Skip to main content

The Complete AWS Learning Roadmap — From Zero to Solutions Architect

· 11 min read
Goel Academy
Goel Academy
DevOps & Cloud Learning Hub

You've decided to learn AWS. You've opened the AWS console, stared at 200+ services, and immediately felt overwhelmed. That's normal — AWS is massive. But here's the thing: you don't need to learn all 200 services. You need about 30 core services to be genuinely dangerous, and you can learn them in a structured 6-month plan. This roadmap gives you weekly goals, monthly checkpoints, certification guidance, and hands-on labs that build on each other.

The 6-Month Learning Plan

Month 1: Cloud Foundations and Core Compute

The goal this month is to understand what cloud computing actually is and get comfortable with the two most fundamental services — IAM and EC2.

Week 1-2: Cloud Concepts and IAM

  • What is cloud computing (IaaS, PaaS, SaaS)
  • AWS global infrastructure (Regions, AZs, Edge Locations)
  • Create an AWS account, set up MFA on root
  • IAM deep dive: users, groups, roles, policies
  • AWS CLI installation and configuration
# Your first CLI commands
aws configure
aws sts get-caller-identity
aws iam list-users
aws iam create-user --user-name developer

Read: Getting Started with AWS and AWS IAM Deep Dive

Week 3-4: EC2 and Compute

  • Launch instances (console and CLI)
  • Instance types, AMIs, key pairs
  • Security Groups, Elastic IPs
  • EBS volumes (gp3, io2, snapshots)
  • User data scripts, instance metadata
  • Auto Scaling Groups basics
# Launch your first instance
aws ec2 run-instances \
  --image-id ami-0c55b159cbfafe1f0 \
  --instance-type t3.micro \
  --key-name my-key \
  --security-group-ids sg-abc123 \
  --subnet-id subnet-abc123 \
  --tag-specifications 'ResourceType=instance,Tags=[{Key=Name,Value=my-first-instance}]'

Read: AWS EC2 Complete Guide

Monthly Self-Check:

  • Can you create an IAM user with specific permissions from the CLI?
  • Can you launch, stop, and terminate EC2 instances?
  • Can you explain the Shared Responsibility Model?
  • Can you SSH into an instance and install software?

Month 2: Storage, Networking, and Databases

Week 5-6: S3 and Storage

  • S3 buckets, objects, versioning
  • Storage classes and lifecycle policies
  • Bucket policies and ACLs
  • S3 encryption (SSE-S3, SSE-KMS, SSE-C)
  • Static website hosting on S3
  • S3 security best practices

Read: AWS S3 Masterclass and S3 Security Deep Dive

Week 7-8: VPC Networking and RDS

  • VPC design (CIDR, subnets, route tables)
  • Internet Gateway, NAT Gateway
  • Security Groups vs NACLs
  • VPC Peering, VPC Endpoints
  • RDS setup (PostgreSQL/MySQL)
  • Multi-AZ, Read Replicas, backups
# Create a VPC from scratch
aws ec2 create-vpc --cidr-block 10.0.0.0/16
aws ec2 create-subnet --vpc-id vpc-abc123 --cidr-block 10.0.1.0/24 --availability-zone us-east-1a
aws ec2 create-internet-gateway
aws ec2 attach-internet-gateway --internet-gateway-id igw-abc123 --vpc-id vpc-abc123

Read: AWS VPC Networking, Advanced Networking, and RDS Databases

Monthly Self-Check:

  • Can you design a VPC with public and private subnets?
  • Can you set up an S3 bucket with lifecycle rules and encryption?
  • Can you launch an RDS instance in a private subnet?
  • Can you explain the difference between Security Groups and NACLs?

Month 3: Application Services and Automation

Week 9-10: Serverless and Messaging

  • Lambda functions (Python/Node.js)
  • API Gateway (REST and HTTP APIs)
  • SQS queues and SNS topics
  • Event-driven architectures
  • Step Functions for workflows

Read: AWS Lambda Serverless and SQS & SNS Messaging

Week 11-12: Load Balancing, Auto Scaling, and DNS

  • ALB, NLB, and target groups
  • Auto Scaling policies (target tracking, step, scheduled)
  • Route 53 hosted zones and routing policies
  • Health checks and failover
  • CloudWatch alarms integration

Read: AWS Load Balancing, Auto Scaling, and Route 53 DNS

Monthly Self-Check:

  • Can you build a serverless API (API Gateway + Lambda + DynamoDB)?
  • Can you set up an ALB with Auto Scaling behind it?
  • Can you configure Route 53 with a failover routing policy?
  • Can you create an SQS queue and process messages with Lambda?

Month 4: Infrastructure as Code and CI/CD

Week 13-14: CloudFormation and Terraform

  • CloudFormation templates (YAML)
  • Stacks, change sets, nested stacks
  • Terraform basics (HCL, providers, state)
  • Terraform with AWS (VPC, EC2, RDS, S3)
  • Remote state with S3 + DynamoDB
# Your first Terraform resource
resource "aws_s3_bucket" "my_bucket" {
  bucket = "my-learning-bucket-${random_id.suffix.hex}"

  tags = {
    Environment = "learning"
    ManagedBy   = "terraform"
  }
}

Read: AWS CloudFormation and Terraform on AWS

Week 15-16: CI/CD and Automation

  • CodePipeline, CodeBuild, CodeDeploy
  • Buildspec.yml configuration
  • Deployment strategies (rolling, blue/green)
  • AWS CLI scripting and automation
  • Systems Manager for operations

Read: CI/CD on AWS and AWS CLI Automation

Monthly Self-Check:

  • Can you write a CloudFormation template that deploys a VPC with EC2?
  • Can you set up Terraform with remote state on S3?
  • Can you build a CI/CD pipeline with CodePipeline?
  • Can you use Systems Manager Run Command to execute scripts on instances?

Month 5: Containers, Security, and Monitoring

Week 17-18: Containers on AWS

  • Docker fundamentals on AWS
  • ECS with Fargate (task definitions, services)
  • ECR for container images
  • EKS basics (if you need Kubernetes)
  • Container networking and logging

Read: ECS and Fargate and EKS Deep Dive

Week 19-20: Security and Monitoring

  • Security Hub and GuardDuty
  • Secrets Manager and Parameter Store
  • KMS encryption
  • CloudWatch metrics, logs, and alarms
  • CloudTrail for audit logging
  • AWS Config for compliance
# Enable GuardDuty
aws guardduty create-detector --enable

# Create a CloudWatch alarm
aws cloudwatch put-metric-alarm \
  --alarm-name high-cpu \
  --metric-name CPUUtilization \
  --namespace AWS/EC2 \
  --statistic Average \
  --period 300 \
  --threshold 80 \
  --comparison-operator GreaterThanThreshold \
  --evaluation-periods 2 \
  --alarm-actions arn:aws:sns:us-east-1:123456789012:alerts

Read: CloudWatch Monitoring, Security Hub, Secrets Manager, and AWS Organizations

Monthly Self-Check:

  • Can you deploy a containerized app on ECS Fargate?
  • Can you set up CloudWatch dashboards and alarms?
  • Can you enable and configure Security Hub?
  • Can you use Secrets Manager to store and retrieve credentials?

Month 6: Architecture, Optimization, and Certification Prep

Week 21-22: Architecture Patterns

  • Well-Architected Framework (6 pillars)
  • Multi-account strategy with Control Tower
  • Disaster recovery strategies (backup/restore, pilot light, warm standby, multi-site)
  • Cost optimization techniques

Read: Well-Architected Framework, Control Tower Landing Zone, Disaster Recovery, and Cost Optimization

Week 23-24: Performance, Review, and Certification

  • Performance optimization (CloudFront, ElastiCache, DAX)
  • Review all previous topics
  • Take practice exams
  • Schedule and pass your certification

Read: AWS Performance at Scale and AWS Interview Questions

Monthly Self-Check:

  • Can you design a multi-tier, highly available architecture on a whiteboard?
  • Can you explain cost optimization strategies for a $10K/month bill?
  • Can you pass a practice exam with 80%+?
  • Can you describe DR strategies and when to use each?

AWS Certification Path

CertificationDifficultyStudy TimeWhen to Take
Cloud Practitioner (CLF-C02)Beginner2-4 weeksAfter Month 2
Solutions Architect Associate (SAA-C03)Intermediate6-8 weeksAfter Month 5-6
Developer Associate (DVA-C02)Intermediate4-6 weeksAfter SAA if dev-focused
SysOps Administrator Associate (SOA-C02)Intermediate4-6 weeksAfter SAA if ops-focused
DevOps Engineer Professional (DOP-C02)Advanced8-12 weeksAfter 2 Associates
Solutions Architect Professional (SAP-C02)Advanced10-14 weeksAfter SAA + 1 year experience
Security Specialty (SCS-C02)Advanced6-8 weeksAfter SAA + security focus

Recommended path for DevOps Engineers: Cloud Practitioner (optional) → Solutions Architect Associate → DevOps Engineer Professional

Recommended path for Solutions Architects: Cloud Practitioner → Solutions Architect Associate → Solutions Architect Professional

# Track your exam readiness with practice tests
# Free: AWS Skill Builder (official practice questions)
# Paid: Tutorials Dojo, Adrian Cantrill, Stephane Maarek

Skills Checklist

Track your progress — you should be able to do all of these by the end of 6 months:

#SkillStatus
1Create and manage IAM users, roles, and policies
2Launch and configure EC2 instances
3Design and build VPCs with public/private subnets
4Configure S3 buckets with security and lifecycle rules
5Set up RDS databases with Multi-AZ and backups
6Write Lambda functions triggered by events
7Build a CI/CD pipeline (CodePipeline or GitHub Actions)
8Deploy containers on ECS Fargate
9Write CloudFormation templates or Terraform configs
10Configure CloudWatch alarms and dashboards
11Set up ALB with Auto Scaling Groups
12Use Route 53 for DNS management
13Implement encryption with KMS
14Use Secrets Manager for credential management
15Configure Security Hub and GuardDuty
16Implement S3 cross-region replication
17Set up CloudFront distributions
18Use SQS/SNS for decoupled architectures
19Manage multi-account setups with Organizations
20Design disaster recovery architectures
21Optimize AWS costs (right-sizing, Savings Plans)
22Troubleshoot networking issues (VPC flow logs, reachability)

Career Paths

RoleFocusKey ServicesSalary Range (US)
Cloud EngineerInfrastructure, migrationEC2, VPC, RDS, CloudFormation$100K - $150K
DevOps EngineerCI/CD, automation, containersCodePipeline, ECS/EKS, Terraform, Lambda$120K - $170K
Solutions ArchitectDesign, customer-facingAll services, Well-Architected$130K - $180K
Cloud Security EngineerSecurity, complianceIAM, GuardDuty, Security Hub, KMS$130K - $175K
SREReliability, observabilityCloudWatch, Auto Scaling, Lambda, EKS$130K - $180K

Practice Resources

Free:

  • AWS Free Tier (12 months of free EC2, S3, RDS)
  • AWS Skill Builder (free courses and practice questions)
  • AWS Well-Architected Labs (hands-on exercises)
  • AWS Workshops (workshop.aws — guided labs)

Paid (worth the investment):

  • Adrian Cantrill's courses (best visual explanations)
  • Stephane Maarek on Udemy (comprehensive, exam-focused)
  • Tutorials Dojo practice exams (closest to real exam difficulty)
  • A Cloud Guru / Pluralsight (video + labs)
# Set up a budget alert so you don't get surprised
aws budgets create-budget \
  --account-id $(aws sts get-caller-identity --query Account --output text) \
  --budget '{
    "BudgetName": "MonthlyLimit",
    "BudgetLimit": {"Amount": "10", "Unit": "USD"},
    "TimeUnit": "MONTHLY",
    "BudgetType": "COST"
  }' \
  --notifications-with-subscribers '[{
    "Notification": {
      "NotificationType": "ACTUAL",
      "ComparisonOperator": "GREATER_THAN",
      "Threshold": 80,
      "ThresholdType": "PERCENTAGE"
    },
    "Subscribers": [{
      "SubscriptionType": "EMAIL",
      "Address": "your-email@example.com"
    }]
  }]'

All 29 Previous Posts — Organized by Topic

Use these references as deep dives for each topic in the roadmap:

Getting Started

  1. Getting Started with AWS — Account setup, console tour, first services

Identity and Security 2. AWS IAM Deep Dive — Users, roles, policies, best practices 16. S3 Security Deep Dive — Bucket policies, encryption, access control 19. AWS Secrets Manager — Credential management and rotation 22. AWS Security Hub — Centralized security findings 23. AWS Organizations — Multi-account management and SCPs 27. AWS Control Tower Landing Zone — Multi-account landing zone setup

Compute 4. AWS EC2 Complete Guide — Instance types, AMIs, EBS, user data 8. AWS Lambda Serverless — Functions, triggers, patterns 10. ECS and Fargate — Container orchestration on AWS 25. EKS Deep Dive — Production Kubernetes on AWS

Storage 3. AWS S3 Masterclass — Buckets, storage classes, lifecycle

Networking 5. AWS VPC Networking — VPC design, subnets, gateways 11. Route 53 DNS — DNS management and routing policies 14. AWS Load Balancing — ALB, NLB, target groups 15. Auto Scaling — ASG policies, scaling strategies 18. Advanced Networking — Transit Gateway, PrivateLink, Direct Connect

Databases 7. AWS RDS Databases — Setup, Multi-AZ, Read Replicas

Application Integration 13. SQS & SNS Messaging — Queues, topics, event-driven design

Monitoring and Operations 6. AWS CLI Automation — CLI scripting and automation 12. CloudWatch Monitoring — Metrics, logs, alarms, dashboards

Infrastructure as Code 9. AWS CloudFormation — Templates, stacks, nested stacks 26. Terraform on AWS — Terraform vs CloudFormation, AWS patterns

CI/CD 24. CI/CD on AWS — CodePipeline, CodeBuild, CodeDeploy

Architecture and Operations 17. Cost Optimization — Right-sizing, Savings Plans, cost management 20. Disaster Recovery — DR strategies and implementation 21. Well-Architected Framework — Six pillars, review process 28. Performance at Scale — CloudFront, ElastiCache, Global Accelerator

Career Prep 29. AWS Interview Questions — 50 questions for DevOps and SA roles

Learning AWS is a marathon, not a sprint. Follow this roadmap week by week, build real projects in the free tier, and don't just watch videos — get your hands dirty in the console and CLI. Every service you learn makes the next one easier because AWS services are designed to work together. Start with Month 1, set up your budget alert so you don't get a surprise bill, and begin building. Six months from now, you'll look back at the 200-service console and know exactly which ones matter and how they fit together.