Free · Your 45-day roadmap

On-Prem → Cloud Engineer

The full journey, mapped day by day. 2 hours a day for 45 days — provider-flexible, so it works whether you choose AWS, Azure, or GCP, with the same Terraform, Kubernetes, and DevOps skills layered on top.

Get the full 45-day roadmap as a PDF

Pop in your details and we'll add you to the Cloud Career Lab list — then you can save this whole plan as a PDF to follow offline.

No spam. Unsubscribe any time.

How to use this roadmap

Block 2 hours every day. Hour 1 is theory and reading; Hour 2 is hands-on. Push your work to a single GitHub repository called onprem-to-cloud-45 so by Day 45 you have a public portfolio. If a day feels heavy, don't skip it — split it across two evenings. Consistency beats intensity.

Pick one cloud (AWS / Azure / GCP) on Day 1 and stay with it through Day 45 — the concepts transfer, but switching providers mid-plan resets your muscle memory. Watch your billing alerts and tear down resources when you're done for the day.

Hour 1 · Learn

Read docs, watch one focused tutorial, take short notes.

Hour 2 · Practice

Code in your repo — no copy-paste.

Deliverable

The artifact you push to GitHub that day.

Pro tip

A small habit or shortcut to make the topic stick.

Not sure which platform to pick?

Choose the cloud platform you're leaning toward and we'll suggest a track to commit to for the full 45 days.

The 7 phases · 90 hours total

Phase	Days	Theme	Hours
1	1–10	Cloud Foundations (Linux, networking, DNS, HTTP, the shared-responsibility model)	20
2	11–20	Core Cloud Services (IAM, compute, networking/VPC, storage, databases, monitoring)	20
3	21–28	Infrastructure as Code (Terraform, modules, state, providers, reusable stacks)	16
4	29–33	Containers & Kubernetes (Docker, images, pods, deployments, services, Helm)	10
5	34–38	CI/CD & DevOps (Git, pipelines, GitOps, secrets, deploy automation)	10
6	39–42	AI for Cloud (prompting, AI ops/IaC, cost & log analysis, AI-native tooling)	8
7	43–45	Reliability + Capstone (observability, security, portfolio, interview)	6

Phase 1 · Days 1–10

Cloud Foundations

Get comfortable enough with Linux, networking, and how the web actually works that you can navigate a cloud console and read architecture diagrams without getting lost. Cover the shell, networking, DNS, HTTP, and the cloud shared-responsibility model.

Prep for this phase:AWS Solutions Architect Interview Q&A – 300+ →Azure Cloud Interview Q&A – 250+ →GCP / Google Cloud Interview Q&A – 200+ →

Cloud Account & Version Control

Hour 1 · Learn: Create a free-tier account on one cloud (AWS, Azure, or GCP). Install the cloud CLI and Git. Set up billing alerts so you never get surprised. Learn clone, add, commit, push, pull, status, log.
Hour 2 · Practice: Create the onprem-to-cloud-45 repo. Push a README that lists your goals and which cloud you picked. Configure the CLI with a least-privilege user.
Deliverable: Public GitHub repo with first commit, README, and a working CLI (whoami / account check passes).
Pro tip: Set a low monthly budget alert on Day 1. A forgotten resource is the #1 way beginners get a scary bill.

Linux & the Command Line

Hour 1 · Learn: Filesystem layout, navigation (cd, ls, pwd), files (cat, less, cp, mv, rm), permissions (chmod, chown), users/groups, package managers (apt/yum), processes (ps, top, kill).
Hour 2 · Practice: Spin up a small Linux VM (or use cloud shell). Create users, set file permissions, install a package, inspect running processes.
Deliverable: /day02 notes with 20 commands you ran and what each did.
Pro tip: Almost every cloud server is Linux. The shell is the single highest-leverage skill on this list.

Shell Scripting & SSH

Hour 1 · Learn: Bash basics: variables, conditionals, loops, exit codes, pipes, redirection. SSH key pairs, connecting to a remote host, scp for file transfer.
Hour 2 · Practice: Write 3 scripts: a backup script, a log-rotation script, a health-check that pings a URL and prints status. SSH into your VM and run them remotely.
Deliverable: 3 shell scripts in /day03 + SSH config documented.
Pro tip: Always quote your variables in Bash. Unquoted paths with spaces are a classic foot-gun.

Networking Fundamentals

Hour 1 · Learn: OSI/TCP-IP model, IP addressing, subnets and CIDR notation, ports, TCP vs. UDP, NAT, public vs. private IPs, the default gateway.
Hour 2 · Practice: Subnet a /24 into four /26s by hand. Use ip, ping, traceroute, netstat/ss to inspect your VM's networking.
Deliverable: /day04 subnetting worksheet + annotated network inspection output.
Pro tip: CIDR math shows up in every VPC interview. Learn to compute usable hosts in your head.

DNS, HTTP & TLS

Hour 1 · Learn: How DNS resolves a name (root → TLD → authoritative), record types (A, AAAA, CNAME, MX, TXT), HTTP methods and status codes, headers, what TLS/HTTPS actually secures.
Hour 2 · Practice: Use dig/nslookup to trace a domain's records. Use curl -v to inspect headers and a full TLS handshake on a real site.
Deliverable: /day05 dns-http-notes.md with annotated dig and curl output.
Pro tip: Status codes are a language. 301 vs. 302, 401 vs. 403 — each says something specific. Learn the dialect.

The Cloud Model & Shared Responsibility

Hour 1 · Learn: IaaS vs. PaaS vs. SaaS, regions and availability zones, the shared-responsibility model (what the provider secures vs. what you secure), pricing models (on-demand, reserved, spot).
Hour 2 · Practice: Map 5 common services on your cloud to IaaS/PaaS/SaaS. Draw your provider's region/AZ map for your nearest region.
Deliverable: /day06 cloud-model.md with the service map + responsibility split table.
Pro tip: Most cloud security incidents are customer misconfigurations, not provider breaches. Know your side of the line.

Identity & Access Basics

Hour 1 · Learn: Authentication vs. authorization, users vs. roles vs. groups, policies, the principle of least privilege, MFA, access keys vs. temporary credentials.
Hour 2 · Practice: In your cloud console, create a group, attach a read-only policy, add a user to it, and enable MFA. Confirm the user can read but not write.
Deliverable: /day07 IAM setup screenshots + a 1-page least-privilege checklist.
Pro tip: Never use the root/owner account day-to-day. Lock it with MFA and create a working user immediately.

Compute & Virtual Machines

Hour 1 · Learn: Virtual machines (EC2 / Azure VM / Compute Engine), instance families & sizing, AMIs/images, key pairs, user-data/cloud-init, lifecycle (start/stop/terminate).
Hour 2 · Practice: Launch a VM, SSH in, install a web server via user-data, hit its public IP in a browser, then terminate it cleanly.
Deliverable: /day08 with the launch command/config + a screenshot of your live page.
Pro tip: Right-size from the start. The smallest instance that works is almost always the right answer for learning.

Object Storage & Files

Hour 1 · Learn: Object storage (S3 / Blob / Cloud Storage) vs. block vs. file storage. Buckets, objects, storage classes/tiers, lifecycle rules, public vs. private access, signed URLs.
Hour 2 · Practice: Create a private bucket, upload files via CLI, set a lifecycle rule, generate a signed URL, and host a static page if your cloud supports it.
Deliverable: /day09 with bucket CLI commands + a working signed URL.
Pro tip: Public buckets leak data constantly. Default to private and grant access deliberately.

Architecture & Diagramming

Hour 1 · Learn: Reading and drawing cloud architecture diagrams. Tiers (web/app/data), high availability across AZs, the well-architected pillars (reliability, security, performance, cost, operations).
Hour 2 · Practice: Diagram a simple 2-tier web app (VM + managed DB across two AZs) using draw.io or the cloud's own icon set.
Deliverable: /day10 architecture diagram + a 1-page well-architected notes file.
Pro tip: If you can draw it cleanly, you understand it. Architecture diagrams are half of cloud interviews.

Phase 2 · Days 11–20

Core Cloud Services

Go deep on the services you'll use every day: IAM, networking/VPC, compute, load balancing, databases, storage, and monitoring. Build real things by hand in the console and CLI so you understand what IaC will later automate.

Prep for this phase:AWS Solutions Architect Interview Q&A – 300+ →Azure Cloud Interview Q&A – 250+ →GCP / Google Cloud Interview Q&A – 200+ →

IAM Deep Dive

Hour 1 · Learn: Policy structure (effect, action, resource, condition), managed vs. inline policies, roles for services, trust policies, identity federation at a high level, permission boundaries.
Hour 2 · Practice: Write a custom policy granting access to ONE bucket only. Create a role a VM can assume to read that bucket — no static keys.
Deliverable: /day11 custom policy JSON + role setup notes.
Pro tip: Roles over keys, always. Long-lived access keys are the most common credential leak.

Virtual Networking (VPC)

Hour 1 · Learn: VPC/VNet, subnets (public vs. private), route tables, internet gateway, NAT gateway, security groups vs. network ACLs.
Hour 2 · Practice: Build a VPC by hand: 2 public + 2 private subnets across 2 AZs, an internet gateway, a NAT gateway, and route tables that work.
Deliverable: /day12 VPC topology diagram + creation commands.
Pro tip: Public subnet = route to an internet gateway. That single fact untangles most VPC confusion.

Security Groups & Network Security

Hour 1 · Learn: Stateful security groups vs. stateless ACLs, inbound vs. outbound rules, least-privilege ports, bastion hosts, VPC peering and private endpoints at a high level.
Hour 2 · Practice: Place a web VM in a public subnet (port 80/443 open) and a DB VM in a private subnet reachable only from the web tier.
Deliverable: /day13 with security-group rules documented + a connectivity test.
Pro tip: Open 0.0.0.0/0 only for 80/443. SSH should be your IP only — never the whole internet.

Load Balancing & Auto Scaling

Hour 1 · Learn: Layer 4 vs. Layer 7 load balancers, target groups/backends, health checks, auto-scaling groups, scaling policies, why statelessness matters for scaling.
Hour 2 · Practice: Put two web VMs behind a load balancer with a health check. Configure an auto-scaling group min=2/max=4 and watch a node get replaced.
Deliverable: /day14 with the LB + ASG config and a screenshot of traffic balancing.
Pro tip: If a node can't be killed and replaced freely, it isn't cloud-native yet. Cattle, not pets.

Managed Databases

Hour 1 · Learn: Managed relational DBs (RDS / Azure SQL / Cloud SQL), engines, multi-AZ vs. read replicas, automated backups, parameter groups, connection security.
Hour 2 · Practice: Launch a managed Postgres/MySQL in a private subnet, connect from your web VM only, run a few queries, and trigger a snapshot.
Deliverable: /day15 with DB setup + a connection test from the app tier.
Pro tip: Never put a database in a public subnet. App tier connects in; the world never does.

NoSQL & Caching

Hour 1 · Learn: Key-value/document stores (DynamoDB / Cosmos DB / Firestore), when NoSQL beats SQL, in-memory caching (Redis/Memcached), TTLs and cache invalidation.
Hour 2 · Practice: Create a NoSQL table, write and query items, then stand up a managed cache and benchmark a cached vs. uncached read.
Deliverable: /day16 with table design notes + a cache hit/miss benchmark.
Pro tip: There are only two hard things in computing, and one of them is cache invalidation. Set TTLs deliberately.

Serverless Functions

Hour 1 · Learn: Functions-as-a-service (Lambda / Azure Functions / Cloud Functions), triggers/events, cold starts, execution roles, timeouts and memory, when serverless wins.
Hour 2 · Practice: Write a function triggered by an object upload that logs the file name and size. Deploy it and trigger it for real.
Deliverable: /day17 with function code + a screenshot of the triggered log.
Pro tip: Serverless shifts ops to the provider but not responsibility. Watch timeouts, memory, and IAM scope.

DNS, CDN & Edge

Hour 1 · Learn: Managed DNS (Route 53 / Azure DNS / Cloud DNS), routing policies, CDNs (CloudFront / Front Door / Cloud CDN), caching at the edge, TLS certificates.
Hour 2 · Practice: Point a domain (or subdomain) at your load balancer, put a CDN in front of your static bucket, and verify HTTPS end-to-end.
Deliverable: /day18 with DNS records + a working HTTPS URL through the CDN.
Pro tip: Cache static assets aggressively at the edge; never cache authenticated or personalized responses.

Monitoring, Logging & Alerts

Hour 1 · Learn: Metrics vs. logs vs. traces, the cloud's monitoring service (CloudWatch / Azure Monitor / Cloud Monitoring), dashboards, alarms, log aggregation, basic SLIs.
Hour 2 · Practice: Build a dashboard for your VM (CPU, network). Create an alarm that emails you when CPU > 70% and trigger it with a load loop.
Deliverable: /day19 with a dashboard screenshot + a working alert.
Pro tip: You can't operate what you can't see. Set up monitoring before you need it, not after the outage.

Mini Capstone — A Live 3-Tier App

Hour 1 · Learn: Plan: web tier (LB + auto-scaled VMs) → app tier → managed DB, all inside your VPC with least-privilege security groups and monitoring.
Hour 2 · Practice: Build it end-to-end in the console/CLI, confirm it serves traffic over HTTPS, then document and tear it down cleanly.
Deliverable: /day20 with the full architecture diagram, setup steps, and teardown checklist.
Pro tip: Always document teardown. The fastest way to a huge bill is forgetting what you spun up.

Phase 3 · Days 21–28

Infrastructure as Code with Terraform

Stop clicking in consoles. Learn Terraform to define infrastructure declaratively, manage state safely, build reusable modules, and rebuild your entire Phase 2 stack from code you can commit and review.

Prep for this phase:Terraform & IaC Interview Q&A – 200+ →AWS Solutions Architect Interview Q&A – 300+ →

Terraform Basics & Providers

Hour 1 · Learn: What IaC is and why it matters, declarative vs. imperative, installing Terraform, providers, the core workflow: init → plan → apply → destroy.
Hour 2 · Practice: Write your first config: a single bucket or VM. Run init/plan/apply, inspect what changed, then destroy it.
Deliverable: /day21 first Terraform config + your annotated plan output.
Pro tip: Always read the plan before you apply. Terraform tells you exactly what it will change — believe it.

Variables, Outputs & Expressions

Hour 1 · Learn: Input variables, types, defaults, tfvars files, outputs, locals, string interpolation, common functions, the dependency graph.
Hour 2 · Practice: Parameterize your Day 21 config: region, instance size, and name all become variables. Output the resource's IP/URL.
Deliverable: /day22 with variables.tf, outputs.tf, and a tfvars file.
Pro tip: Never hardcode region, names, or sizes. Variables are what make config reusable across environments.

Resources, Data Sources & Dependencies

Hour 1 · Learn: Resource blocks, data sources (read existing infra), implicit vs. explicit dependencies (depends_on), count and for_each for multiple instances.
Hour 2 · Practice: Build a VPC + subnets + security group in Terraform using for_each for the subnets. Let dependencies resolve automatically.
Deliverable: /day23 networking module config that applies cleanly.
Pro tip: Prefer implicit dependencies via references. Reach for depends_on only when Terraform truly can't infer the order.

State Management

Hour 1 · Learn: What state is and why it's sensitive, local vs. remote state, remote backends (S3 + DynamoDB lock / Azure Storage / GCS), state locking, terraform import.
Hour 2 · Practice: Move your state to a remote backend with locking. Import one manually-created resource into Terraform management.
Deliverable: /day24 with backend config + proof of remote state and a lock.
Pro tip: Never commit terraform.tfstate to Git — it holds secrets. Use a remote backend with locking from day one.

Modules — Reusable Infrastructure

Hour 1 · Learn: Why modules exist, module structure (inputs/outputs), calling local modules, the public module registry, versioning modules.
Hour 2 · Practice: Refactor your VPC into a reusable module. Call it twice to build a dev and a prod network from the same code.
Deliverable: /day25 with a /modules/vpc module used by two environments.
Pro tip: If you copy-paste a resource block, it probably wants to be a module. DRY applies to infrastructure too.

Workspaces, Environments & Secrets

Hour 1 · Learn: Managing dev/staging/prod, workspaces vs. directory-per-env, passing secrets safely (env vars, secret managers), sensitive variables and outputs.
Hour 2 · Practice: Structure your repo for dev + prod environments. Pull a database password from a secret manager instead of a tfvars file.
Deliverable: /day26 with an env folder structure + secret-sourced variable.
Pro tip: Secrets never belong in tfvars or Git. Source them from a secret manager or CI variables.

Provisioning the Full Stack as Code

Hour 1 · Learn: Composing modules into a full application stack, ordering, outputs feeding into other modules, formatting (fmt), validation (validate), and linting.
Hour 2 · Practice: Rebuild your entire Phase 2 three-tier app — VPC, LB, auto-scaling VMs, managed DB, monitoring — entirely in Terraform.
Deliverable: /day27 full-stack Terraform that applies green from scratch.
Pro tip: terraform fmt and validate before every commit. Clean, valid config is a sign of an engineer who can be trusted with prod.

Mini Capstone — One-Command Environment

Hour 1 · Learn: Plan: a single terraform apply that builds your whole app, and a single terraform destroy that removes it — with a clear README.
Hour 2 · Practice: Polish the stack so a stranger can clone, set variables, apply, and get a live app. Push to GitHub.
Deliverable: /day28 IaC project v1.0 with README, variables, and architecture diagram.
Pro tip: Treat the README as a sales pitch — 'terraform apply and you have a live 3-tier app' is a great interview line.

Phase 4 · Days 29–33

Containers & Kubernetes

Package applications once and run them anywhere. Master Docker fundamentals, then the Kubernetes core: pods, deployments, services, and config — enough to deploy and scale a real app on a managed cluster.

Prep for this phase:Kubernetes & Docker Interview Q&A – 250+ →DevOps & CI/CD Interview Q&A – 250+ →

Docker Fundamentals

Hour 1 · Learn: Images vs. containers, the Dockerfile (FROM, RUN, COPY, CMD, EXPOSE), layers and caching, tags, registries, docker run/build/ps/logs/exec.
Hour 2 · Practice: Containerize a small web app. Build the image, run it, exec into it, read its logs, and push it to a registry.
Deliverable: /day29 Dockerfile + a pushed image in a registry.
Pro tip: Order Dockerfile steps from least- to most-frequently-changed. Good layer caching turns minute-long builds into seconds.

Multi-Container Apps & Compose

Hour 1 · Learn: docker-compose, services, networks, volumes, environment variables, multi-stage builds for small images, image security basics.
Hour 2 · Practice: Use Compose to run a web app + database + cache together. Convert your image to a multi-stage build and compare sizes.
Deliverable: /day30 docker-compose.yml + a before/after image-size note.
Pro tip: Multi-stage builds drop image size dramatically. Smaller images deploy faster and have a smaller attack surface.

Kubernetes Core — Pods & Deployments

Hour 1 · Learn: Cluster anatomy (control plane, nodes), pods, ReplicaSets, Deployments, kubectl basics, rolling updates and rollbacks, namespaces.
Hour 2 · Practice: Spin up a managed cluster (EKS/AKS/GKE) or kind locally. Deploy your image, scale it to 3 replicas, do a rolling update, then roll back.
Deliverable: /day31 deployment.yaml + kubectl commands you used.
Pro tip: kubectl get/describe/logs are your first three moves on any broken pod. Learn them cold.

Services, Ingress & Config

Hour 1 · Learn: Service types (ClusterIP, NodePort, LoadBalancer), Ingress and controllers, ConfigMaps, Secrets, environment injection, liveness/readiness probes.
Hour 2 · Practice: Expose your deployment via a Service + Ingress. Move config to a ConfigMap and credentials to a Secret. Add health probes.
Deliverable: /day32 with service.yaml, ingress.yaml, configmap, and probes configured.
Pro tip: Readiness probes keep traffic off pods that aren't ready yet. Skipping them causes mysterious 502s during deploys.

Helm, Scaling & Storage

Hour 1 · Learn: Helm charts and values, templating, the Horizontal Pod Autoscaler, resource requests/limits, persistent volumes and claims.
Hour 2 · Practice: Package your app as a Helm chart with a values file. Add an HPA that scales on CPU and load-test it to watch pods scale out.
Deliverable: /day33 Helm chart + an HPA scaling event screenshot.
Pro tip: Always set resource requests and limits. Without them, one greedy pod can starve every neighbor on the node.

Phase 5 · Days 34–38

CI/CD & DevOps

Infrastructure and apps must build, test, and deploy automatically on every push. Cover Git in depth, pipelines, container builds in CI, GitOps-style deploys, and secrets management.

Prep for this phase:DevOps & CI/CD Interview Q&A – 250+ →Terraform & IaC Interview Q&A – 200+ →

Git Advanced & Workflow

Hour 1 · Learn: Branches, merge vs. rebase, conflict resolution, pull-request flow, code review etiquette, .gitignore, signed commits, trunk-based vs. GitFlow.
Hour 2 · Practice: Open a feature branch, raise a PR against main, self-review and merge, then tag a release v0.1. Practice resolving a deliberate conflict.
Deliverable: /day34 with PR history visible in the repo + a release tag.
Pro tip: Small, focused PRs get reviewed fast and break less. Giant PRs are where bugs hide.

Pipelines — First CI Run

Hour 1 · Learn: CI/CD concepts, GitHub Actions / GitLab CI syntax, triggers (push, PR, schedule), jobs, steps, runners, caching, artifacts.
Hour 2 · Practice: Create a pipeline that lints and validates your Terraform (fmt -check + validate) on every push to main. Watch it go green.
Deliverable: /day35 with .github/workflows/ci.yml (or .gitlab-ci.yml) committed.
Pro tip: Start with the simplest pipeline that fails on bad code. Add stages only when something actually hurts.

Building & Pushing Containers in CI

Hour 1 · Learn: Building Docker images in CI, tagging by commit SHA, pushing to a registry, image scanning for vulnerabilities, build matrices.
Hour 2 · Practice: Extend your pipeline to build your app image, scan it, tag it with the commit SHA, and push it to a registry on every merge.
Deliverable: /day36 with a build-and-push job + a scanned, tagged image.
Pro tip: Tag images with the commit SHA, never just :latest. You always want to know exactly what's running.

Deploy Automation & GitOps

Hour 1 · Learn: Deploying from CI (terraform apply / kubectl / Helm in a pipeline), environments and approvals, GitOps principle (Git as the source of truth), rollbacks.
Hour 2 · Practice: Add a deploy stage that applies your Terraform to dev automatically and to prod behind a manual approval gate.
Deliverable: /day37 with a multi-environment deploy pipeline + an approval step.
Pro tip: Gate prod behind a manual approval. Automation is great until it auto-deploys a bad change at 2 AM.

Secrets, Notifications & Pipeline Hygiene

Hour 1 · Learn: Pipeline secrets and OIDC (keyless cloud auth from CI), least-privilege deploy roles, Slack/Teams notifications, status badges, failure alerts.
Hour 2 · Practice: Switch your pipeline to OIDC instead of stored cloud keys. Post a Slack message on deploy success/failure with a link.
Deliverable: /day38 with keyless auth configured + a working notification.
Pro tip: OIDC from CI removes long-lived cloud keys entirely — fewer secrets to leak, and a strong interview talking point.

Phase 6 · Days 39–42

AI for Cloud Engineers

Multiply your output with AI without losing engineering judgment. Prompt engineering for ops, AI-assisted IaC and scripting, AI for cost and log analysis, and a tour of AI-native cloud tooling.

AI Fundamentals & Prompting for Ops

Hour 1 · Learn: How LLMs work at a high level. Prompt patterns: role + context + constraints + examples + format. Hallucinations, grounding, why you must verify infra suggestions.
Hour 2 · Practice: Use Claude / ChatGPT to draft a Terraform module and a Bash script from a plain-English spec. Review and correct every line.
Deliverable: /day39 with the generated artifacts + the prompts you used, in version control.
Pro tip: Save your prompts in the repo. For infra, prompts are reproducibility — and they're code too.

AI-Assisted IaC & Scripting

Hour 1 · Learn: Using Copilot/Cursor for Terraform, YAML, and shell. Comment-driven generation, explaining unfamiliar config, generating tests and docs. When to accept vs. reject.
Hour 2 · Practice: Have AI generate a Kubernetes manifest and a CI workflow, then refactor and harden both. Keep a CHANGELOG of what you fixed.
Deliverable: /day40 AI-assisted config + a list of corrections you made.
Pro tip: Never apply AI-generated infra unread. Confidently wrong IaC can delete a production database.

AI for Cost, Logs & Incident Triage

Hour 1 · Learn: Prompts that explain a cloud bill, find idle/oversized resources, summarize noisy logs, and turn a stack trace or alert into a probable-cause hypothesis.
Hour 2 · Practice: Use AI to: (1) summarize a real log dump into a 1-paragraph triage note, (2) suggest three cost optimizations for your Phase 2 stack.
Deliverable: /day41 with a triage note + a cost-optimization shortlist.
Pro tip: Mask account IDs and secrets before pasting anything into a model. Treat every prompt as if it could become public.

AI-Native Cloud Tooling

Hour 1 · Learn: Tour AI in the cloud ecosystem: provider assistants (Amazon Q, Azure/GCP copilots), AIOps and anomaly detection, AI-driven IaC generators and policy checkers.
Hour 2 · Practice: Try one AI cloud assistant. Ask it to diagnose a misconfiguration in your account and evaluate how correct its answer is.
Deliverable: /day42 with notes on the tool's strengths, misses, and where you'd trust it.
Pro tip: AI tools accelerate experienced engineers far more than they rescue beginners. Build the fundamentals first.

Phase 7 · Days 43–45

Reliability + Capstone

Touch the adjacent disciplines — observability, SRE, and security — then ship a portfolio and an interview-ready demo that proves you can design, build, and operate cloud infrastructure.

Prep for this phase:Cloud Engineer Résumé Template →AWS Solutions Architect Interview Q&A – 300+ →

Observability & SRE Basics

Hour 1 · Learn: Metrics/logs/traces revisited, SLIs/SLOs/error budgets, the four golden signals (latency, traffic, errors, saturation), alerting that doesn't cry wolf, on-call basics.
Hour 2 · Practice: Define SLOs for your capstone app, build a golden-signals dashboard, and write one meaningful alert tied to an SLO.
Deliverable: /day43 with an SLO definition + a golden-signals dashboard.
Pro tip: Alert on symptoms users feel (errors, latency), not every internal metric. Noisy alerts get ignored — then the real one is missed.

Cloud Security & Cost Hardening

Hour 1 · Learn: IAM least privilege revisited, encryption at rest/in transit, security groups audit, the provider's security scanner (Security Hub / Defender / SCC), tagging and cost controls.
Hour 2 · Practice: Run your cloud's security scanner against your account, fix the top 5 findings, and add cost-allocation tags + a budget to your stack.
Deliverable: /day44 with a before/after security-findings summary.
Pro tip: Encryption and least privilege are table stakes in interviews. Be ready to explain both with a concrete example from your stack.

Capstone, Portfolio & Interview Prep

Hour 1 · Learn: Polish the capstone README, record a 3-minute architecture-and-demo video, write a post about your 45-day journey, and prepare a 2-minute project pitch.
Hour 2 · Practice: Practice 10 common cloud-engineering interview questions out loud (VPC design, IAM, IaC, scaling, incident response). Apply to 3 jobs.
Deliverable: Final portfolio: IaC repo + README + demo video + write-up + 3 applications submitted.
Pro tip: A clean repo + an architecture diagram + a 3-minute demo beats most resumes. Put the link at the top of your CV.

Want the interview prep that goes with this journey?

Our cloud kits cover the solved Q&A for exactly these topics — AWS, Azure, GCP, Kubernetes, Terraform, and DevOps — so you walk into interviews ready.

Browse the kits