Global Accelerator | "Network layer service improving global application availability with static IPs" | Global traffic management |
| VPN | "Encrypted IPSec tunnels connecting on-premises to AWS over internet" | Secure connectivity |
Security & Identity Services
| Service | One-Liner | Use Case |
|---|---|---|
| IAM | "Identity and access management with fine-grained permissions and MFA" | Access control |
| Secrets Manager | "Centralized secrets storage with automatic rotation and encryption" | Secrets management |
| KMS | "Managed encryption key creation and control with FIPS 140-2 validation" | Encryption keys |
| WAF | "Web application firewall protecting against common exploits and bots" | Web protection |
| Shield | "DDoS protection with Standard (free) and Advanced (24/7 response) tiers" | DDoS protection |
| GuardDuty | "Intelligent threat detection analyzing logs for malicious activity" | Threat detection |
| Security Hub | "Centralized security findings aggregator with compliance checks" | Security posture |
| Inspector | "Automated security assessment scanning for vulnerabilities and deviations" | Vulnerability scanning |
| Macie | "ML-powered service discovering and protecting sensitive data in S3" | Data privacy |
| Certificate Manager | "Provision and manage SSL/TLS certificates with automatic renewal" | SSL certificates |
Management & Governance
| Service | One-Liner | Use Case |
|---|---|---|
| CloudWatch | "Monitoring service collecting metrics, logs, and events with alarms" | Monitoring & logging |
| CloudTrail | "Audit trail recording all API calls for compliance and governance" | Audit logging |
| Config | "Resource inventory and configuration history with compliance rules" | Configuration tracking |
| Systems Manager | "Operations hub for viewing and controlling infrastructure with automation" | Operations management |
| Control Tower | "Automated landing zone setup with guardrails and account factory" | Multi-account governance |
| Organizations | "Centrally manage multiple AWS accounts with consolidated billing" | Account management |
| Service Catalog | "Create and manage approved IT service catalogs with governance" | Service provisioning |
| Trusted Advisor | "Real-time guidance optimizing AWS environment across 5 categories" | Best practices |
| Cost Explorer | "Visualize and analyze AWS costs with forecasting and recommendations" | Cost analysis |
| Budgets | "Set custom cost and usage budgets with alert notifications" | Budget management |
Analytics Services
| Service | One-Liner | Use Case |
|---|---|---|
| Athena | "Serverless SQL queries on S3 data with pay-per-query pricing" | Ad-hoc queries |
| EMR | "Managed Hadoop/Spark clusters for big data processing with auto-scaling" | Big data processing |
| Glue | "Serverless ETL with automatic schema discovery and job scheduling" | ETL pipelines |
| Kinesis | "Real-time streaming data platform with millisecond latency" | Stream processing |
| Redshift | "Petabyte-scale data warehouse with columnar storage and MPP" | Data warehousing |
| QuickSight | "Serverless BI with ML-powered insights and embedded analytics" | Business intelligence |
| Lake Formation | "Simplifies data lake setup with governance and access control" | Data lake management |
| MSK | "Managed Apache Kafka for streaming data pipelines and applications" | Kafka streaming |
| OpenSearch | "Managed search and analytics engine for logs and full-text search" | Search & analytics |
| Data Exchange | "Find, subscribe to, and use third-party data in the cloud" | Data marketplace |
Machine Learning Services
| Service | One-Liner | Use Case |
|---|---|---|
| SageMaker | "Fully managed ML service for building, training, and deploying models at scale" | ML lifecycle |
| Rekognition | "Image and video analysis with object, scene, and face detection" | Computer vision |
| Comprehend | "NLP service extracting insights from text with sentiment analysis" | Text analytics |
| Translate | "Neural machine translation supporting 75+ languages" | Language translation |
| Polly | "Text-to-speech service with lifelike voices in 60+ languages" | Speech synthesis |
| Transcribe | "Automatic speech recognition converting audio to text" | Speech-to-text |
| Lex | "Build conversational interfaces using voice and text" | Chatbots |
| Personalize | "Real-time personalization and recommendation engine" | Recommendations |
| Forecast | "Time-series forecasting using ML with no ML expertise required" | Forecasting |
| Fraud Detector | "Identify potentially fraudulent online activities using ML" | Fraud detection |
Application Integration
| Service | One-Liner | Use Case |
|---|---|---|
| SQS | "Fully managed message queuing for decoupling microservices" | Message queuing |
| SNS | "Pub/sub messaging for fanout to multiple subscribers" | Pub/sub messaging |
| EventBridge | "Serverless event bus connecting applications with event patterns" | Event routing |
| MQ | "Managed message broker for Apache ActiveMQ and RabbitMQ" | Message broker |
| AppFlow | "No-code data integration between SaaS apps and AWS services" | SaaS integration |
| Step Functions | "Visual workflow orchestration with built-in error handling" | Workflow automation |
Developer Tools
| Service | One-Liner | Use Case |
|---|---|---|
| CodeCommit | "Managed Git repository with encryption and IAM integration" | Source control |
| CodeBuild | "Fully managed build service with custom environments and parallel builds" | CI builds |
| CodeDeploy | "Automated deployment with blue/green and canary strategies" | Deployment automation |
| CodePipeline | "Continuous delivery orchestrating build, test, and deploy phases" | CI/CD pipeline |
| CodeArtifact | "Managed artifact repository for Maven, npm, Python, NuGet packages" | Artifact management |
| Cloud9 | "Cloud-based IDE with collaboration and built-in terminal" | Cloud IDE |
| X-Ray | "Distributed tracing analyzing application performance and bottlenecks" | Application tracing |
| CloudShell | "Browser-based shell with AWS CLI and 1GB persistent storage" | Command-line access |
7. AWS Services One-Liners - Quick Reference
Migration & Transfer
✓ AWS MGN: Automated lift-and-shift replicating servers with minimal downtime
✓ DMS: Database migration with continuous replication for any database
✓ DataSync: 10x faster data transfer with automatic validation
✓ Snow Family: Physical devices for petabyte-scale offline data transfer
✓ Transfer Family: Managed SFTP/FTPS/FTP with direct S3/EFS access
✓ Migration Hub: Centralized tracking of migrations across tools
✓ App2Container: Containerizes Java/.NET apps with deployment artifacts
✓ SCT: Converts database schemas between different engines
✓ Migration Evaluator: Data-driven business case with cost projections
✓ Application Discovery: Automatically discovers on-premises infrastructure
Compute
✓ EC2: Resizable virtual servers with 500+ instance types
✓ Lambda: Event-driven serverless compute with automatic scaling
✓ ECS: AWS-native container orchestration with Fargate support
✓ EKS: Managed Kubernetes with automatic upgrades
✓ Fargate: Serverless containers without server management
✓ Batch: Managed batch processing with dynamic provisioning
✓ Lightsail: Simple VPS with predictable pricing
✓ Elastic Beanstalk: PaaS for web apps without infrastructure management
✓ Outposts: AWS infrastructure on-premises for hybrid deployments
✓ Wavelength: 5G edge computing for ultra-low latency applications
Storage
✓ S3: Infinitely scalable object storage with 11 9's durability
✓ EBS: Block storage for EC2 with up to 64,000 IOPS
✓ EFS: Elastic NFS file system with automatic scaling
✓ FSx: Managed file systems (Windows, Lustre, NetApp, OpenZFS)
✓ S3 Glacier: Low-cost archival with flexible retrieval options
✓ Storage Gateway: Hybrid storage with local caching
✓ Backup: Centralized backup across AWS services
✓ Elastic Disaster Recovery: Automated disaster recovery for applications
Database
✓ RDS: Managed relational databases with automated backups
✓ Aurora: MySQL/PostgreSQL-compatible with 5x performance
✓ DynamoDB: Serverless NoSQL with single-digit millisecond latency
✓ DocumentDB: MongoDB-compatible managed document database
✓ ElastiCache: In-memory caching with microsecond latency
✓ Neptune: Managed graph database with SPARQL and Gremlin
✓ Keyspaces: Managed Cassandra-compatible database
✓ Timestream: Serverless time-series database for IoT and analytics
✓ QLDB: Immutable ledger with cryptographic verification
✓ MemoryDB: Redis-compatible in-memory database with durability
Networking & Content Delivery
✓ VPC: Isolated virtual network with complete control
✓ CloudFront: Global CDN with 400+ edge locations
✓ Route 53: Scalable DNS with health checks and routing policies
✓ Direct Connect: Dedicated private connection bypassing internet
✓ Transit Gateway: Cloud router connecting thousands of networks
✓ PrivateLink: Private connectivity without internet exposure
✓ Global Accelerator: Improves global availability with static IPs
✓ VPN: Encrypted IPSec tunnels over internet
✓ ELB: Load balancing (ALB, NLB, GLB) with auto-scaling
✓ App Mesh: Service mesh for microservices observability
Security, Identity & Compliance
✓ IAM: Fine-grained access control with MFA support
✓ Secrets Manager: Centralized secrets with automatic rotation
✓ KMS: Managed encryption keys with FIPS 140-2 validation
✓ WAF: Web application firewall against exploits and bots
✓ Shield: DDoS protection with Standard and Advanced tiers
✓ GuardDuty: Intelligent threat detection using ML
✓ Security Hub: Centralized security findings aggregator
✓ Inspector: Automated vulnerability scanning
✓ Macie: ML-powered sensitive data discovery in S3
✓ Certificate Manager: Free SSL/TLS certificates with auto-renewal
✓ Cognito: User authentication and authorization for apps
✓ Directory Service: Managed Active Directory in AWS
Management & Governance
✓ CloudWatch: Monitoring with metrics, logs, and alarms
✓ CloudTrail: Audit trail of all API calls
✓ Config: Resource inventory with compliance rules
✓ Systems Manager: Operations hub with automation and patching
✓ Control Tower: Automated multi-account landing zone
✓ Organizations: Centralized management of multiple accounts
✓ Service Catalog: Approved IT service catalogs with governance
✓ Trusted Advisor: Real-time best practice recommendations
✓ Cost Explorer: Visualize and analyze costs with forecasting
✓ Budgets: Custom cost budgets with alert notifications
✓ CloudFormation: Infrastructure as code with JSON/YAML templates
✓ OpsWorks: Configuration management with Chef and Puppet
Analytics
✓ Athena: Serverless SQL queries on S3 with pay-per-query
✓ EMR: Managed Hadoop/Spark for big data processing
✓ Glue: Serverless ETL with automatic schema discovery
✓ Kinesis: Real-time streaming with millisecond latency
✓ Redshift: Petabyte-scale data warehouse with MPP
✓ QuickSight: Serverless BI with ML-powered insights
✓ Lake Formation: Simplified data lake with governance
✓ MSK: Managed Apache Kafka for streaming pipelines
✓ OpenSearch: Search and analytics engine for logs
✓ Data Exchange: Marketplace for third-party data
✓ Data Pipeline: Orchestrates data movement and transformation
Machine Learning & AI
✓ SageMaker: Complete ML lifecycle from build to deploy
✓ Rekognition: Image/video analysis with object detection
✓ Comprehend: NLP with sentiment and entity extraction
✓ Translate: Neural translation for 75+ languages
✓ Polly: Text-to-speech with lifelike voices
✓ Transcribe: Speech-to-text with speaker identification
✓ Lex: Build conversational chatbots
✓ Personalize: Real-time recommendations engine
✓ Forecast: Time-series forecasting using ML
✓ Fraud Detector: Identify fraudulent activities
✓ Kendra: Intelligent enterprise search using ML
✓ Textract: Extract text and data from documents
Application Integration
✓ SQS: Message queuing for decoupling microservices
✓ SNS: Pub/sub messaging with fanout capability
✓ EventBridge: Serverless event bus with pattern matching
✓ MQ: Managed ActiveMQ and RabbitMQ message broker
✓ AppFlow: No-code SaaS integration with AWS services
✓ Step Functions: Visual workflow orchestration
✓ AppSync: Managed GraphQL with real-time sync
✓ API Gateway: Managed APIs with throttling and caching
Developer Tools
✓ CodeCommit: Managed Git with encryption and IAM
✓ CodeBuild: Managed build service with custom environments
✓ CodeDeploy: Automated deployment with blue/green strategies
✓ CodePipeline: CI/CD orchestration with visual workflow
✓ CodeArtifact: Managed artifact repository for packages
✓ Cloud9: Cloud-based IDE with collaboration
✓ X-Ray: Distributed tracing for performance analysis
✓ CloudShell: Browser-based shell with AWS CLI
✓ CDK: Infrastructure as code using programming languages
✓ SAM: Framework for building serverless applications
Containers
✓ ECS: AWS-native container orchestration
✓ EKS: Managed Kubernetes service
✓ ECR: Docker container registry with image scanning
✓ Fargate: Serverless compute for containers
✓ App2Container: Containerize existing applications
✓ Copilot: CLI for deploying containerized apps
✓ Red Hat OpenShift: Managed OpenShift on AWS
IoT
✓ IoT Core: Connect devices to cloud securely
✓ IoT Greengrass: Local compute and messaging for devices
✓ IoT Analytics: Analytics for IoT data at scale
✓ IoT Device Management: Onboard and manage IoT devices
✓ IoT Events: Detect and respond to IoT events
Media Services
✓ Elemental MediaConvert: File-based video transcoding
✓ Elemental MediaLive: Live video processing
✓ Elemental MediaPackage: Video origination and packaging
✓ Kinesis Video Streams: Stream video from devices to AWS
End User Computing
✓ WorkSpaces: Managed virtual desktops (DaaS)
✓ AppStream 2.0: Application streaming service
✓ WorkLink: Secure mobile access to internal websites
✓ WorkDocs: Secure enterprise document storage and sharing
Business Applications
✓ Chime: Communications service for meetings and chat
✓ WorkMail: Managed email and calendar service
✓ Connect: Cloud-based contact center service
✓ Pinpoint: Multichannel marketing communications
✓ SES: Scalable email sending and receiving service
6. Common Interview Questions & Answers
Q1: How would you migrate a 3-tier application with minimal downtime?
Answer:
Assessment:
├── Web tier: Static content + dynamic app
├── App tier: Java application servers
└── DB tier: Oracle database
Approach:
1. Database (DMS with CDC)
├── Setup DMS replication instance
├── Full load + CDC to Aurora
├── Validate data consistency
└── Keep in sync until cutover
2. Application (Parallel run)
├── Deploy app to EC2/ECS in AWS
├── Configure ALB with weighted routing
├── Gradually shift traffic (10% → 50% → 100%)
└── Monitor performance
3. Web tier (CloudFront)
├── Migrate static content to S3
├── Configure CloudFront distribution
├── Update DNS with low TTL
└── Switch to CloudFront
Cutover:
├── Schedule maintenance window
├── Stop writes to source DB
├── Final sync with DMS
├── Switch application connection strings
├── Update DNS to AWS
└── Monitor and validate
Q2: What factors determine choosing between ECS and EKS?
Answer:
Choose ECS when:
├── AWS-native solution preferred
├── Simpler learning curve needed
├── Deep AWS integration required
├── Fargate serverless containers
└── Cost optimization priority
Choose EKS when:
├── Kubernetes expertise exists
├── Multi-cloud portability needed
├── Complex orchestration requirements
├── Existing K8s tooling/ecosystem
└── Hybrid cloud deployment
Hybrid Approach:
├── Start with ECS for simplicity
├── Migrate to EKS as complexity grows
└── Use both for different workloads
Q3: How do you handle database migration with zero downtime?
Answer:
Strategy: DMS with Continuous Replication
Phase 1: Setup (No impact)
├── Create target database (RDS/Aurora)
├── Configure DMS replication instance
├── Setup endpoints (source & target)
└── Create replication task
Phase 2: Initial Load
├── Full load during off-peak hours
├── Application continues on source
└── Monitor replication lag
Phase 3: CDC (Ongoing)
├── Capture changes from source
├── Apply to target continuously
├── Validate data consistency
└── Monitor lag (should be < 1 min)
Phase 4: Cutover
├── Stop application writes (brief)
├── Wait for replication lag = 0
├── Switch connection string to target
├── Resume application
└── Total downtime: < 5 minutes
Rollback Plan:
├── Keep source DB running
├── Reverse DMS replication if needed
└── Switch back connection string
Q4: Explain your approach to migrating a monolithic application to microservices.
Answer:
Strangler Fig Pattern:
Phase 1: Assessment
├── Identify bounded contexts
├── Map dependencies
├── Prioritize by business value
└── Define service boundaries
Phase 2: Infrastructure
├── Setup ECS/EKS cluster
├── Configure API Gateway
├── Implement service mesh
└── Setup monitoring (X-Ray, CloudWatch)
Phase 3: Incremental Migration
├── Extract one service at a time
├── Implement anti-corruption layer
├── Route traffic (path-based routing)
└── Validate functionality
Example:
Monolith → Extract User Service
├── Create user microservice (ECS)
├── Migrate user data to separate DB
├── API Gateway routes /users/* to microservice
├── Monolith routes other paths
└── Gradually extract more services
Phase 4: Data Decomposition
├── Separate databases per service
├── Implement saga pattern for transactions
├── Use event sourcing where appropriate
└── Eventual consistency
Phase 5: Retire Monolith
├── All functionality extracted
├── Decommission monolith
└── Full microservices architecture
Q5: How do you optimize costs during and after migration?
Answer:
During Migration:
├── Right-size instances (Migration Evaluator)
├── Use Savings Plans for committed workloads
├── Leverage Spot instances for testing
└── Implement auto-scaling early
Post-Migration Optimization:
1. Compute
├── Reserved Instances (1-3 year)
├── Savings Plans (flexible)
├── Spot instances (fault-tolerant)
├── Graviton instances (20-40% savings)
└── Auto-scaling policies
2. Storage
├── S3 Intelligent-Tiering
├── EBS gp3 (cheaper than gp2)
├── Lifecycle policies
└── Delete unused snapshots
3. Database
├── Aurora Serverless v2 (variable workloads)
├── RDS Reserved Instances
├── Read replicas for read-heavy
└── Right-size instance types
4. Monitoring
├── Cost Explorer
├── AWS Budgets with alerts
├── Trusted Advisor
└── Third-party: CloudHealth, Cloudability
5. Architecture
├── Serverless for intermittent workloads
├── Caching (CloudFront, ElastiCache)
├── Data transfer optimization
└── Multi-AZ only for production
Q6: What's your approach to handling legacy applications that can't be easily migrated?
Answer:
Options Analysis:
1. Retain (Temporary)
├── Keep on-premises
├── Establish hybrid connectivity
├── Plan future migration
└── Document technical debt
2. Hybrid Architecture
├── AWS Outposts (AWS on-prem)
├── VMware Cloud on AWS
├── Direct Connect for connectivity
└── Gradual component migration
3. Encapsulation
├── Wrap legacy with APIs
├── API Gateway as facade
├── Modernize consumers
└── Legacy becomes backend service
4. Rewrite (Long-term)
├── Build new system in parallel
├── Migrate data incrementally
├── Dual-run period
└── Retire legacy
Example: Mainframe Application
├── Phase 1: API layer (API Gateway)
├── Phase 2: Extract batch jobs (AWS Batch)
├── Phase 3: Migrate database (DMS)
├── Phase 4: Refactor core logic
└── Phase 5: Decommission mainframe
Decision Factors:
├── Business criticality
├── Technical complexity
├── Cost of maintenance
├── Compliance requirements
└── Available skills
Q7: How would you design a disaster recovery strategy for a migrated application?
Answer:
DR Strategy Selection (RTO/RPO):
1. Backup & Restore (Hours)
├── AWS Backup for automated backups
├── S3 cross-region replication
├── AMI snapshots in secondary region
└── Lowest cost, highest RTO/RPO
2. Pilot Light (10s of minutes)
├── Core services running in DR region
├── Database replication (DMS, Aurora Global)
├── Scale up during disaster
└── Moderate cost and RTO/RPO
3. Warm Standby (Minutes)
├── Scaled-down version running
├── Route 53 health checks
├── Auto-scaling to full capacity
└── Higher cost, lower RTO/RPO
4. Multi-Site Active/Active (Real-time)
├── Full capacity in multiple regions
├── Route 53 with latency routing
├── DynamoDB Global Tables
└── Highest cost, lowest RTO/RPO
Implementation:
├── Use Aurora Global Database (< 1 sec replication)
├── S3 Cross-Region Replication for objects
├── CloudFormation for infrastructure recreation
├── Route 53 health checks for automatic failover
├── Regular DR drills and runbooks
└── AWS Elastic Disaster Recovery for critical apps
Q8: Explain your approach to migrating a data warehouse to AWS.
Answer:
Assessment Phase:
├── Current data volume and growth rate
├── Query patterns and performance requirements
├── ETL processes and dependencies
├── BI tool integrations
└── Compliance and security requirements
Target Architecture Selection:
Option 1: Redshift (Traditional DW)
├── Best for: Complex SQL, BI tools, < 1 PB
├── Migration: DMS or COPY command
├── Features: Columnar storage, MPP, Spectrum
└── Cost: Predictable, node-based pricing
Option 2: Athena + S3 (Serverless)
├── Best for: Ad-hoc queries, cost optimization
├── Migration: Export to S3, Glue Crawler
├── Features: Pay-per-query, no infrastructure
└── Cost: Query-based, very cost-effective
Option 3: Hybrid (Data Lake + Redshift)
├── S3 Data Lake for raw/historical data
├── Redshift for hot/frequently accessed data
├── Redshift Spectrum for S3 queries
└── Best of both worlds
Migration Steps:
1. Setup target (Redshift cluster or S3 bucket)
2. Schema conversion (SCT if needed)
3. Historical data migration (DMS or Snowball)
4. ETL migration (Glue or EMR)
5. Incremental sync (DMS CDC)
6. BI tool reconfiguration
7. Cutover and validation
Optimization:
├── Distribution and sort keys in Redshift
├── Partitioning in S3 for Athena
├── Compression and encoding
├── Materialized views for common queries
└── Workload management (WLM) configuration
Q9: How do you ensure security during and after migration?
Answer:
Pre-Migration Security:
├── Security assessment of current state
├── Define security requirements and compliance
├── Create security baseline (CIS benchmarks)
└── Setup AWS Organizations with SCPs
Network Security:
├── VPC design with public/private subnets
├── Security groups (stateful firewall)
├── NACLs (stateless firewall)
├── VPC Flow Logs for traffic analysis
├── AWS WAF for web application protection
└── Shield for DDoS protection
Identity & Access:
├── IAM roles instead of access keys
├── MFA for privileged accounts
├── Least privilege principle
├── IAM Access Analyzer for permissions
├── AWS SSO for centralized access
└── Service Control Policies (SCPs)
Data Protection:
├── Encryption at rest (KMS)
├── Encryption in transit (TLS/SSL)
├── S3 bucket policies and ACLs
├── RDS encryption and SSL connections
├── Secrets Manager for credentials
└── Certificate Manager for SSL certs
Monitoring & Compliance:
├── CloudTrail for audit logging
├── Config for compliance monitoring
├── GuardDuty for threat detection
├── Security Hub for centralized findings
├── Macie for sensitive data discovery
└── Inspector for vulnerability scanning
Incident Response:
├── CloudWatch alarms for anomalies
├── SNS notifications for security events
├── Automated remediation with Lambda
├── Incident response runbooks
└── Regular security drills
Q10: What's your strategy for migrating a multi-tenant SaaS application?
Answer:
Architecture Patterns:
1. Silo Model (Dedicated resources per tenant)
├── Separate VPCs or accounts per tenant
├── Complete isolation
├── Higher cost, easier compliance
└── Use: Regulated industries, enterprise customers
2. Pool Model (Shared resources)
├── Single infrastructure, logical separation
├── Lower cost, higher density
├── Tenant ID in all data
└── Use: SMB customers, cost optimization
3. Bridge Model (Hybrid)
├── Shared application tier
├── Isolated data tier per tenant
├── Balance of cost and isolation
└── Use: Most common approach
Migration Strategy:
Phase 1: Tenant Categorization
├── Classify by size, compliance, SLA
├── Identify pilot tenant (small, flexible)
└── Plan migration waves
Phase 2: Infrastructure Setup
├── Multi-tenant VPC design
├── Tenant isolation mechanisms
│ ├── IAM policies with tenant context
│ ├── RLS (Row-Level Security) in database
│ ├── Separate schemas or databases
│ └── API Gateway with tenant routing
├── Monitoring per tenant (CloudWatch dimensions)
└── Billing per tenant (Cost Allocation Tags)
Phase 3: Data Migration
├── Tenant-by-tenant migration
├── DMS with table mapping rules
├── Validate data isolation
└── Parallel run period
Phase 4: Application Deployment
├── Containerized microservices (ECS/EKS)
├── Tenant context in all requests
├── API Gateway with usage plans per tenant
├── Lambda with tenant-specific configs
└── DynamoDB with tenant partition keys
Tenant Management:
├── Control plane for tenant provisioning
├── Automated onboarding (CloudFormation)
├── Tenant-specific configurations (Parameter Store)
├── Usage tracking and billing (Cost Explorer)
└── Tenant lifecycle management
Scaling Considerations:
├── Auto-scaling per tenant or pooled
├── Noisy neighbor mitigation (throttling)
├── Tenant-aware caching (ElastiCache)
└── Database connection pooling
8. Best Practices Checklist
Pre-Migration
- [ ] Complete discovery and assessment
- [ ] Create business case (TCO analysis)
- [ ] Define success criteria and KPIs
- [ ] Establish governance and security baseline
- [ ] Setup landing zone (Control Tower)
- [ ] Train team on AWS services
- [ ] Create runbooks and procedures
- [ ] Identify dependencies and integration points
- [ ] Plan for data validation and testing
- [ ] Establish rollback procedures
During Migration
- [ ] Implement tagging strategy
- [ ] Enable CloudTrail and Config
- [ ] Setup monitoring and alerting
- [ ] Perform pilot migration
- [ ] Document lessons learned
- [ ] Maintain rollback capability
- [ ] Communicate with stakeholders
- [ ] Validate data integrity
- [ ] Test disaster recovery procedures
- [ ] Monitor performance metrics
Post-Migration
- [ ] Optimize costs (right-sizing)
- [ ] Implement backup and DR
- [ ] Security hardening
- [ ] Performance tuning
- [ ] Enable auto-scaling
- [ ] Setup CI/CD pipelines
- [ ] Knowledge transfer to operations
- [ ] Decommission on-premises resources
- [ ] Update documentation
- [ ] Conduct post-migration review
9. Quick Reference Commands
AWS CLI - Migration
# DMS - Create replication instance
aws dms create-replication-instance \
--replication-instance-identifier my-replication \
--replication-instance-class dms.t3.medium \
--allocated-storage 100
# DMS - Create endpoints
aws dms create-endpoint \
--endpoint-identifier source-db \
--endpoint-type source \
--engine-name mysql \
--server-name source.example.com \
--port 3306 \
--username admin \
--password secret
# DMS - Create replication task
aws dms create-replication-task \
--replication-task-identifier my-task \
--source-endpoint-arn arn:aws:dms:region:account:endpoint/source \
--target-endpoint-arn arn:aws:dms:region:account:endpoint/target \
--replication-instance-arn arn:aws:dms:region:account:rep:instance \
--migration-type full-load-and-cdc
# MGN - Initialize service
aws mgn initialize-service
# MGN - Describe source servers
aws mgn describe-source-servers
# DataSync - Create task
aws datasync create-task \
--source-location-arn arn:aws:datasync:region:account:location/loc-xxx \
--destination-location-arn arn:aws:datasync:region:account:location/loc-yyy \
--cloud-watch-log-group-arn arn:aws:logs:region:account:log-group
# DataSync - Start task execution
aws datasync start-task-execution \
--task-arn arn:aws:datasync:region:account:task/task-xxx
# Migration Hub - List migration tasks
aws migrationhub list-migration-tasks
# Application Discovery - Start data collection
aws discovery start-data-collection-by-agent-ids \
--agent-ids agent-id-1 agent-id-2
AWS CLI - Modernization
# ECS - Create cluster
aws ecs create-cluster \
--cluster-name my-cluster \
--capacity-providers FARGATE FARGATE_SPOT
# ECS - Register task definition
aws ecs register-task-definition \
--cli-input-json file://task-definition.json
# ECS - Create service
aws ecs create-service \
--cluster my-cluster \
--service-name my-service \
--task-definition my-task:1 \
--desired-count 2 \
--launch-type FARGATE
# EKS - Create cluster
aws eks create-cluster \
--name my-cluster \
--role-arn arn:aws:iam::account:role/eks-role \
--resources-vpc-config subnetIds=subnet-xxx,subnet-yyy
# Lambda - Deploy function
aws lambda create-function \
--function-name my-function \
--runtime python3.9 \
--handler lambda_function.lambda_handler \
--role arn:aws:iam::account:role/lambda-role \
--zip-file fileb://function.zip
# Lambda - Update function code
aws lambda update-function-code \
--function-name my-function \
--zip-file fileb://function.zip
# API Gateway - Create REST API
aws apigateway create-rest-api \
--name my-api \
--endpoint-configuration types=REGIONAL
# API Gateway - Create deployment
aws apigateway create-deployment \
--rest-api-id api-id \
--stage-name prod
# Step Functions - Create state machine
aws stepfunctions create-state-machine \
--name my-workflow \
--definition file://state-machine.json \
--role-arn arn:aws:iam::account:role/stepfunctions-role
# EventBridge - Create rule
aws events put-rule \
--name my-rule \
--event-pattern file://pattern.json \
--state ENABLED
# ECR - Create repository
aws ecr create-repository \
--repository-name my-app
# ECR - Login
aws ecr get-login-password --region region | \
docker login --username AWS --password-stdin account.dkr.ecr.region.amazonaws.com
AWS CLI - Database
# RDS - Create DB instance
aws rds create-db-instance \
--db-instance-identifier mydb \
--db-instance-class db.t3.medium \
--engine postgres \
--master-username admin \
--master-user-password secret \
--allocated-storage 100
# RDS - Create snapshot
aws rds create-db-snapshot \
--db-instance-identifier mydb \
--db-snapshot-identifier mydb-snapshot
# Aurora - Create cluster
aws rds create-db-cluster \
--db-cluster-identifier my-cluster \
--engine aurora-postgresql \
--master-username admin \
--master-user-password secret
# DynamoDB - Create table
aws dynamodb create-table \
--table-name MyTable \
--attribute-definitions AttributeName=id,AttributeType=S \
--key-schema AttributeName=id,KeyType=HASH \
--billing-mode PAY_PER_REQUEST
AWS CLI - Storage
# S3 - Sync data
aws s3 sync /local/path s3://bucket-name/path \
--storage-class INTELLIGENT_TIERING
# S3 - Enable versioning
aws s3api put-bucket-versioning \
--bucket bucket-name \
--versioning-configuration Status=Enabled
# S3 - Create lifecycle policy
aws s3api put-bucket-lifecycle-configuration \
--bucket bucket-name \
--lifecycle-configuration file://lifecycle.json
# EFS - Create file system
aws efs create-file-system \
--performance-mode generalPurpose \
--throughput-mode bursting \
--encrypted
# FSx - Create Windows file system
aws fsx create-file-system \
--file-system-type WINDOWS \
--storage-capacity 300 \
--subnet-ids subnet-xxx \
--windows-configuration file://config.json
10. Architecture Patterns Cheat Sheet
Pattern 1: Hybrid Cloud
On-Premises ←→ AWS
↓
Direct Connect / VPN
↓
Transit Gateway
↓
├── VPC (Production)
│ ├── Public Subnet (ALB, NAT)
│ └── Private Subnet (App, DB)
├── VPC (Development)
└── VPC (Shared Services)
├── Active Directory
├── DNS
└── Monitoring
Pattern 2: Microservices
CloudFront → API Gateway → Lambda (Auth)
↓
┌───────┴───────┐
↓ ↓
Service A Service B
(ECS/EKS) (Lambda)
↓ ↓
RDS Aurora DynamoDB
↓ ↓
ElastiCache EventBridge
Pattern 3: Event-Driven
Source → EventBridge → Rules
↓
┌────────────┼────────────┐
↓ ↓ ↓
Lambda Step Fns SQS
↓ ↓ ↓
DynamoDB Multiple Consumer
Services Lambda
Pattern 4: Data Lake
Sources → Ingestion → Storage → Processing → Analytics
↓ ↓ ↓ ↓ ↓
Databases Kinesis S3 Glue ETL Athena
APIs DataSync Glacier EMR Redshift
Files DMS Lambda QuickSight
IoT Transfer SageMaker
Family
Pattern 5: Serverless Web App
Route 53 → CloudFront → S3 (Static)
↓
API Gateway
↓
┌────┴────┐
↓ ↓
Lambda Lambda
↓ ↓
DynamoDB Cognito
Pattern 6: Batch Processing
S3 (Input) → EventBridge → Step Functions
↓
┌─────────┼─────────┐
↓ ↓ ↓
Batch Lambda Glue
↓ ↓ ↓
└─────────┴─────────┘
↓
S3 (Output)
11. Key Metrics to Track
Migration Metrics
Progress Metrics:
├── Applications migrated vs. planned
├── Migration velocity (apps/week)
├── Servers migrated (count)
├── Data transferred (TB)
└── Wave completion percentage
Quality Metrics:
├── Downtime per application (minutes)
├── Data validation success rate (%)
├── Post-migration issues (count)
├── Rollback incidents (count)
└── Performance vs. baseline (%)
Cost Metrics:
├── Migration cost vs. budget
├── TCO reduction (%)
├── Cost per application migrated
├── Resource utilization (%)
└── Waste/unused resources
Modernization Metrics
Development Metrics:
├── Code coverage (automated tests)
├── Technical debt reduction
├── API response time (ms)
├── Container startup time
└── Function cold start time
DevOps Metrics (DORA):
├── Deployment frequency
├── Lead time for changes
├── Mean time to recovery (MTTR)
├── Change failure rate
└── Deployment success rate
Infrastructure Metrics:
├── Infrastructure as Code coverage (%)
├── Auto-scaling effectiveness
├── Resource right-sizing (%)
├── Serverless adoption (%)
└── Container density
Business Metrics
Financial:
├── TCO reduction (%)
├── OpEx vs. CapEx shift
├── Cost per transaction
├── ROI and payback period
└── Cost avoidance
Performance:
├── Application latency (ms)
├── Throughput (requests/sec)
├── Availability/uptime (%)
├── Error rate (%)
└── User satisfaction score
Agility:
├── Time to market (days)
├── Feature release frequency
├── Developer productivity
├── Innovation velocity
└── Experiment success rate
12. Common Pitfalls & How to Avoid Them
Migration Pitfalls
❌ Insufficient Discovery
✓ Use Application Discovery Service
✓ Map all dependencies
✓ Identify hidden integrations
❌ Underestimating Complexity
✓ Start with pilot migration
✓ Build in buffer time
✓ Plan for unknowns
❌ Poor Network Planning
✓ Design VPC architecture upfront
✓ Test connectivity early
✓ Plan for bandwidth requirements
❌ Ignoring Security
✓ Security from day one
✓ Implement least privilege
✓ Enable logging and monitoring
❌ No Rollback Plan
✓ Document rollback procedures
✓ Keep source systems running
✓ Test rollback scenarios
❌ Inadequate Testing
✓ Test in non-production first
✓ Performance testing
✓ Disaster recovery testing
Modernization Pitfalls
❌ Big Bang Approach
✓ Incremental modernization
✓ Strangler fig pattern
✓ Validate each step
❌ Over-Engineering
✓ Start simple, add complexity as needed
✓ Use managed services
✓ Avoid premature optimization
❌ Ignoring Observability
✓ Implement logging from start
✓ Distributed tracing (X-Ray)
✓ Centralized monitoring
❌ Tight Coupling
✓ Loose coupling between services
✓ Event-driven architecture
✓ API versioning
❌ Neglecting Cost Optimization
✓ Right-size from the beginning
✓ Use cost allocation tags
✓ Regular cost reviews
❌ Poor Documentation
✓ Document architecture decisions
✓ Maintain runbooks
✓ Knowledge transfer sessions
Final Tips for Interview Success
Technical Preparation
- Understand the "Why": Don't just know the services, understand when and why to use them
- Real-world Experience: Share specific examples from your projects with metrics
- Trade-offs: Discuss pros/cons of different approaches
- Cost Awareness: Always consider cost implications and optimization
- Security First: Mention security at every layer of architecture
- Well-Architected Framework: Reference the 6 pillars (Operational Excellence, Security, Reliability, Performance Efficiency, Cost Optimization, Sustainability)
- Hands-on: Mention specific tools, commands, and configurations you've used
- Problem-Solving: Walk through your thought process systematically
Communication Tips
- Ask Questions: Clarify requirements before answering
- Structure Your Answer: Use frameworks (assess → plan → execute → optimize)
- Use Diagrams: Draw architecture diagrams when possible
- Quantify Results: Use numbers (reduced costs by 40%, improved latency by 60%)
- Admit Unknowns: It's okay to say "I don't know, but here's how I'd find out"
- Stay Current: Know recent service updates and new features
Behavioral Preparation
- STAR Method: Situation, Task, Action, Result for behavioral questions
- Challenges & Learnings: Be ready to discuss failures and lessons learned
- Team Collaboration: Highlight cross-functional work
- Customer Focus: Emphasize business outcomes, not just technical solutions
Day-of-Interview
- Think Aloud: Verbalize your thought process
- Time Management: Don't spend too long on one question
- Enthusiasm: Show passion for cloud and modernization
- Follow-up Questions: Engage with the interviewer
Additional Resources
AWS Official Resources
- AWS Migration Hub: Centralized tracking and monitoring
- AWS Well-Architected Tool: Architecture review and best practices
- AWS Prescriptive Guidance: Migration patterns and strategies
- AWS Training: Migration Ambassador, Solutions Architect certifications
- AWS Workshops: Hands-on migration and modernization labs
- AWS Blogs: Migration and modernization case studies
- AWS re:Invent Videos: Latest announcements and deep dives
Documentation
- AWS Whitepapers: Migration strategies, best practices
- AWS Architecture Center: Reference architectures
- AWS Service Documentation: Detailed service guides
- AWS CLI Reference: Command-line interface documentation
Community
- AWS Forums: Community support and discussions
- Stack Overflow: Technical Q&A
- Reddit r/aws: Community discussions
- AWS User Groups: Local meetups and networking
Tools & Calculators
- AWS Pricing Calculator: Estimate costs
- AWS TCO Calculator: Total cost of ownership comparison
- AWS Simple Monthly Calculator: Legacy cost estimation
- AWS Cost Explorer: Analyze actual costs
Good luck with your interview! Remember: It's not just about knowing the services, but understanding how to apply them to solve real business problems. Focus on the customer outcome, not just the technology.
Appendix: Service Comparison Tables
Compute Services Comparison
| Service | Best For | Pricing Model | Management | Scaling |
|---|---|---|---|---|
| EC2 | Full control, any workload | Per hour/second | You manage | Manual/Auto-scaling |
| Lambda | Event-driven, short tasks | Per request + duration | AWS manages | Automatic |
| ECS | Container orchestration | EC2 or Fargate pricing | Shared | Auto-scaling |
| EKS | Kubernetes workloads | Cluster + compute | Shared | Auto-scaling |
| Fargate | Serverless containers | Per vCPU/memory | AWS manages | Automatic |
| Batch | Batch processing | Underlying compute | AWS manages | Dynamic |
Database Services Comparison
| Service | Type | Best For | Scaling | Pricing |
|---|---|---|---|---|
| RDS | Relational | Traditional apps | Vertical | Instance-based |
| Aurora | Relational | High performance | Auto (storage) | Instance + storage |
| DynamoDB | NoSQL | High throughput | Automatic | On-demand or provisioned |
| DocumentDB | Document | MongoDB workloads | Vertical | Instance-based |
| ElastiCache | In-memory | Caching | Vertical | Node-based |
| Neptune | Graph | Connected data | Vertical | Instance-based |
| Redshift | Data warehouse | Analytics | Vertical/horizontal | Node-based |
Storage Services Comparison
| Service | Type | Use Case | Durability | Cost |
|---|---|---|---|---|
| S3 Standard | Object | Frequent access | 11 9's | $$ |
| S3 IA | Object | Infrequent access | 11 9's | $ |
| S3 Glacier | Object | Archive | 11 9's | ¢ |
| EBS | Block | EC2 volumes | 99.999% | $$ |
| EFS | File | Shared NFS | 11 9's | $$$ |
| FSx | File | Enterprise file | 11 9's | $$$ |
End of Cheat Sheet
Top comments (0)