All Roadmaps
Technology Roadmap

AWS Cloud Engineer Roadmap

Complete AWS learning path from IAM basics to advanced EKS, serverless, and multi-account architectures. Covers Solutions Architect and DevOps Engineer certification prep.

5–8 months
8 phases
FoundationIntermediateAdvancedExpert
Phase 1

AWS Fundamentals & IAM

Identity, access, and the AWS console

Foundation2–3 weeks

What to learn

  • AWS global infrastructure — regions, AZs, edge locations
  • IAM users, groups, roles, and policies
  • Policy language — Effect, Action, Resource, Condition
  • MFA, password policies, and access keys
  • AWS Organizations and multi-account strategy
  • AWS CLI and SDK setup

Key tools

AWS ConsoleAWS CLIIAM Policy Simulator
Phase 2

Networking — VPC Deep Dive

Build secure, scalable networks

Foundation3–4 weeks

What to learn

  • VPC, subnets (public/private), route tables
  • Internet Gateway, NAT Gateway, VPC Endpoints
  • Security Groups vs NACLs — stateful vs stateless
  • VPC Peering and Transit Gateway
  • AWS PrivateLink for service connectivity
  • VPN and Direct Connect basics

Key tools

VPCRoute 53CloudFront
Phase 3

Compute — EC2 & Auto Scaling

Run and scale applications

Intermediate2–3 weeks

What to learn

  • EC2 instance types and pricing models (On-Demand, Spot, Reserved)
  • AMIs, user data, and launch templates
  • Auto Scaling Groups — policies, lifecycle hooks
  • Application Load Balancer and Network Load Balancer
  • Target groups and health checks
  • Placement groups and Elastic IPs

Key tools

EC2ALB/NLBASGLaunch Templates
Phase 4

Storage & Databases

S3, RDS, DynamoDB, and beyond

Intermediate3–4 weeks

What to learn

  • S3 — buckets, versioning, lifecycle, replication
  • S3 storage classes and cost optimization
  • RDS — setup, Multi-AZ, read replicas, backups
  • Aurora — serverless, global database
  • DynamoDB — tables, indexes, capacity modes
  • ElastiCache — Redis/Memcached for caching
  • EFS and FSx for shared file systems

Key tools

S3RDSDynamoDBElastiCacheAurora
Phase 5

Containers — ECS & EKS

Run containers on AWS

Intermediate4–5 weeks

What to learn

  • ECR — build, tag, push container images
  • ECS — task definitions, services, Fargate vs EC2
  • EKS — managed Kubernetes on AWS
  • EKS networking — VPC CNI, ALB Ingress Controller
  • IRSA — IAM Roles for Service Accounts
  • EKS node groups — managed, self-managed, Fargate
  • App Mesh and service discovery

Key tools

ECRECSEKSFargateeksctl
Phase 6

Serverless

Lambda, API Gateway, and event-driven architecture

Advanced3–4 weeks

What to learn

  • Lambda — runtimes, layers, concurrency, cold starts
  • API Gateway — REST, HTTP, WebSocket APIs
  • Step Functions for workflow orchestration
  • EventBridge for event-driven architecture
  • SQS, SNS, and event filtering
  • SAM and Serverless Framework for IaC

Key tools

LambdaAPI GatewayStep FunctionsEventBridgeSAM
Phase 7

Infrastructure as Code

CloudFormation and Terraform on AWS

Advanced4–5 weeks

What to learn

  • CloudFormation — stacks, nested stacks, drift detection
  • Terraform AWS provider — resources, modules, state
  • CDK — write infrastructure in TypeScript/Python
  • Remote state with S3 + DynamoDB locking
  • CI/CD for infrastructure (Terraform in pipelines)
  • Tagging strategies and cost allocation

Key tools

TerraformCloudFormationCDKAWS SAM
Phase 8

Monitoring & Security

CloudWatch, GuardDuty, and compliance

Advanced3–4 weeks

What to learn

  • CloudWatch — metrics, alarms, dashboards, Logs Insights
  • CloudTrail — audit logging and compliance
  • GuardDuty — threat detection
  • Security Hub — centralized security posture
  • WAF and Shield for DDoS protection
  • KMS and Secrets Manager for encryption
  • Config Rules for compliance automation

Key tools

CloudWatchCloudTrailGuardDutyKMSWAF

Frequently Asked Questions

Common questions about the AWS Cloud Engineer roadmap

1Which AWS certification should I get first?
Start with AWS Solutions Architect Associate (SAA-C03). It covers core services — EC2, S3, VPC, IAM, RDS, Lambda — and is the most recognized AWS cert for DevOps and cloud roles.
2How long does it take to learn AWS?
Core AWS services can be learned in 6–8 weeks. The full roadmap covering compute, networking, security, serverless, containers (ECS/EKS), and DevOps automation takes 4–6 months.
3Is AWS harder than Azure or GCP?
AWS has the most services (200+), which can feel overwhelming. But it has the best documentation and largest community. For DevOps roles, AWS is the most commonly required cloud platform.
4What AWS services should a DevOps engineer know?
Core services: EC2, S3, VPC, IAM, RDS, Lambda, ECS/EKS, CloudFormation, CodePipeline, CloudWatch, Route 53, ALB/NLB, Secrets Manager, and Systems Manager.
5How much does AWS cost to practice?
AWS Free Tier covers 12 months of t2.micro EC2, S3 (5GB), Lambda (1M requests), and more. For hands-on labs, budget $20–50/month and always set billing alerts.
Explore More Roadmaps