roadmap updated 2026-06-01
Cloud Engineer Roadmap
Master cloud architecture on AWS, Azure, or GCP — from networking and IAM to serverless, cost optimization, and multi-cloud governance. Build scalable, secure, and cost-efficient cloud infrastructure.
Phase 1 — Beginner
Learn core cloud services, identity management, and foundational networking concepts on at least one major cloud provider.
AWS CLITerraformAWS IAMAzure PortalGCP Console
Phase 2 — Intermediate
Design highly available, fault-tolerant architectures and automate cloud resource management with IaC and cost governance.
AWS EKSTerraformCloudFormationAWS RDSLambda
Phase 3 — Advanced
Architect multi-cloud and hybrid cloud solutions, implement landing zones, and drive cloud governance and cost optimization at scale.
AWS Control TowerAzure Landing ZonesTerragruntAWS OrganizationsCloud Custodian
The path: Beginner → Intermediate → Advanced
Beginner
Focus: Learn core cloud services, identity management, and foundational networking concepts on at least one major cloud provider.
Skills to build
- Cloud computing fundamentals: IaaS, PaaS, SaaS models
- AWS/Azure/GCP core services: compute, storage, networking
- Identity and access management (IAM) principles
- Virtual private cloud (VPC) design: subnets, routing, security groups
- Cloud CLI and SDK usage
- Object storage, block storage, and file storage differences
- Basic cost monitoring and billing concepts
- Infrastructure as code introduction with Terraform or CloudFormation
Tools to learn
- AWS CLI
- Terraform
- AWS IAM
- Azure Portal
- GCP Console
- S3
Intermediate
Focus: Design highly available, fault-tolerant architectures and automate cloud resource management with IaC and cost governance.
Skills to build
- High availability and multi-AZ architecture design
- Auto-scaling groups, load balancers, and traffic management
- Managed Kubernetes (EKS, AKS, GKE) deployment and operations
- Serverless architecture with Lambda, Cloud Functions, or Azure Functions
- Database services: RDS, DynamoDB, Cloud SQL, Cosmos DB
- Cloud security best practices: GuardDuty, Security Center, SCC
- FinOps fundamentals: right-sizing, reserved instances, savings plans
- Networking: VPN, Direct Connect, Transit Gateway, peering
Tools to learn
- AWS EKS
- Terraform
- CloudFormation
- AWS RDS
- Lambda
- CloudWatch
- Azure Monitor
Advanced
Focus: Architect multi-cloud and hybrid cloud solutions, implement landing zones, and drive cloud governance and cost optimization at scale.
Skills to build
- Multi-cloud architecture patterns and vendor lock-in mitigation
- Cloud landing zone design with AWS Control Tower or Azure Landing Zones
- Advanced networking: BGP, ExpressRoute, AWS Direct Connect
- Cloud disaster recovery: RPO/RTO design and multi-region failover
- Cost optimization at scale: chargeback, showback, and FinOps practice
- Cloud governance with SCPs, Azure Policy, and org policies
- Well-Architected Framework reviews and remediation
- Cloud migration strategies: 6Rs and migration factory approach
Tools to learn
- AWS Control Tower
- Azure Landing Zones
- Terragrunt
- AWS Organizations
- Cloud Custodian
- Infracost
Labs to practice
Interview questions to prepare
- How would you design a highly available, fault-tolerant three-tier application on AWS?
- Explain the difference between a security group and a network ACL in AWS.
- How do you implement least-privilege IAM access across multiple AWS accounts?
- What are the 6Rs of cloud migration and when would you use each strategy?
- How do you detect and remediate cloud infrastructure cost anomalies?
- Describe a multi-region disaster recovery architecture with a sub-1-hour RTO.
- What is a cloud landing zone and what components does it typically include?
- How would you manage Terraform state for 50+ AWS accounts?
Certification suggestions
- AWS Certified Solutions Architect – Associate — Amazon Web Services
- AWS Certified Solutions Architect – Professional — Amazon Web Services
- Google Professional Cloud Architect — Google Cloud
- Microsoft Certified: Azure Solutions Architect Expert — Microsoft
- HashiCorp Certified: Terraform Associate — HashiCorp
See exam formats, costs and official links in the certification registry.
Free resources
- AWS Architecture Center
- AWS Well-Architected Framework
- Google Cloud Architecture Center
- Azure Architecture Center
- Terraform AWS Provider Documentation
Portfolio project ideas
- Build a multi-tier web application on AWS with VPC, ALB, Auto Scaling Groups, RDS Multi-AZ, and CloudFront, fully provisioned with Terraform
- Design and implement a multi-account AWS organization with Control Tower, SCPs, and centralized logging to a security account
- Create a serverless data processing pipeline using Lambda, SQS, DynamoDB, and API Gateway with infrastructure as code
- Implement a cloud cost management dashboard showing per-team chargeback using AWS Cost Explorer and Grafana
Mistakes to avoid
- Using root account credentials for day-to-day operations instead of IAM roles with least privilege
- Deploying all resources in a single AWS account without account-level isolation for environments
- Ignoring cloud costs until the bill arrives — implement cost budgets and anomaly detection from day one
- Not tagging resources consistently — without tags, cost allocation and governance become impossible
- Underestimating egress costs in multi-region or hybrid architectures
Keep going
- Follow the structured CloudOps 90-Day Learning Path
- Explore Cloud Tools
- Explore Infrastructure as Code Tools
- Explore Cloud Management Tools
- Explore FinOps Tools
- Explore Kubernetes Management Platforms
- Want guided, instructor-led training? See DevOpsSchool.com courses (paid).