Cloud Engineer Roadmap for Beginners
A 14-month path from zero to junior Cloud Engineer. Linux, AWS, Terraform, Docker, Kubernetes, and CI/CD — in the right order, no prior cloud experience needed.
What a Cloud Engineer does
What is this roadmap and who is it for?
A cloud engineer designs, builds, and operates the infrastructure that modern software runs on. That means spinning up compute, configuring networks, automating deployments, securing access, and keeping services running reliably at scale — without managing physical hardware.This roadmap follows the order the industry actually expects: Linux and networking first, then cloud provider fundamentals, then infrastructure as code and containers, then serverless and CI/CD, then security and multi-cloud architecture. Every layer is built on the one before it.One thing we want to be upfront about — cloud engineering has one of the widest tool ecosystems in all of tech. The right approach is to go deep on the fundamentals first and add tools only once you understand the problem each one solves. This roadmap is built around that principle.
Before you start — 3 Things to Keep in Mind
- 1Learn Linux before you touch a cloud console. Almost everything runs on it — the command line isn't optional here.
- 2Always destroy cloud resources after practice. One forgotten EC2 instance left running overnight can cost more than a month's course subscription.
- 3Build real things on a free tier, not just follow tutorials. A web app you actually deployed teaches more than five walkthroughs that always work perfectly.
Estimated duration
This roadmap takes 14 months at a pace of 15 to 20 hours per week.
If you can only commit 10 hours per week, plan for 18 to 22 months.
Consistency matters far more than speed.
Before you begin — what you need
- 1A computer — Windows, Mac, or Linux. WSL2 on Windows gives you a Linux environment for free.
- 2A free AWS account — the free tier is sufficient for most of this roadmap.
- 3A GitHub account — free, and where all your portfolio projects will live.
- 4A code editor — VS Code is free and has excellent extensions for Terraform, Docker, and cloud tools.
- 5A basic comfort with English, since most cloud documentation, error messages, and certifications are written in it.
- 6No prior cloud or infrastructure experience needed — this roadmap starts from zero.
How cloud engineering evolved over time.
Mainframes, Time-Sharing, and the First Virtual Machines
The earliest computers were expensive and shared — multiple users accessed one mainframe simultaneously. IBM's VM/370 in the 1970s let multiple operating systems run on one machine, planting the seed of virtualisation. The modern hypervisor (VMware, Hyper-V) arrived in the early 2000s, making it practical to run many virtual machines on one physical server.
AWS Launches and Cloud Computing Becomes Real
Amazon Web Services launched S3 (object storage) and EC2 (virtual compute) in 2006. For the first time, any developer could rent a server for pennies per hour without buying hardware. Google App Engine followed in 2008. Microsoft Azure launched in 2010. The idea that infrastructure could be rented on demand, at any scale, changed everything about how software was built and operated.
DevOps, IaC, and the Automation Revolution
As cloud usage grew, so did the pain of configuring servers by hand. Configuration management tools like Chef and Puppet (early 2010s) let engineers describe server state as code. Terraform arrived in 2014 and made cloud provisioning declarative — describe what you want, and Terraform figures out how to create it. Version control for infrastructure became the new normal.
Docker and Kubernetes: The Container Era
Docker (2013) made containers practical and accessible — a single, portable package containing an application and all its dependencies. Kubernetes, open-sourced by Google in 2014, solved the harder problem: how do you manage hundreds of containers across dozens of machines? These two tools shifted architectures from monolithic VMs to microservices, and they remain the dominant runtime model in 2026.
Serverless, Managed Services, and Cloud-Native
AWS Lambda launched in 2014 and the serverless model took hold: deploy a function, pay only when it runs, let the cloud handle the server. Cloud providers raced to offer managed versions of every component — managed databases, managed Kubernetes, managed message queues — abstracting away the operations work that used to occupy entire teams.
Multi-Cloud, Platform Engineering, and AI-Assisted Ops
Organisations stopped betting on a single vendor and started distributing workloads across AWS, Azure, and GCP based on best fit. GitOps — using Git as the source of truth for infrastructure state — became standard. Platform engineering emerged as a discipline: internal teams building self-service cloud platforms for developers. And AI-assisted tooling started appearing in monitoring, security, and infrastructure generation workflows.
In 2026, the cloud computing market is expected to exceed $900 billion. AWS holds around 32% global market share, with Azure and GCP close behind. Cloud engineers command a roughly 40% salary premium over non-cloud IT roles. And the job title has expanded — Cloud Engineer, Cloud DevOps, Infrastructure Engineer, Platform Engineer — but the skills are the same: Linux, networking, one cloud platform deeply, Terraform, containers, and the discipline to automate everything and document what you build.
What's shaping cloud engineering in 2026.
Platform Engineering Is the Next Evolution of DevOps
Companies are building internal developer platforms (IDPs) that give developers self-service access to cloud environments without needing to understand the infrastructure underneath. Platform teams build the abstractions — Terraform modules, Kubernetes templates, CI/CD blueprints — that other teams consume. It's DevOps with a product mindset, and it's one of the fastest-growing specialisations in the field.
GitOps Has Become the Deployment Standard
Git is now the source of truth for both application code and infrastructure state. Tools like ArgoCD and Flux automatically reconcile cluster state with what's in the repository — meaning any manual change gets overwritten. Everything is versioned, everything is auditable, and rollbacks are just git reverts.
AI Tools Are Inside the Pipeline
Generative AI tools are embedded in cloud engineering workflows — auto-generating Terraform configs, suggesting security fixes, analysing logs at scale, and predicting infrastructure incidents. Engineers who can work alongside these tools are measurably more productive. The judgment layer — architecture decisions, trade-off analysis, production debugging — remains human.
DevSecOps Is Now Baseline Practice
Security checks live inside CI/CD pipelines, not at the end of a release cycle. Container image scanning, secret detection, IAM policy validation, and infrastructure compliance checks run on every commit. Cloud engineers who understand security automation — not just cloud services — are significantly more hireable.
Multi-Cloud Is the Architecture, Not the Exception
Most organisations above a certain scale run workloads on more than one cloud. AWS for core infrastructure, GCP for AI/ML services, Azure for Microsoft integrations — the combination is intentional. Terraform and Kubernetes work across all three, making portability achievable for engineers who understand the abstractions beneath the provider-specific names.
The honest state of cloud engineering jobs in 2026.
What's happening in the market
Demand Is Strong and Broad
Cloud adoption continues to grow at double-digit rates. The market is expected to exceed $900 billion in 2026. Cloud engineers command roughly a 40% salary premium over non-cloud IT roles, and junior positions in tech hubs start at $80K to $120K. Remote work is common, and the skills transfer across every industry.
Projects Beat Certificates
Around 96% of IT professionals hold certifications — which means certification alone is no longer a differentiator. Hiring managers consistently say they want to see working projects. Deployed infrastructure on GitHub, a live URL, an architecture diagram with real decisions explained — these are what get junior candidates through the first screen.
Every Industry Needs Cloud
Finance, healthcare, retail, gaming, logistics, government — any organisation that runs software on servers is a potential employer. Non-tech industries often hire junior talent more readily than pure tech companies, and domain knowledge alongside cloud skills creates genuinely rare profiles.
AI Is an Enabler, Not a Replacement
AI tools automate repetitive tasks — config generation, anomaly detection, log analysis. But architecture decisions, production incident response, and cross-team coordination require human judgment that AI doesn't provide. Engineers who use AI tools well will be more productive. The strategic and diagnostic work remains human.
What you can do instead — or as well
Site Reliability Engineering (SRE)
SRE applies software engineering to reliability problems — defining SLOs, building error budgets, and automating incident response. It's a direct extension of cloud engineering with a stronger focus on system behaviour over time. Google pioneered the discipline and most large tech companies now have SRE teams.
Cloud Security Engineering
Specialising in cloud security — IAM architecture, zero-trust networks, compliance automation, threat detection — is one of the highest-paying paths in the field. Security skills are in shorter supply than general cloud skills, and the gap between demand and available talent is growing.
MLOps
Building the infrastructure for machine learning — model training pipelines, feature stores, serving infrastructure, experiment tracking — uses almost every cloud engineering skill with ML-specific tools added on top. MLOps roles are in high demand and pay significantly above standard cloud rates.
Freelance Cloud Engineering
Small companies and startups frequently need cloud help on a per-project basis — setting up CI/CD, migrating to cloud, containerising legacy apps, building Terraform modules. Platforms like Upwork and Toptal both have active cloud engineering categories. Freelance work is a real path that doesn't require a full-time junior role first.
Cloud Architecture Consulting
After 2 to 3 years as a cloud engineer, moving into architecture consulting — helping companies design their cloud strategy and infrastructure patterns — is a natural progression. Consulting firms and independent consultants both earn well above average engineering rates for this work.
Cloud engineering is one of the most durable technical skills you can build in 2026 — the market is growing, the salaries are strong, and the work is genuinely interesting. The 14-month timeline reflects the real depth the role requires. Engineers who rush through it produce portfolios that look right from the outside and break the moment someone asks why they made a particular design decision.
Your step-by-step guide.
Foundation
The ground everything else stands on
3 steps
Core Skills
The must-have tools of the job
3 steps
Advanced
What separates beginners from job-ready developers
3 steps
Professional
The layer that makes you hireable
5 steps
A simple 14-month learning path.
Linux Foundations
Command line navigation, file permissions, process management, SSH, text processing with grep and awk, Bash scripting basics
Networking and Git
OSI model, TCP/IP, DNS, HTTP/S, subnetting, firewalls, Git daily workflow, GitHub, .gitignore, and README habits
Scripting and Cloud Basics
Python for cloud automation, boto3, cloud IaaS concepts, launch first EC2, S3 static website, billing alerts
Cloud Core Services
VPCs and subnets, security groups, IAM roles and policies, load balancers, auto scaling, cloud CLI for everything
Databases and Storage Patterns
RDS setup and security, DynamoDB basics, ElastiCache, S3 lifecycle policies, encryption at rest, private subnet placement
Infrastructure as Code — Terraform
Terraform resources, state, modules, variables, remote backend on S3, three-tier application in code, terraform plan in CI
Docker and Containers
Dockerfiles, multi-stage builds, Docker Compose, ECR, image scanning with Trivy, container networking basics
Kubernetes — Foundations
Pods, Deployments, Services, ConfigMaps, Secrets, kubectl, YAML manifests, Minikube and managed cluster (EKS or GKE)
Kubernetes — Advanced and Serverless
Ingress, HPA, Helm, persistent volumes, RBAC, AWS Lambda, API Gateway, event-driven patterns with SQS and SNS
CI/CD Pipelines
GitHub Actions workflows, Docker builds in CI, Terraform CI, GitOps with ArgoCD, AWS OIDC, deployment strategies
Monitoring and Observability
CloudWatch dashboards and alarms, Prometheus and Grafana on Kubernetes, distributed tracing with X-Ray, SLOs and SLIs
Security and Compliance
Checkov for Terraform, Secrets Manager, HTTPS and ACM, container security hardening, AWS Security Hub, IAM least privilege audit
Multi-Cloud and Architecture
Well-Architected Framework review, multi-AZ and disaster recovery, cost optimisation, second cloud provider basics, architecture diagrams
Portfolio and Interview Prep
Polish and deploy 4 complete projects, write architecture case studies, practice interview questions, certifications (AWS SAA or AZ-104)
What to focus on first.
Linux
Cloud servers run Linux. Every SSH session, every log file, every deployment script assumes command-line fluency. Without it, every subsequent tool produces friction that compounds across the entire 14 months.
Networking
VPCs, security groups, subnets, load balancers, and DNS are all networking concepts with cloud names. Engineers who understand TCP/IP, CIDR, and DNS debug cloud connectivity issues in minutes. Engineers who don't spend hours restarting services hoping something changes.
Git and Scripting
Infrastructure as code starts with version control. Bash and Python scripting turn manual tasks into automation. Both are used every single day in cloud engineering and are prerequisites for every tool that follows.
Cloud Core Services
Compute, storage, networking, and IAM are the four primitives that every cloud service is built from. Knowing one provider's implementations deeply — before touching multi-cloud or abstractions — is what makes everything else learnable.
Terraform
Infrastructure that isn't code can't be reviewed, versioned, or reproduced. Terraform is the most widely used IaC tool in 2026 and comes up in the vast majority of cloud engineering interviews. Learning it early turns every subsequent project into portfolio-quality work.
Docker
Containers are how modern applications are packaged and deployed. Kubernetes, ECS, serverless functions, and CI/CD pipelines all work with container images. Docker is the entry point to all of that.
Kubernetes
Kubernetes is the industry standard for running containerised workloads. Complex at first, but the model is consistent — and almost every advanced cloud topic (GitOps, service mesh, platform engineering) assumes you understand it.
Serverless
Serverless is the most cost-efficient architecture for many workloads and the most common pattern for junior project portfolios. Building a complete serverless application — Lambda, API Gateway, DynamoDB, CI/CD — demonstrates compute, networking, storage, IAM, and deployment skills all in one project.
CI/CD
Deployment pipelines are what make cloud infrastructure maintainable at team scale. Engineers who can build, debug, and optimise CI/CD pipelines are directly responsible for how fast teams ship and how safely they do it.
Monitoring
A deployed system with no monitoring is a system you can only debug by reading user complaints. Dashboards, alerts, and logs are what separate engineers who operate production systems from those who only deploy them.
Security
Security misconfigurations — public S3 buckets, over-permissive IAM, unencrypted storage, hardcoded credentials — are how cloud accounts get compromised and how junior portfolios get flagged in interviews. Engineers who build security in from the first resource are the ones companies trust with production.
Multi-Cloud and Portfolio
The Well-Architected Framework, multi-AZ design, and cost optimisation are the decision-making vocabulary of cloud architecture conversations. A portfolio of four deployed, documented, and secured projects is the only thing that proves you can apply all of the above together.
Problems every beginner faces — and how to get through them.
The Service Catalogue Is Overwhelming
What it looks like
You open the AWS console and count 200+ services. You don't know which ones matter and which are edge cases. You start learning everything at once and make slow progress on all of it.
How to get through it
Follow this roadmap's sequence for the first six months without deviation. EC2, S3, VPC, IAM, RDS — in that order. Every other service becomes learnable once these are solid, because you'll recognise the patterns. Add new services only when a project genuinely needs them.
Unexpected Cloud Bills
What it looks like
You forget to stop a cloud resource after practice and receive a bill at the end of the month that you didn't budget for.
How to get through it
Set a billing alert for $10 before starting any cloud work — on every account, every time. Destroy resources after every practice session: terraform destroy, terminate EC2 instances, delete NAT Gateways (they cost ~$32/month running idle). One destroyed NAT Gateway saves $32. One forgotten EMR cluster running overnight costs more than a course subscription.
Jumping Straight to Terraform and Kubernetes
What it looks like
You see infrastructure as code everywhere and want to skip the manual setup phase. You write Terraform without understanding what the resources actually do, and when something breaks you have no mental model to debug against.
How to get through it
Build everything manually first. Launch the VPC in the console, configure the security groups by hand, SSH into the instance. Understand each step. Then script it. The manual phase isn't wasted time — it's the knowledge that makes automation debuggable.
Kubernetes Confusion Before It Clicks
What it looks like
You read the documentation and have no mental model for what a pod is vs a deployment vs a service. You copy YAML from the internet, it works once, then breaks when you change something.
How to get through it
Start with Minikube and deploy one simple application end-to-end before reading any architecture documentation. Run kubectl describe and kubectl logs every time something doesn't work. The concepts click after you've used them on real workloads, not before.
Credentials in Code
What it looks like
You hardcode AWS access keys or database passwords in a script, commit it to GitHub, and a few hours later get an email from AWS about unusual API activity.
How to get through it
Add .gitignore to every project before the first commit. Use environment variables and .env files for all credentials. Use AWS OIDC in GitHub Actions instead of long-lived keys. Use Secrets Manager for application secrets. The habit is easy to build before the first incident. It's very hard to rebuild trust after one.
Imposter Syndrome in a Field Full of Certifications
What it looks like
Everyone in cloud forums seems to have AWS SAA, Azure Expert, GCP Pro, and twelve other certifications. You feel like you need all of them before applying to anything.
How to get through it
One deployed, documented, secure project proves more than any certification alone. AWS Cloud Practitioner is a useful baseline. AWS Solutions Architect Associate is genuinely valuable. Beyond that, your time is better spent building projects than collecting badges. Certifications prove you know the vocabulary. Projects prove you can build things.
Can't Get the First Cloud Role
What it looks like
Junior cloud job postings ask for two years of AWS experience and existing certifications. You feel like the entry requirements are circular.
How to get through it
Four deployed projects on GitHub with architecture diagrams, Terraform code, and real READMEs get junior interviews. Cloud meetups, AWS game days, open-source contributions, and freelance gigs on Upwork all build experience and network simultaneously. Consider internships at consulting firms — many entry-level cloud roles come through IT consulting, not tech companies directly.
You're ready for a junior Cloud Engineer role when you can….
Navigate, administer, and troubleshoot a Linux server from the command line without looking anything up.
Set up a VPC with public and private subnets, launch an EC2 instance, configure IAM roles, and explain every decision — using only the CLI.
Write Terraform that provisions a complete multi-tier environment from scratch — apply, verify, destroy, and apply again to prove it's reproducible.
Containerise an application with Docker and deploy it to a Kubernetes cluster using Helm — with a HorizontalPodAutoscaler and an Ingress.
Build a serverless API with Lambda, API Gateway, and DynamoDB — deployed with Terraform and a working CI/CD pipeline.
Set up a monitoring dashboard in CloudWatch or Grafana with an alert that fires on a real threshold — and demonstrate triggering and resolving it.
Run Checkov against your Terraform code, fix every HIGH severity finding, and explain what each vulnerability meant and how you fixed it.
Build a GitHub Actions pipeline that runs tests, builds a Docker image, and deploys to a cloud environment automatically on every merge to main.
A good junior cloud engineer isn't someone who knows every AWS service. They understand the fundamentals, can build a complete, secure, automated cloud environment from scratch, monitor it, and explain every decision they made. Fourteen months is a real investment — and the portfolio you finish with is evidence that you can actually do the job.
You now have a clear path forward.
Cloud engineering compounds the same way other infrastructure skills do — every production incident you debug teaches you something the next architecture benefits from, and every project you deploy with proper security and monitoring builds a kind of judgment that documentation can't give you directly. The roadmap provides the order. The depth comes from building real things, breaking them, and fixing them.
The goal was never to memorise a list of services. It was to reach a point where you can look at an infrastructure problem — availability, cost, security, scale — choose the right architecture, build it in code, and keep it running when real users arrive.
Start with Linux, SSH into your first server, and keep going from there.
No login required to share feedback
Frequently Asked Questions.
Trusted places to keep learning.
AWS Skill Builder — Free Digital Training
AWS's official learning platform — the Cloud Practitioner Essentials and Solutions Architect learning paths are free and updated for current services. The best structured starting point for AWS on this roadmap. Also includes the AWS Well-Architected Framework training and Ramp-Up Guides for every role.
Terraform by HashiCorp — Official Tutorials
HashiCorp's step-by-step tutorials for Terraform on AWS, Azure, and GCP. Each tutorial provisions real infrastructure and teaches the Terraform workflow from the ground up. The most authoritative single resource for infrastructure as code in this roadmap.
Kubernetes Official Tutorial
The Kubernetes Basics interactive tutorial from the official documentation. Walks through deploying, scaling, and updating a containerised application in a real cluster. Use alongside Minikube for local practice — the most reliable starting point for Kubernetes fundamentals.
Google Cloud Skills Boost
Google's hands-on lab platform — the Cloud Engineer Learning Path and individual skill badges provide structured, browser-based lab environments on real GCP infrastructure. Generous free credits for new accounts and student programs. Excellent for learning GCP as a second provider.
AWS Getting Started Resource Centre
AWS's curated collection of tutorials, reference architectures, and getting-started guides for every major service. The 10-minute tutorials are particularly useful for hands-on practice without a full course commitment. The reference architectures section shows production-quality designs for common use cases.
Keep going
Ready to go further?
Explore the Resource Hub for practical guides, honest reviews, and quick-reference cheatsheets designed to help you build faster.