Real-world Scenarios
Practice four common implementation scenarios: deploy on EC2, store files in S3, scale app traffic, and secure access with IAM roles.
Scenario 1: Deploying Web App on EC2
- Launch EC2 in public subnet with web Security Group.
- Install runtime and app package.
- Put ALB in front for production traffic.
# Basic remote setup sketch ssh -i key.pem ec2-user@PUBLIC_IP sudo yum update -y sudo systemctl start nginx sudo systemctl enable nginx
Scenario 2: Storing Files in S3
- Create bucket with encryption enabled.
- Upload files via SDK/CLI.
- Use presigned URLs for controlled access.
aws s3 cp invoice.pdf s3://company-docs-prod/invoices/invoice.pdf aws s3 presign s3://company-docs-prod/invoices/invoice.pdf --expires-in 900
Scenario 3: Scaling Application
- Create Auto Scaling group from launch template.
- Attach to ALB target group.
- Scale based on CPU or request count.
Scenario 4: Securing Access with IAM
- Create least-privilege role for app service.
- Attach role to EC2/Lambda.
- Avoid embedding static access keys in code.
Debugging Scenario
Problem
App can read public content but cannot write private objects to S3.
Check object path permission scope in IAM policy and bucket policy deny statements.
Interview Questions
Beginner: Why place ALB before EC2 fleet?
To distribute traffic and remove single-instance dependency.
To distribute traffic and remove single-instance dependency.
Intermediate: Why use presigned URL for file download?
Temporary controlled access without exposing bucket publicly.
Temporary controlled access without exposing bucket publicly.
Scenario: Security team rejects access keys in app config. Alternative?
Use IAM role attachment and short-lived credentials.
Use IAM role attachment and short-lived credentials.
Summary
- These four patterns cover common production foundations.
- IAM roles and S3 security are frequent interview and incident topics.
- Automated scaling is essential for stable user experience.