Day 17 — Cloud Engineer Roadmap: 15 Steps to Get Hired in 2026

Cloud Engineering is the most stable high-paying career path for Indian freshers right now.

Every company — from a 5-person startup to TCS — is running on cloud infrastructure. Someone needs to build it, maintain it, and scale it. That someone is increasingly a fresher with the right skills and certifications, not an expensive senior with 10 years of on-premises experience.

This roadmap follows the 15-step staircase structure: Basic → Intermediate → Advanced. Each step builds on the previous one. Skip steps and you will hit walls.

Honest Salary Picture

Fresher with AWS SAA certification:

• Service companies: ₹4-6 LPA
• Mid-tier product: ₹6-10 LPA
• Startups: ₹7-12 LPA
• MNCs (Accenture, IBM, Deloitte cloud practices): ₹7-10 LPA

2-3 years with hands-on AWS + Kubernetes:

• ₹15-28 LPA at product companies
• ₹25-40 LPA at top MNCs

5 years specialised (FinOps, Cloud Security, Platform Engineering):

• ₹35-60 LPA in India
• Remote US/EU: $90-130k USD

Cloud Engineering compounds. The skills you build in year one are the foundation for everything that follows. Engineers who invest seriously in the first two years separate from the pack significantly.

AWS vs Azure vs GCP — The Honest Answer for Indian Freshers

Start with AWS. Always.

The numbers from Indian job postings are clear: AWS skills appear in roughly 60% of cloud engineering job descriptions in India. Azure is around 28%. GCP is around 12%.

More importantly: AWS has the best free tier for learning, the most beginner-friendly documentation, and the largest community of Indian engineers who can help you when you are stuck.

Learn AWS first. Get certified. Get your first job. Then learn Azure or GCP if your employer uses them.

The 15-Step Staircase

BASIC — Foundation (Steps 1-5)

Step 1: Understand Cloud Fundamentals

Before touching any cloud console, understand what cloud computing actually is.

• IaaS vs PaaS vs SaaS — not just definitions but real examples
• On-premises vs cloud — why companies moved
• Shared responsibility model — what AWS manages vs what you manage
• Regions and Availability Zones — why geography matters for applications
• Pricing models — On-Demand vs Reserved vs Spot instances

How to learn: AWS Cloud Practitioner free training on aws.training. Takes about 10 hours.

Step 2: Choose a Cloud Platform and Explore Free Tier

Create your AWS account. Set a billing alarm immediately — set it at ₹500/month so you never get surprised.

What the free tier gives you:

• EC2: 750 hours/month of t2.micro (enough to run a server 24/7)
• S3: 5GB storage
• RDS: 750 hours of db.t2.micro
• Lambda: 1 million requests/month
• DynamoDB: 25GB storage

The free tier is genuinely useful for learning. You can complete Steps 1-6 entirely on free tier.

Certification at this step: AWS Cloud Practitioner (optional but good for confidence)

• Cost: ₹7,500
• Study time: 3-4 weeks
• Worth it: Yes if you are in final year, No if you want to go straight to SAA

Step 3: Master Linux and Networking Basics

Every cloud resource runs Linux underneath. EC2 instances, ECS containers, Lambda — all Linux.

Linux must-knows:

• File system navigation and permissions
• SSH (how to connect to your EC2 instance)
• Package management (apt, yum)
• Basic shell scripting

Networking must-knows for cloud:

• IP addresses and CIDR notation (what does /24 mean)
• Subnets — public vs private
• DNS — what Route 53 actually does
• Ports — why 443, 80, 22, 3306 matter
• Firewalls — security groups are just cloud firewalls

Project: Launch an EC2 instance, SSH into it, install a web server, serve a basic HTML page at a public IP.

Step 4: Learn Git and Version Control

Every cloud configuration, every infrastructure file, every deployment script goes into Git.

What you need:

• Basic Git commands (clone, add, commit, push, pull)
• Branching (create branches for different environments — dev, staging, prod)
• GitHub for storing your cloud projects
• .gitignore for keeping secrets out of repositories

Important: Never commit AWS access keys to GitHub. AWS scans GitHub for exposed keys and will lock your account. Use environment variables or AWS Secrets Manager.

Step 5: Basic Scripting Skills

Cloud automation requires scripting. You will write scripts daily as a cloud engineer.

Python is the primary language:

• boto3 — the AWS SDK for Python. Lets you control every AWS service from code.
• Automating tasks: start/stop EC2 instances on a schedule, copy S3 files, rotate access keys
• Parsing JSON — AWS APIs return JSON for everything

Bash for quick automation:

• Deploy scripts
• Startup scripts for EC2 (user data)
• Cron jobs for scheduled tasks

Project: Write a Python script using boto3 that lists all your EC2 instances, their state, and their cost estimation.

INTERMEDIATE — Real-World Experience (Steps 6-11)

Step 6: Hands-On with Core Cloud Services

This is where most tutorials go wrong — they show you the console, not what the services actually do.

EC2 (Elastic Compute Cloud): Deploy a Python Flask application on EC2. Not just "launch an instance" — the full flow: launch → SSH → install dependencies → configure → run as a service → access from browser.

S3 (Simple Storage Service): Host a static website on S3. Understand bucket policies, public access settings, versioning, lifecycle rules.

RDS (Relational Database Service): Deploy a PostgreSQL database. Connect to it from your EC2 application. Understand read replicas and why they exist.

Lambda: Deploy a serverless function that runs on a schedule. Something practical: a function that checks your S3 bucket size daily and sends you an email if it exceeds a threshold.

CloudWatch: Set up monitoring for your EC2 instance. Create an alarm that triggers when CPU exceeds 80%.

Step 7: Infrastructure as Code (IaC)

Clicking through the AWS console is fine for learning. For production, everything must be code.

Why: if your infrastructure is defined in code, you can recreate it in 5 minutes in any region. If it is only in the console, a disaster means weeks of manual rebuilding.

Terraform is the tool to learn:

# This creates a complete web server setup
resource "aws_instance" "web" {
  ami           = "ami-0c02fb55956c7d316"
  instance_type = "t2.micro"
  
  tags = {
    Name = "MyWebServer"
  }
}

What to learn in Terraform:

• Providers, resources, variables, outputs
• State management (what terraform.tfstate is and why it matters)
• Modules (reusable infrastructure components)
• Workspaces (manage dev/staging/prod with same code)

Project: Write Terraform code that creates a complete VPC with public and private subnets, an EC2 instance, a security group, and an RDS database. Destroy and recreate it in one command.

Step 8: Cloud Networking and IAM

This is where many cloud engineers are weak. Deep networking and security knowledge separates good cloud engineers from great ones.

VPC (Virtual Private Cloud):

• Create a VPC from scratch (not the default one AWS gives you)
• Public subnets (internet-facing resources)
• Private subnets (databases, internal services)
• Internet Gateway (how public subnets reach the internet)
• NAT Gateway (how private subnets reach the internet without being exposed)
• Route tables (how traffic flows)

IAM (Identity and Access Management):

• Users, Groups, Roles, Policies
• Principle of least privilege — never give more permissions than needed
• IAM roles for EC2 (so your instance can access S3 without hardcoded keys)
• Service Control Policies (SCPs) for organisations

Common interview question: "Explain the difference between an IAM user and an IAM role." User has permanent credentials. Role is assumed temporarily by services or users. EC2 instances use roles, not users.

Step 9: CI/CD Pipelines and Automation

Connect code changes to automatic deployments.

AWS CodePipeline:

• CodeCommit (Git) → CodeBuild (compile/test) → CodeDeploy (deploy to EC2/ECS)
• Fully managed, integrates with everything AWS

GitHub Actions to AWS:

• Most Indian startups use GitHub + AWS
• GitHub Actions workflow that deploys to EC2 or ECS on every push to main

Project: Set up a pipeline where pushing code to GitHub automatically deploys your application to EC2. Zero manual steps.

Step 10: Containerisation with Docker

Containers are now fundamental to cloud deployments. Most production applications run in containers, not directly on EC2.

What to learn:

• Writing Dockerfiles for your applications
• Docker Compose for local multi-service development
• ECR (Elastic Container Registry) — AWS's Docker Hub
• ECS (Elastic Container Service) — run containers without managing Kubernetes

Project: Containerise your Python application, push to ECR, deploy to ECS with automatic scaling.

Step 11: Kubernetes and Orchestration

Kubernetes is the de facto standard for container orchestration at scale.

EKS (Elastic Kubernetes Service) is AWS's managed Kubernetes.

What to learn:

• kubectl commands for daily work
• Deployments, Services, Ingress, ConfigMaps, Secrets
• Horizontal Pod Autoscaler (auto-scale based on traffic)
• Persistent Volumes for stateful applications
• Helm charts for packaging Kubernetes applications

Reality check for freshers: You do not need deep Kubernetes expertise to get your first cloud job. Basic understanding plus Docker proficiency is enough. Kubernetes depth comes in years 2-3.

ADVANCED — Enterprise-Ready (Steps 12-15)

Step 12: Cloud Monitoring and Observability

You cannot manage what you cannot measure.

The three pillars of observability:

• Metrics (numbers over time — CPU, memory, request count)
• Logs (text records of what happened)
• Traces (following a request through multiple services)

AWS tools:

• CloudWatch Metrics and Alarms
• CloudWatch Logs Insights (query your logs like a database)
• AWS X-Ray (distributed tracing)

Third-party tools you will encounter at companies:

• Grafana + Prometheus (most common at Indian product companies)
• Datadog (expensive but powerful, common at larger companies)
• ELK Stack (Elasticsearch, Logstash, Kibana)

Project: Set up a Grafana dashboard showing real-time metrics from your AWS infrastructure.

Step 13: Security and Compliance

Security is not optional in production. It is increasingly a requirement for certifications like SOC2 and ISO 27001 that Indian companies need for enterprise clients.

What to learn:

• AWS Security Hub (aggregated security findings)
• GuardDuty (threat detection)
• AWS Config (compliance rules — "are all S3 buckets encrypted?")
• Secrets Manager vs Parameter Store (never hardcode credentials)
• SSL/TLS certificates with AWS Certificate Manager

DevSecOps: Shifting security left — adding security checks to your CI/CD pipeline, not as an afterthought.

Step 14: Cost Optimisation (FinOps)

This is an underrated skill that makes you immediately valuable. Companies spend millions on AWS unnecessarily.

What to learn:

• Cost Explorer and Budget Alerts
• Reserved Instances and Savings Plans (30-70% cost reduction for predictable workloads)
• Right-sizing (running t3.large when t3.small is enough wastes money)
• S3 storage classes (Intelligent-Tiering, Glacier for archival)
• Auto Scaling (scale down when traffic is low, not just scale up)

A real example: A mid-sized Indian startup reduced their AWS bill from ₹8 lakh/month to ₹4.5 lakh/month by right-sizing instances and adding auto-scaling. The engineer who did this got a promotion.

Step 15: Choose a Specialisation and Certify

After completing Steps 1-14, you are a competent cloud engineer. Now specialise.

Certification path for Indian freshers:

Year 1: AWS Cloud Practitioner (optional) → AWS Solutions Architect Associate (required)

Year 2: AWS DevOps Engineer Professional OR AWS Solutions Architect Professional

Specialisation certifications:

• CKA (Certified Kubernetes Administrator) for container/platform focus
• Terraform Associate for IaC focus
• AWS Security Specialty for security focus

Which specialisation has best demand in India:

1. DevOps + Cloud combined (highest demand)
2. Platform Engineering (Kubernetes-heavy)
3. Cloud Security (fastest growing)
4. FinOps (emerging, less competition)

The 6-Month Realistic Plan

Month 1: Steps 1-5. Cloud fundamentals, AWS free tier, Linux, Git, Python scripting. Month 2: Steps 6-7. Core AWS services hands-on + Terraform basics. Month 3: Steps 8-9. VPC, IAM deep dive + CI/CD pipeline. Month 4: Steps 10-11. Docker + ECS + Kubernetes basics. AWS SAA exam. Month 5: Steps 12-13. Monitoring + Security. Build portfolio projects. Month 6: Step 14-15. FinOps + Certification. Job applications.

Projects That Get You Hired

Project 1 — Three-Tier AWS Architecture Web tier (EC2/ECS) + Application tier (Lambda) + Database tier (RDS). All deployed with Terraform. CI/CD via GitHub Actions. Monitoring via CloudWatch. This is what production applications look like.

Project 2 — Serverless API API Gateway + Lambda + DynamoDB. A REST API that handles CRUD operations. No servers to manage. Show cost efficiency analysis.

Project 3 — Kubernetes Deployment Python application containerised, pushed to ECR, deployed on EKS with auto-scaling and monitoring. The complete container journey.

What Interviewers Ask

Scenario questions are most common:

• "S3 bucket is publicly accessible and contains sensitive data. Walk me through how you fix this."
• "EC2 instance CPU is at 100%. What do you check first?"
• "Application deployed on ECS is responding slowly. How do you debug?"
• "Terraform plan shows it will destroy and recreate an RDS instance. What do you do?"

Prepare answers for these. They test whether you have actually worked with the tools, not just read about them.

Day 17 of the AI Survival Kit — Career Roadmaps series