Technology Roadmap

AWS Cloud Engineer Roadmap

Complete AWS learning path from IAM basics to advanced EKS, serverless, and multi-account architectures. Covers Solutions Architect and DevOps Engineer certification prep.

5–8 months

8 phases

FoundationIntermediateAdvancedExpert

Phase 1

AWS Fundamentals & IAM

Identity, access, and the AWS console

Foundation2–3 weeks

What to learn

AWS global infrastructure — regions, AZs, edge locations
IAM users, groups, roles, and policies
Policy language — Effect, Action, Resource, Condition
MFA, password policies, and access keys
AWS Organizations and multi-account strategy
AWS CLI and SDK setup

Key tools

AWS ConsoleAWS CLIIAM Policy Simulator

Resources

AWS Cheatsheet Interview Q&A for this topic → Bundle

Phase 2

Networking — VPC Deep Dive

Build secure, scalable networks

Foundation3–4 weeks

What to learn

VPC, subnets (public/private), route tables
Internet Gateway, NAT Gateway, VPC Endpoints
Security Groups vs NACLs — stateful vs stateless
VPC Peering and Transit Gateway
AWS PrivateLink for service connectivity
VPN and Direct Connect basics

Key tools

VPCRoute 53CloudFront

Resources

AWS VPC Complete Guide Interview Q&A for this topic → Bundle

Phase 3

Compute — EC2 & Auto Scaling

Run and scale applications

Intermediate2–3 weeks

What to learn

EC2 instance types and pricing models (On-Demand, Spot, Reserved)
AMIs, user data, and launch templates
Auto Scaling Groups — policies, lifecycle hooks
Application Load Balancer and Network Load Balancer
Target groups and health checks
Placement groups and Elastic IPs

Key tools

EC2ALB/NLBASGLaunch Templates

Resources

AWS ALB 504 Gateway Timeout Fix AWS DevOps Tools Overview Interview Q&A for this topic → Bundle

Phase 4

Storage & Databases

S3, RDS, DynamoDB, and beyond

Intermediate3–4 weeks

What to learn

S3 — buckets, versioning, lifecycle, replication
S3 storage classes and cost optimization
RDS — setup, Multi-AZ, read replicas, backups
Aurora — serverless, global database
DynamoDB — tables, indexes, capacity modes
ElastiCache — Redis/Memcached for caching
EFS and FSx for shared file systems

Key tools

S3RDSDynamoDBElastiCacheAurora

Resources

AWS S3 CORS Error Fix AWS RDS Storage Full Fix Interview Q&A for this topic → Bundle

Phase 5

Containers — ECS & EKS

Run containers on AWS

Intermediate4–5 weeks

What to learn

ECR — build, tag, push container images
ECS — task definitions, services, Fargate vs EC2
EKS — managed Kubernetes on AWS
EKS networking — VPC CNI, ALB Ingress Controller
IRSA — IAM Roles for Service Accounts
EKS node groups — managed, self-managed, Fargate
App Mesh and service discovery

Key tools

ECRECSEKSFargateeksctl

Resources

EKS Pods Pending Fix Interview Q&A for this topic → Bundle

Phase 6

Serverless

Lambda, API Gateway, and event-driven architecture

Advanced3–4 weeks

What to learn

Lambda — runtimes, layers, concurrency, cold starts
API Gateway — REST, HTTP, WebSocket APIs
Step Functions for workflow orchestration
EventBridge for event-driven architecture
SQS, SNS, and event filtering
SAM and Serverless Framework for IaC

Key tools

LambdaAPI GatewayStep FunctionsEventBridgeSAM

Resources

LLM Function Calling for DevOps Automation AWS Interview Prep Interview Q&A for this topic → Bundle

Phase 7

Infrastructure as Code

CloudFormation and Terraform on AWS

Advanced4–5 weeks

What to learn

CloudFormation — stacks, nested stacks, drift detection
Terraform AWS provider — resources, modules, state
CDK — write infrastructure in TypeScript/Python
Remote state with S3 + DynamoDB locking
CI/CD for infrastructure (Terraform in pipelines)
Tagging strategies and cost allocation

Key tools

TerraformCloudFormationCDKAWS SAM

Resources

Terraform Cheatsheet Interview Q&A for this topic → Bundle

Phase 8

Monitoring & Security

CloudWatch, GuardDuty, and compliance

Advanced3–4 weeks

What to learn

CloudWatch — metrics, alarms, dashboards, Logs Insights
CloudTrail — audit logging and compliance
GuardDuty — threat detection
Security Hub — centralized security posture
WAF and Shield for DDoS protection
KMS and Secrets Manager for encryption
Config Rules for compliance automation

Key tools

CloudWatchCloudTrailGuardDutyKMSWAF

Resources

CloudWatch Guide Interview Q&A for this topic → Bundle

Interview Prep

DevOps Interview Prep Bundle — 1000+ Q&A

Every topic on this roadmap has interview questions in the bundle — Docker, Kubernetes, AWS, CI/CD, Linux, SRE, FinOps, System Design. Grab it before your next interview.

Get the Bundle Learn More

Frequently Asked Questions

Common questions about the AWS Cloud Engineer roadmap

1Which AWS certification should I get first?

Start with AWS Solutions Architect Associate (SAA-C03). It covers core services — EC2, S3, VPC, IAM, RDS, Lambda — and is the most recognized AWS cert for DevOps and cloud roles.

2How long does it take to learn AWS?

Core AWS services can be learned in 6–8 weeks. The full roadmap covering compute, networking, security, serverless, containers (ECS/EKS), and DevOps automation takes 4–6 months.

3Is AWS harder than Azure or GCP?

AWS has the most services (200+), which can feel overwhelming. But it has the best documentation and largest community. For DevOps roles, AWS is the most commonly required cloud platform.

4What AWS services should a DevOps engineer know?

Core services: EC2, S3, VPC, IAM, RDS, Lambda, ECS/EKS, CloudFormation, CodePipeline, CloudWatch, Route 53, ALB/NLB, Secrets Manager, and Systems Manager.

5How much does AWS cost to practice?

AWS Free Tier covers 12 months of t2.micro EC2, S3 (5GB), Lambda (1M requests), and more. For hands-on labs, budget $20–50/month and always set billing alerts.

Explore More Roadmaps