Cloud Architect / Solutions Architect (Cloud) interview questions & answers — India 2026

Model answer

Design for active-active or active-passive multi-region depending on RTO/RPO requirements. Core components: (1) Route 53 latency-based or failover routing; (2) Application load balancers per region; (3) EKS clusters in each region with identical workloads; (4) Aurora Global Database for multi-region relational data with sub-1-second replication lag; (5) S3 cross-region replication for object storage; (6) ElastiCache with Redis for session state (with cross-region replication); (7) AWS WAF + Shield Advanced for DDoS protection. For RBI compliance (fintech), ensure data residency is in ap-south-1 (Mumbai). Discuss RTO/RPO: active-active achieves near-zero RTO; active-passive with Aurora Global typically achieves < 1 minute RPO. Cost trade-off: active-active is 2x infrastructure cost but eliminates downtime risk.

Model answer

Terraform (HashiCorp): provider-agnostic, works across AWS/Azure/GCP, state file managed separately (local or S3 backend), HCL language, large module ecosystem. Best for multi-cloud or teams that want vendor neutrality. CloudFormation: AWS-native, tightly integrated with all AWS services, YAML/JSON, managed state in AWS, no additional tooling needed. Best for AWS-only shops that want native integration. AWS CDK: uses real programming languages (Python, TypeScript, Java), compiles to CloudFormation, enables reusable constructs and testing of infrastructure code. Best when your team prefers imperative/OOP patterns. For most Indian enterprise scenarios in 2026, Terraform is the default recommendation due to multi-cloud optionality and ecosystem size. Key interview angle: always discuss state management and drift detection regardless of tool choice.

Model answer

Start with a FinOps framework: Inform → Optimise → Operate. Immediate wins (30-60 days): (1) Right-sizing — use AWS Compute Optimizer to identify over-provisioned EC2/RDS instances; typical 20-30% waste found; (2) Reserved Instances or Savings Plans — commit 1 or 3 years for predictable workloads; 30-72% discount; (3) Identify unattached EBS volumes, idle Elastic IPs, old EBS snapshots. Medium-term: (4) Spot Instances for fault-tolerant batch workloads (80% discount); (5) S3 lifecycle policies — move infrequent data to Glacier; (6) NAT Gateway cost optimisation — often 15-20% of bills come from data transfer. For ₹2Cr/month spend, realistically target 25-35% reduction (₹50L-₹70L/month savings) with 3-6 months of focused FinOps work. Present findings in a tagged cost allocation report by team/product to drive accountability.

Model answer

Use STAR format. Key elements to include: (1) Migration scope and complexity — number of workloads, legacy dependencies; (2) Discovery phase — what you found that was not in the original scoping (always something); (3) A specific challenge: database compatibility, network latency, application dependency that was undocumented; (4) How you resolved it — parallel run strategy, phased cutover, rollback plan; (5) What you would do differently. Strong candidates discuss the importance of a detailed discovery and dependency mapping phase before any migration work begins, and the value of running workloads in parallel (pilot migration) before full cutover.

Model answer

VPC (Virtual Private Cloud) is an isolated network environment in AWS. 3-tier architecture design: (1) Public Subnet: ALB (Application Load Balancer) and NAT Gateway — internet-facing only; (2) Private Subnet (App Tier): EC2/EKS instances running the application — no direct internet access, outbound via NAT Gateway; (3) Private Subnet (Data Tier): RDS, ElastiCache — no internet routing, only accessible from App Tier via security groups. Across at least 2 AZs for HA. Security controls: Security Groups at instance level (stateful), NACLs at subnet level (stateless). VPC Flow Logs for audit. Transit Gateway for multi-VPC connectivity. For India production environments, always deploy in ap-south-1 Mumbai with multi-AZ.

Model answer

Do not simply block the request — understand the business need first. Steps: (1) Meet with the BU to understand the use case and urgency; (2) Review the service for compliance, security, and cost implications; (3) Check if an approved alternative meets the need; (4) If not, run a fast-track evaluation with security and compliance teams; (5) Document the risk assessment and business case; (6) Escalate to the Cloud Governance Board if above your approval authority. The goal is to enable the business within a governed framework — not to be a blocker. Establish a cloud service approval process that is fast enough that BUs do not feel they need to circumvent governance.