Cloud Architect Interview Guide

How to Use This Guide

Every page is framed from the perspective of a central infrastructure team at an enterprise bank. You design the platform; downstream teams are your tenants.

Every topic ties back to one unified enterprise architecture — AWS Organizations with Network Hub, Security, Shared Services, and Workload accounts. This is not isolated knowledge — it’s one connected system.

Each page has: Theory | AWS vs GCP Tabs | Terraform | Architecture Diagrams | Interview Scenarios (4-8 per topic)

---

Study Roadmap

Week 1: Foundations

IAM Fundamentals Roles, policies, AssumeRole, GCP service accounts, impersonation, Workload Identity Federation

Landing Zones — Concepts Control Tower, OUs, SCPs, GCP Resource Manager, org policies, account factory

Landing Zones — Architectures 5 enterprise patterns: startup, mid-size, regulated, multi-cloud, global

Networking — VPC Design VPC fundamentals, subnets, CIDR, DNS, load balancing (ALB/NLB/GCP Global LB)

Networking — Connectivity Transit Gateway, GCP NCC, Shared VPC, Direct Connect, hybrid, multi-region

Networking — Security Network Firewall IPS/IDS, WAF, Shield, Cloud NGFW, Cloud Armor, NACLs vs SGs

Week 2: Kubernetes Core

Control Plane & Internals API server, etcd, scheduler, kubelet — how EKS and GKE implement the control plane

Workloads Deployments, StatefulSets, Jobs, CronJobs, DaemonSets, pod lifecycle, sidecars

Storage PV/PVC, CSI drivers (EBS/PD/EFS/Filestore), encryption at rest, snapshots

Networking Services, Ingress, Gateway API, CoreDNS, Network Policies, cert-manager

Cloud Service Integration IRSA, EKS Pod Identity, GCP Workload Identity, External Secrets Operator

Week 3: Kubernetes Enterprise

Multi-Tenancy & RBAC Namespaces, RBAC, ResourceQuotas, OPA Gatekeeper, Kyverno, self-service

Autoscaling HPA, VPA, Karpenter, Cluster Autoscaler, KEDA, scale-to-zero

HA & Disaster Recovery Multi-AZ, topology spread, PDB, Velero, active-active multi-cluster

CI/CD & Deployments GitHub Actions OIDC, ArgoCD, Helm, Kustomize, dev→staging→prod promotion

Troubleshooting 17 debug scenarios with exact kubectl commands and expected output

Enterprise Platform Design IDP, cluster strategy, golden paths, Backstage, Kubecost, governance

Week 4: Architecture Patterns

Zero Trust & Compliance Defense-in-depth, encryption, GuardDuty/SCC, UAE compliance (NESA, PDPL)

Service Mesh Istio on EKS/GKE, ECS Service Connect, mTLS, Cilium, ambient mode

Secrets Management Secrets Manager, External Secrets Operator, rotation, Vault

Migration Strategy 6Rs, Cloud Adoption Framework, wave planning, database migration

Event-Driven Architecture EventBridge, Pub/Sub, SNS/SQS, Kinesis, saga, DLQ, exactly-once

API Gateway API GW, Apigee, per-tenant throttling, OAuth2/JWT, versioning

Week 5: Data and Apps

Database Architecture RDS vs Aurora vs Cloud SQL vs AlloyDB vs Spanner, connection pooling

Data Platform — Pipeline Ingest→Store→Process→Warehouse→Serve, BigQuery slots, data governance

Data Platform — Architectures 5 patterns: traditional, streaming, lakehouse, Snowflake, data mesh

Web App Architecture 3-tier, microservices, serverless, CDN, caching, session management

Compute Services ECS Fargate, Cloud Run, Lambda, Cloud Functions — decision framework

Week 6: Operations

Metrics & Monitoring Prometheus, VictoriaMetrics, Grafana, Mimir/Thanos, SLOs

Logging Loki, Grafana Alloy, CloudWatch→Loki, Cloud Logging→Loki

Tracing OpenTelemetry, Tempo, distributed tracing, metric↔log↔trace correlation

SRE & Incidents On-call, runbooks, postmortems, SLO-driven operations

FinOps Cost levers, tagging, Savings Plans vs CUDs, Kubecost

---

The Enterprise Reference Architecture

Every page ties back to this unified architecture:

AWS Organization Structure

Network Hub Architecture

Every page shows “Where This Fits” in this architecture.

---

Quick Reference

AWS vs GCP Service Map Comprehensive mapping by category

kubectl Debug Cheatsheet Commands organized by failure type

Terraform Patterns Modules, state, workspaces, for_each