Docker Engineer Interview Questions and Answers [2025 Updated]

This guide provides 103 Docker interview questions with detailed answers for Docker Engineer roles. Covering fundamentals, image management, networking, orchestration, security, and AWS integration (ECS, EKS, CodePipeline), it equips candidates for technical interviews with scalable, secure Docker solutions.

Docker Fundamentals

1. What is the role of a Docker Engineer in DevOps?

A Docker Engineer designs and maintains containerized applications, integrating Docker with CI/CD tools like CodePipeline for consistent deployments. They ensure scalability with ECS/EKS, secure images with AWS Inspector, and monitor performance using CloudWatch for reliable workflows.

2. Why is Docker essential for microservices?

Docker isolates microservices in lightweight containers, ensuring portability and consistency across environments. It simplifies CI/CD with CodePipeline, scales via ECS/EKS, and reduces dependency conflicts, with CloudWatch monitoring for robust, modular application deployments.

3. How does Docker achieve container isolation?

Docker leverages Linux namespaces for process isolation, cgroups for resource limits, and overlay2 for layered filesystems. This ensures secure, independent container execution. Use docker inspect to verify settings and CloudWatch for monitoring in CI/CD pipelines.

4. When is Docker preferred over Kubernetes?

Docker suits single-host, lightweight container management, while Kubernetes (EKS) excels in multi-node orchestration. Use Docker for simple CI/CD pipelines with CodePipeline, monitored with CloudWatch, for smaller-scale or less complex deployments.

5. Which components drive Docker’s architecture?

• Docker Daemon: Manages containers and images.
• Docker Client: Executes CLI commands.
• Docker Hub/ECR: Stores images.
• Images: Application templates.
• Containers: Running instances.
  These enable consistent, scalable CI/CD workflows.

6. Who manages Docker container lifecycles in a team?

Docker Engineers build images with docker build, deploy via ECS/EKS, and automate with CodePipeline. They monitor lifecycle events with CloudWatch and audit with CloudTrail to ensure reliable, scalable container management in DevOps workflows.

7. What causes a Docker container to crash unexpectedly?

Inspect docker logs for errors, verify resource limits with docker inspect, and check Dockerfile CMD/ENTRYPOINT. Redeploy via CodePipeline and monitor with CloudWatch to stabilize containers and ensure consistent CI/CD pipelines.

Docker Image Management

8. How do you optimize Docker images for production?

• Use minimal base images (e.g., alpine).
• Exclude unnecessary files with .dockerignore.
• Implement multi-stage builds.
• Scan with AWS Inspector.
• Monitor with CloudWatch.
  Optimizes image size and security for efficient CI/CD.

9. Why does a Docker build fail due to dependencies?

Missing dependencies disrupt builds. Verify Dockerfile RUN commands, update requirements.txt or package.json, and test locally. Automate with CodeBuild and monitor with CloudWatch to ensure reliable, consistent CI/CD builds.

10. What is a multi-stage Docker build, and how is it implemented?

FROM python:3.9 AS builder
WORKDIR /app
COPY requirements.txt .
RUN pip install -r requirements.txt
COPY . .
RUN python build.py

FROM python:3.9-slim
WORKDIR /app
COPY --from=builder /app/dist .
CMD ["python", "app.py"]

Reduces image size, enhancing CI/CD efficiency with faster deployments.

11. When does a large Docker image impact CI/CD?

Large images slow pulls and deployments. Use minimal bases, clean caches, and leverage multi-stage builds. Store in ECR, deploy via CodePipeline, and monitor with CloudWatch to optimize CI/CD performance.

12. How do you secure Docker images in ECR?

• Scan with AWS Inspector for vulnerabilities.
• Use private ECR repositories.
• Restrict access with IAM policies.
• Encrypt with KMS.
• Monitor with CloudWatch.
  Ensures secure image storage for CI/CD pipelines.

13. Where are Docker images stored for team access?

Store images in AWS ECR, push with docker push, and automate with CodePipeline. Restrict access with IAM, monitor with CloudWatch, and audit with CloudTrail for collaborative, secure image management.

14. Which practices enhance Docker build efficiency?

• Order Dockerfile for layer caching.
• Use .dockerignore to exclude files.
• Cache dependencies in S3.
• Monitor builds with CloudWatch.
  Improves build speed and CI/CD reliability.

Docker Networking

15. How do you troubleshoot Docker container connectivity issues?

Inspect docker network ls, verify bridge/overlay modes, and test with docker exec ping. Adjust VPC security groups, redeploy via CodePipeline, and monitor with CloudWatch to restore network connectivity in CI/CD pipelines.

16. Why can’t containers communicate with each other?

Verify network mode with docker network inspect, ensure ports are exposed in Dockerfile, and test with docker exec. Redeploy via CodePipeline and monitor with CloudWatch to resolve networking issues in CI/CD workflows.

17. What sets up a Docker overlay network for multi-host communication?

docker network create -d overlay my-overlay

Configure with Swarm or EKS, set up VPC subnets, and monitor with CloudWatch. Enables scalable, multi-host container communication for CI/CD pipelines.

18. When should you use bridge versus host networking?

Bridge networks isolate containers for microservices, while host networks leverage the host’s stack for performance. Configure in docker run, monitor with CloudWatch to ensure compatibility with CI/CD requirements.

19. How do you expose a container port to external traffic?

EXPOSE 8080

Map ports with docker run -p 8080:8080, use ALB for routing, and monitor with CloudWatch to ensure accessible, secure services in CI/CD pipelines.

20. Which tools monitor Docker network performance?

• CloudWatch for container metrics.
• VPC Flow Logs for traffic analysis.
• X-Ray for request tracing.
• SNS for performance alerts.
  Ensures observable networking in CI/CD workflows.

21. Why does a container lose external connectivity?

Check VPC security groups, verify DNS resolution, and inspect docker network. Adjust firewall rules, redeploy via CodePipeline, and monitor with CloudWatch to restore connectivity in CI/CD pipelines.

Docker Orchestration

22. How do you deploy Docker containers to ECS?

Define task definitions, push images to ECR, and deploy via CodePipeline. Use ALB for load balancing and monitor with CloudWatch to ensure scalable, orchestrated container deployments in CI/CD pipelines.

23. Why does an ECS task fail to launch?

Verify task definition CPU/memory, check CloudWatch Logs for errors, and ensure IAM roles allow ECR access. Adjust resources, redeploy via CodePipeline, and monitor with CloudWatch to stabilize CI/CD deployments.

24. What scales Docker containers in EKS?

Enable HPA with kubectl autoscale, set resource limits, and use Cluster Autoscaler. Push images to ECR, deploy via CodePipeline, and monitor with CloudWatch for scalable Kubernetes-based CI/CD.

25. When does a Docker Swarm service fail to deploy?

Check docker service inspect for errors, verify node availability, and ensure ECR image access. Redeploy with docker service update and monitor with CloudWatch to restore CI/CD workflows.

26. How do you implement rolling updates in Docker Swarm?

docker service update --update-delay 10s --update-parallelism 2 my-service

Test in staging, monitor with CloudWatch, and roll back if needed for seamless CI/CD updates.

27. Which strategies optimize EKS orchestration for Docker?

• Use node affinity for pod placement.
• Enable HPA for dynamic scaling.
• Configure Cluster Autoscaler.
• Monitor with CloudWatch.
  Ensures high-performance Kubernetes CI/CD.

28. Who manages multi-tenant Docker deployments in EKS?

DevOps engineers use namespaces for isolation, implement RBAC, and push images to ECR. Automate with CodePipeline, monitor with CloudWatch, and audit with CloudTrail for secure, multi-tenant CI/CD.

Docker Security

29. How do you secure Docker containers in production?

• Run as non-root user.
• Scan images with AWS Inspector.
• Use minimal base images.
• Limit container privileges.
• Monitor with CloudWatch.
  Ensures secure container deployments for CI/CD.

30. Why are Docker images vulnerable to attacks?

Unpatched images pose risks. Scan with AWS Inspector, use minimal bases, and automate updates in CodePipeline. Monitor with CloudWatch to ensure secure, compliant CI/CD workflows.

31. What manages Docker secrets effectively?

docker secret create my-secret secret.txt

Use Docker secrets in Swarm or Kubernetes secrets in EKS, integrate with Secrets Manager, and monitor with CloudWatch for secure CI/CD.

32. When do you use Docker Content Trust (DCT)?

Enable DCT with export DOCKER_CONTENT_TRUST=1 to verify image signatures. Push to ECR, automate with CodePipeline, and monitor with CloudWatch for trusted CI/CD workflows.

33. How do you restrict Docker container resources?

docker run --memory="512m" --cpus="0.5" my-image

Set cgroups limits, monitor with CloudWatch, and deploy via CodePipeline to prevent resource overuse in CI/CD pipelines.

34. Which tools audit Docker container security?

• AWS Inspector for image scans.
• CloudTrail for API auditing.
• CloudWatch for container metrics.
• CodePipeline for scan integration.
  Ensures secure CI/CD workflows.

35. Why does a Docker container face unauthorized access?

Verify exposed ports, check security groups, and audit IAM roles. Update Dockerfile, redeploy via CodePipeline, and monitor with CloudWatch to secure CI/CD deployments.

Docker CI/CD Integration

36. How do you integrate Docker with AWS CodePipeline?

Build images in CodeBuild, push to ECR, and deploy to ECS/EKS via CodePipeline. Monitor with CloudWatch and audit with CloudTrail for automated, scalable CI/CD workflows.

37. Why does a Docker pipeline fail in CodeBuild?

Check buildspec.yml for errors, verify Dockerfile syntax, and ensure ECR access. Update dependencies, test locally, and monitor with CloudWatch to restore reliable CI/CD builds.

38. What automates Docker image scanning in CI/CD?

version: 0.2
phases:
  build:
    commands:
      - docker build -t my-image .
      - aws ecr start-image-scan --repository-name my-repo --image-id imageTag=latest

Integrate AWS Inspector in CodePipeline and monitor with CloudWatch for secure CI/CD.

39. When does a Docker pipeline deploy to the wrong environment?

Verify CodePipeline stage configurations, check ECS task definitions, and ensure environment variables. Update IAM roles, redeploy, and monitor with CloudWatch for accurate CI/CD deployments.

40. How do you implement blue-green deployments with Docker?

Use CodeDeploy with ECS, create a green environment, switch ALB traffic, and monitor with CloudWatch. Roll back if needed for zero-downtime CI/CD deployments.

41. Which tools monitor Docker pipeline performance?

• CloudWatch for pipeline metrics.
• X-Ray for build tracing.
• SNS for failure alerts.
• CodePipeline for automation.
  Ensures observable CI/CD workflows.

42. Why does a container fail to pull from ECR?

Verify IAM roles for ECR access, check docker login, and inspect docker pull errors. Update credentials, redeploy via CodePipeline, and monitor with CloudWatch to restore CI/CD.

Docker Storage and Persistence

43. How do you ensure persistent storage for Docker containers?

docker run -v /data:/app/data my-image

Use volumes or EFS, integrate with ECS, and monitor with CloudWatch for reliable data storage in CI/CD pipelines.

44. Why does a container lose data on restart?

Containers are ephemeral. Use volumes or EFS mounts, configure in ECS task definitions, and monitor with CloudWatch. Redeploy via CodePipeline for data integrity.

45. What configures Docker volumes for multi-container apps?

version: '3'
services:
  app:
    image: my-app
    volumes:
      - my-volume:/app/data
volumes:
  my-volume:

Deploy to ECS and monitor with CloudWatch for persistent CI/CD.

46. When do you use EFS with Docker containers?

Use EFS for shared storage in ECS multi-container apps. Mount via task definitions, deploy via CodePipeline, and monitor with CloudWatch for scalable, persistent CI/CD.

47. How do you optimize Docker volume performance?

• Use EFS for shared storage.
• Configure burst credits for throughput.
• Monitor IOPS with CloudWatch.
• Optimize mounts in task definitions.
  Ensures high-performance CI/CD storage.

48. Which strategies back up Docker container data?

• Use AWS Backup for EFS volumes.
• Schedule backups via CloudWatch Events.
• Store in S3 for redundancy.
• Monitor with CloudWatch.
  Ensures resilient CI/CD data management.

49. Why does a Docker volume cause performance issues?

Check EFS throughput, optimize IOPS, and verify mount configurations. Adjust task definitions, redeploy via CodePipeline, and monitor with CloudWatch for efficient CI/CD storage.

Docker Troubleshooting

50. How do you diagnose a Docker container crash?

Check docker logs, verify resource usage with docker stats, and inspect CMD/ENTRYPOINT. Redeploy via CodePipeline and monitor with CloudWatch to stabilize containers in CI/CD pipelines.

51. Why does a container consume excessive CPU?

Analyze docker stats, set --cpus limits, and optimize application code. Redeploy via CodePipeline and monitor with CloudWatch to ensure efficient resource usage in CI/CD.

52. What causes a Docker build to hang?

Check Dockerfile for large dependencies, verify network connectivity, and inspect build logs. Use --no-cache if needed, automate with CodeBuild, and monitor with CloudWatch to restore CI/CD builds.

53. When does a container fail to start in ECS?

Verify task definition CPU/memory, check CloudWatch Logs for errors, and ensure ECR access. Adjust resources, redeploy via CodePipeline, and monitor with CloudWatch for stable CI/CD.

54. How do you troubleshoot Docker network latency?

Inspect docker network, verify VPC Flow Logs, and test with ping. Adjust security groups, redeploy via CodePipeline, and monitor with CloudWatch for low-latency CI/CD.

55. Which logs diagnose Docker container failures?

• docker logs for application errors.
• CloudWatch Logs for ECS/EKS.
• X-Ray for tracing.
• CloudWatch alarms for alerts.
  Ensures effective CI/CD troubleshooting.

56. Why does a Docker service fail health checks in ECS?

Verify ALB health check settings, check task definition ports, and analyze CloudWatch Logs. Update configurations, redeploy via CodePipeline, and monitor with CloudWatch for reliable CI/CD.

Docker Advanced Scenarios

57. How do you implement a circuit breaker in Dockerized microservices?

from resilience4j import CircuitBreaker
import requests
circuit_breaker = CircuitBreaker(failure_threshold=5)
@circuit_breaker
def call_service():
    try:
        return requests.get('http://service:8080')
    except:
        return {"status": "fallback"}

Deploy in ECS, monitor with CloudWatch for fault-tolerant CI/CD.

58. Why use Docker Swarm over Kubernetes for small teams?

Swarm offers simpler orchestration than EKS, requiring less configuration. Deploy with docker service create, monitor with CloudWatch, and automate with CodePipeline for lightweight CI/CD workflows.

59. What optimizes Docker container startup time?

• Use lightweight base images (e.g., alpine).
• Minimize Dockerfile layers.
• Optimize CMD/ENTRYPOINT commands.
• Monitor with CloudWatch.
  Ensures fast CI/CD deployments.

60. When do you use Docker for serverless applications?

Package Lambda functions in Docker images, push to ECR, and deploy via CodePipeline. Monitor with CloudWatch and optimize cold starts for flexible serverless CI/CD.

61. How do you manage Docker image versioning?

Tag images with docker tag my-app:1.0, push to ECR, and use semantic versioning. Automate with CodePipeline and monitor with CloudWatch for organized CI/CD workflows.

62. Which strategies handle Docker container logging?

• Configure awslogs driver for CloudWatch.
• Use Fluentd for centralized logging.
• Set retention policies in CloudWatch.
• Integrate with CodePipeline.
  Ensures observable CI/CD workflows.

63. Why does a Docker container run out of memory?

Check docker stats for usage, set --memory limits, and optimize code. Redeploy via CodePipeline and monitor with CloudWatch to prevent crashes in CI/CD pipelines.

Docker AWS Integration

64. How do you deploy Docker containers to AWS Fargate?

Define ECS task definitions, push images to ECR, and deploy via CodePipeline. Use Fargate for serverless execution, monitor with CloudWatch, and scale with Auto Scaling for efficient CI/CD.

65. Why does an EKS pod fail to pull Docker images?

Verify IAM roles for ECR access, check Kubernetes secrets, and analyze kubectl describe pod. Update credentials, redeploy via CodePipeline, and monitor with CloudWatch for reliable CI/CD.

66. What integrates Docker with AWS CodeBuild?

version: 0.2
phases:
  build:
    commands:
      - docker build -t my-image .
      - aws ecr get-login-password | docker login --username AWS --password-stdin my-ecr-repo
      - docker push my-ecr-repo:latest

Automates Docker builds and monitors with CloudWatch for CI/CD.

67. When do you choose ECS over EKS for Docker?

ECS simplifies AWS-native container management; EKS suits complex Kubernetes workloads. Deploy via CodePipeline and monitor with CloudWatch for optimal CI/CD based on project needs.

68. How do you secure Docker containers in ECS?

• Use IAM roles for task access.
• Scan images with AWS Inspector.
• Configure security groups.
• Monitor with CloudWatch.
  Ensures secure CI/CD deployments.

69. Which tools monitor Docker containers in EKS?

• CloudWatch Container Insights for metrics.
• X-Ray for tracing.
• Kubernetes events in CloudWatch.
• CodePipeline for automation.
  Ensures observable CI/CD workflows.

70. Why does a Docker job fail in AWS Batch?

Check job definition resources, verify IAM roles, and analyze CloudWatch Logs. Adjust configurations, redeploy via CodePipeline, and monitor with CloudWatch for reliable CI/CD.

Docker Performance Optimization

71. How do you optimize Docker container CPU usage?

Set --cpus limits, optimize application code, and monitor with docker stats and CloudWatch. Redeploy via CodePipeline to ensure efficient resource usage in CI/CD pipelines.

72. Why does a Docker container experience high disk I/O?

Check volume configurations, optimize EFS settings, and monitor IOPS with CloudWatch. Adjust mounts, redeploy via CodePipeline for efficient CI/CD storage performance.

73. What improves Docker image pull performance?

Use ECR with CloudFront caching, optimize VPC endpoints, and monitor with CloudWatch. Automate pulls in CodePipeline for faster CI/CD deployments.

74. When do Docker containers cause network bottlenecks?

Inspect docker network, verify VPC Flow Logs, and optimize security groups. Redeploy via CodePipeline and monitor with CloudWatch for low-latency CI/CD.

75. How do you scale Docker containers for traffic spikes?

• Enable ECS Auto Scaling with CloudWatch metrics.
• Use ALB for load balancing.
• Optimize task definitions.
• Monitor with CloudWatch.
  Ensures scalable CI/CD workflows.

76. Which metrics monitor Docker container performance?

• CPU/memory with CloudWatch.
• docker stats for real-time data.
• X-Ray for application tracing.
• SNS for alerts.
  Ensures performant CI/CD pipelines.

77. Why does a Dockerized app have slow response times?

Analyze CloudWatch metrics for latency, optimize code, and adjust container resources. Redeploy via CodePipeline and monitor with CloudWatch to restore CI/CD performance.

Docker Security and Compliance

78. How do you ensure Docker compliance with PCI DSS?

• Encrypt data with KMS.
• Restrict access with IAM roles.
• Audit with CloudTrail.
• Scan images with AWS Inspector.
  Ensures compliant CI/CD workflows.

79. Why is a Docker container vulnerable to privilege escalation?

Check for root user, verify capabilities with docker inspect. Run as non-root, scan with AWS Inspector, and redeploy via CodePipeline for secure CI/CD.

80. What audits Docker container activity?

Enable CloudTrail for Docker API calls, monitor events with CloudWatch, and integrate with CodePipeline. Use AWS Config for compliance checks in CI/CD workflows.

81. When do you rotate Docker secrets?

Use Secrets Manager for automated rotation, integrate with ECS/EKS task definitions, and monitor with CloudWatch. Redeploy via CodePipeline for secure CI/CD.

82. How do you prevent Docker container breakouts?

• Use AppArmor or SELinux profiles.
• Restrict syscalls with seccomp.
• Run as non-root user.
• Monitor with CloudWatch.
  Ensures secure CI/CD deployments.

83. Which tools secure Docker images in CI/CD?

• AWS Inspector for vulnerability scans.
• DCT for image signing.
• IAM for ECR access control.
• CloudWatch for monitoring.
  Ensures secure CI/CD workflows.

Docker Multi-Container Scenarios

84. How do you manage multi-container apps with Docker Compose?

version: '3'
services:
  web:
    image: my-app
    ports:
      - "8080:8080"
  db:
    image: postgres
    environment:
      - POSTGRES_PASSWORD=mysecret

Deploy to ECS and monitor with CloudWatch for scalable CI/CD.

85. Why do multi-container apps fail to communicate?

Verify docker-compose.yml network settings, check service links, and test with docker exec. Adjust configurations, redeploy via CodePipeline, and monitor with CloudWatch for reliable CI/CD.

86. What orchestrates multi-container apps in production?

Use ECS or EKS, define task/pod definitions, and deploy via CodePipeline. Monitor with CloudWatch and scale with Auto Scaling for robust CI/CD workflows.

87. When is Docker Swarm suitable for multi-container apps?

Use Swarm for lightweight orchestration, configure with docker service create, and monitor with CloudWatch. Deploy via CodePipeline for simple, scalable CI/CD.

88. How do you secure multi-container communication?

• Use overlay networks for isolation.
• Configure service-level security groups.
• Encrypt traffic with TLS.
• Monitor with CloudWatch.
  Ensures secure CI/CD workflows.

Docker Advanced Integration

89. How do you integrate Docker with AWS App Mesh?

Configure App Mesh with ECS/EKS, define proxies in task definitions, and deploy via CodePipeline. Monitor with CloudWatch and trace with X-Ray for observable CI/CD.

90. Why does a Docker job fail in AWS Batch?

Check job resources, verify IAM roles, and analyze CloudWatch Logs. Adjust configurations, redeploy via CodePipeline, and monitor with CloudWatch for reliable CI/CD.

91. What uses Docker with AWS Step Functions?

{
  "StartAt": "Build",
  "States": {
    "Build": {
      "Type": "Task",
      "Resource": "arn:aws:states:::codebuild:startBuild.sync",
      "Next": "Deploy"
    },
    "Deploy": {
      "Type": "Task",
      "Resource": "arn:aws:states:::ecs:runTask.sync",
      "End": true
    }
  }
}

Orchestrates Docker-based CI/CD workflows.

92. When do you use Docker with AWS Lambda?

Package Lambda functions in Docker images, push to ECR, and deploy via CodePipeline. Monitor with CloudWatch for flexible serverless CI/CD workflows.

93. How do you implement GitOps with Docker in EKS?

Use ArgoCD to sync Docker manifests from CodeCommit, deploy to EKS via CodePipeline, and monitor with CloudWatch. Audit with CloudTrail for declarative CI/CD.

Docker Code-Based Scenarios

94. How do you create a Dockerfile for a Node.js app?

FROM node:18-alpine
WORKDIR /app
COPY package.json .
RUN npm install
COPY . .
EXPOSE 8080
CMD ["node", "index.js"]

Ensures lightweight, reliable CI/CD builds.

95. What configures a Docker Compose file for ECS?

version: '3'
services:
  app:
    image: my-ecr-repo:latest
    ports:
      - "8080:8080"
    environment:
      - AWS_REGION=us-east-1
  db:
    image: postgres:latest
    environment:
      - POSTGRES_PASSWORD=mysecret

Deploys to ECS for scalable CI/CD.

96. Why use a .dockerignore file?

node_modules
.git
*.log

Excludes unnecessary files, reduces image size, and improves CI/CD efficiency.

97. How do you define a Kubernetes pod with a Docker image?

apiVersion: v1
kind: Pod
metadata:
  name: my-app
spec:
  containers:
  - name: app
    image: my-ecr-repo:latest
    ports:
    - containerPort: 8080

Deploys to EKS for scalable CI/CD.

98. What runs a Docker container in ECS?

family: my-app
containerDefinitions:
  - name: app
    image: my-ecr-repo:latest
    cpu: 256
    memory: 512
    portMappings:
      - containerPort: 8080

Ensures reliable CI/CD deployments.

99. Which code secures an ECS task definition?

family: secure-app
containerDefinitions:
  - name: app
    image: my-ecr-repo:latest
    cpu: 256
    memory: 512
    secrets:
      - name: DB_PASSWORD
        valueFrom: arn:aws:secretsmanager:us-east-1:123456789012:secret:my-secret

Uses Secrets Manager for secure CI/CD.

Docker Multi-Region and Compliance

100. How do you deploy Docker containers across multiple regions?

Use ECS with CloudFormation StackSets, push images to ECR, and route traffic with Route 53. Monitor with CloudWatch and deploy via CodePipeline for resilient CI/CD.

101. Why does a multi-region Docker deployment fail?

Check CloudWatch Logs for region-specific errors, verify ECR replication, and test Route 53 routing. Redeploy via CodePipeline and monitor with CloudWatch for reliable CI/CD.

102. What ensures HIPAA compliance for Docker containers?

• Encrypt data with KMS.
• Restrict access with IAM roles.
• Audit with CloudTrail.
• Scan images with AWS Inspector.
  Ensures compliant CI/CD workflows.

103. How do you handle a Docker container data breach?

Isolate containers with security groups, analyze CloudTrail logs, and scan with AWS Inspector. Patch vulnerabilities, redeploy via CodePipeline, and monitor with CloudWatch for secure CI/CD.