Learning Path
Fresher
Aws
Cloud Support / Jr. AWS Engineer
AWS Cloud Foundations — Fresher Learning Path
A complete zero-to-cloud roadmap for beginners. Step-by-step AWS architecture diagrams with clickable blocks — click any service to see details, links, and real examples.
Path Goal
By the end of this path you will understand core AWS services, build real infrastructure, and be confident enough to crack your first cloud job interview.
Click a milestone to see tools, technologies, and resources
Select a station to explore tools and resources
roadmap.sh-style view
Click any topic or milestone card for free & premium resources
What You'll Achieve
- Explain the AWS Global Infrastructure to a non-technical audience
- Launch and manage EC2 instances confidently
- Create S3 buckets and host a static website
- Write IAM policies and understand roles vs users
- Connect an application to an RDS MySQL database
- Monitor costs and set billing alerts
How to Use This Path
Each section below shows an AWS architecture diagram. Click any coloured block to see:
- What the service does
- Key concepts you need to know
- A hands-on task to practise
- Official AWS docs + TechWithDB links
Work through Step 1 → Step 6 in order. Each step builds on the last.
Step 1 — Cloud Fundamentals
Step 1 of 6 · Click any block Cloud Computing Overview
flowchart TD
A["🌐 Traditional On-Premise\n(your own data centre)"]:::clickable
B["☁️ Cloud Computing\n(AWS, Azure, GCP)"]:::clickable
C["🏗️ IaaS\n Infrastructure as a Service"]:::iaas
D["🔧 PaaS\n Platform as a Service"]:::paas
E["📦 SaaS\n Software as a Service"]:::saas
F["🌍 AWS Global Infrastructure"]:::aws
G["📍 Regions\n(ap-south-1, us-east-1...)"]:::aws
H["🏢 Availability Zones\n(isolated data centres)"]:::aws
I["⚡ Edge Locations\n(CloudFront CDN)"]:::aws
A -->|"moved to"| B
B --> C & D & E
B --> F
F --> G --> H
F --> I
click A call lpClick("on-premise")
click B call lpClick("cloud-computing")
click C call lpClick("iaas")
click D call lpClick("paas")
click E call lpClick("saas")
click F call lpClick("aws-global")
click G call lpClick("regions")
click H call lpClick("azs")
click I call lpClick("edge")
classDef clickable fill:#4a5568,stroke:#2d3748,color:#fff,rx:8
classDef iaas fill:#d97706,stroke:#b45309,color:#fff,rx:8
classDef paas fill:#2563eb,stroke:#1d4ed8,color:#fff,rx:8
classDef saas fill:#7c3aed,stroke:#6d28d9,color:#fff,rx:8
classDef aws fill:#e65100,stroke:#bf360c,color:#fff,rx:8
Step 2 — AWS Account Setup & IAM Basics
Step 2 of 6 · Click any block Account Security Architecture
flowchart TD
ROOT["👑 Root Account\n(email + password)"]:::danger
MFA["🔐 Enable MFA\non Root — always!"]:::secure
ADMIN["👤 Create IAM\nAdmin User"]:::iam
POLICY["📋 Attach Admin\nPolicy"]:::iam
GROUPS["👥 IAM Groups\n(Dev, Ops, ReadOnly)"]:::iam
USERS["🧑💻 IAM Users\n(team members)"]:::iam
ROLES["🎭 IAM Roles\n(for services like EC2)"]:::iam
BILLING["💰 Billing Alarm\n$5 alert → SNS → Email"]:::billing
CLI["⌨️ AWS CLI\naws configure"]:::tool
ROOT -->|"first thing"| MFA
ROOT -->|"never use daily"| ADMIN
ADMIN --> POLICY
GROUPS --> USERS
ADMIN --> GROUPS
ADMIN --> ROLES
ROOT --> BILLING
ADMIN --> CLI
click ROOT call lpClick("root-account")
click MFA call lpClick("mfa")
click ADMIN call lpClick("iam-admin")
click POLICY call lpClick("iam-policy")
click GROUPS call lpClick("iam-groups")
click USERS call lpClick("iam-users")
click ROLES call lpClick("iam-roles")
click BILLING call lpClick("billing-alarm")
click CLI call lpClick("aws-cli")
classDef danger fill:#dc2626,stroke:#b91c1c,color:#fff,rx:8
classDef secure fill:#16a34a,stroke:#15803d,color:#fff,rx:8
classDef iam fill:#2563eb,stroke:#1d4ed8,color:#fff,rx:8
classDef billing fill:#7c3aed,stroke:#6d28d9,color:#fff,rx:8
classDef tool fill:#d97706,stroke:#b45309,color:#fff,rx:8
Step 3 — Core Compute (EC2)
Step 3 of 6 · Click any block EC2 Architecture for Freshers
flowchart TD
INTERNET["🌐 Internet\n(users)"]:::net
ALB["⚖️ Application Load Balancer\n(optional — distributes traffic)"]:::aws
EC2A["🖥️ EC2 Instance A\n(t3.micro — Free Tier)"]:::ec2
EC2B["🖥️ EC2 Instance B\n(t3.micro)"]:::ec2
SG["🔒 Security Group\nAllow port 80, 443, 22"]:::sec
KP["🗝️ Key Pair (.pem)\nfor SSH access"]:::sec
AMI["📀 Amazon Machine Image\n(Amazon Linux / Ubuntu)"]:::ec2
EIP["📌 Elastic IP\n(static public IP)"]:::net
EBS["💾 EBS Volume\n(block storage for EC2)"]:::storage
INTERNET --> ALB --> EC2A & EC2B
SG --> EC2A & EC2B
KP --> EC2A
AMI -->|"boot image"| EC2A
EIP --> EC2A
EC2A --> EBS
click INTERNET call lpClick("internet-users")
click ALB call lpClick("alb")
click EC2A call lpClick("ec2-instance")
click SG call lpClick("security-group")
click KP call lpClick("key-pair")
click AMI call lpClick("ami")
click EIP call lpClick("elastic-ip")
click EBS call lpClick("ebs")
classDef net fill:#0891b2,stroke:#0e7490,color:#fff,rx:8
classDef aws fill:#e65100,stroke:#bf360c,color:#fff,rx:8
classDef ec2 fill:#d97706,stroke:#b45309,color:#fff,rx:8
classDef sec fill:#dc2626,stroke:#b91c1c,color:#fff,rx:8
classDef storage fill:#7c3aed,stroke:#6d28d9,color:#fff,rx:8
Step 4 — Storage (S3)
Step 4 of 6 · Click any block S3 Storage Architecture
flowchart TD
S3["🪣 Amazon S3\n(Simple Storage Service)"]:::s3
BUCKET["📂 S3 Bucket\n(globally unique name)"]:::s3
OBJ["📄 Objects\n(files, images, videos)"]:::s3
VER["🔄 Versioning\n(keep old file versions)"]:::feature
POLICY["📋 Bucket Policy\n(who can read/write)"]:::sec
STATIC["🌐 Static Website\nHosting"]:::use
BACKUP["💾 Backup & Archive"]:::use
CF["⚡ CloudFront CDN\n(faster global delivery)"]:::cdn
GLACIER["🧊 S3 Glacier\n(cheap long-term archive)"]:::storage
LC["⏰ Lifecycle Policy\n(auto-move to Glacier)"]:::feature
S3 --> BUCKET --> OBJ
BUCKET --> VER & POLICY
BUCKET --> STATIC & BACKUP
STATIC --> CF
LC -->|"after 90 days"| GLACIER
click S3 call lpClick("s3-overview")
click BUCKET call lpClick("s3-bucket")
click OBJ call lpClick("s3-objects")
click VER call lpClick("s3-versioning")
click POLICY call lpClick("s3-policy")
click STATIC call lpClick("s3-static")
click CF call lpClick("cloudfront")
click GLACIER call lpClick("s3-glacier")
click LC call lpClick("s3-lifecycle")
classDef s3 fill:#16a34a,stroke:#15803d,color:#fff,rx:8
classDef feature fill:#2563eb,stroke:#1d4ed8,color:#fff,rx:8
classDef sec fill:#dc2626,stroke:#b91c1c,color:#fff,rx:8
classDef use fill:#d97706,stroke:#b45309,color:#fff,rx:8
classDef cdn fill:#7c3aed,stroke:#6d28d9,color:#fff,rx:8
classDef storage fill:#0891b2,stroke:#0e7490,color:#fff,rx:8
Step 5 — Identity & Security (IAM Deep Dive)
Step 5 of 6 · Click any block IAM Security Model
flowchart TD
IAM["🔐 AWS IAM\nIdentity & Access Management"]:::iam
USER["👤 IAM User\n(human with long-term creds)"]:::entity
GROUP["👥 IAM Group\n(Dev / Ops / ReadOnly)"]:::entity
ROLE["🎭 IAM Role\n(assumed by services or people)"]:::entity
POLICY["📋 IAM Policy\n(JSON — Allow/Deny actions)"]:::policy
MAN["📦 AWS Managed Policy\n(pre-built by AWS)"]:::policy
CUST["✏️ Customer Managed\nPolicy (you write it)"]:::policy
LEAST["⚖️ Principle of\nLeast Privilege"]:::principle
STS["🎟️ STS AssumeRole\n(temporary credentials)"]:::advanced
MFA2["🔐 MFA\n(always enable!)"]:::secure
IAM --> USER & GROUP & ROLE
GROUP -->|"attach"| POLICY
USER -->|"belongs to"| GROUP
ROLE -->|"uses"| STS
POLICY --> MAN & CUST
LEAST -->|"guides"| POLICY
USER --> MFA2
click IAM call lpClick("iam-overview")
click USER call lpClick("iam-user")
click GROUP call lpClick("iam-group")
click ROLE call lpClick("iam-role")
click POLICY call lpClick("iam-policy-deep")
click MAN call lpClick("managed-policy")
click CUST call lpClick("custom-policy")
click LEAST call lpClick("least-privilege")
click STS call lpClick("sts")
click MFA2 call lpClick("mfa-deep")
classDef iam fill:#dc2626,stroke:#b91c1c,color:#fff,rx:8
classDef entity fill:#2563eb,stroke:#1d4ed8,color:#fff,rx:8
classDef policy fill:#d97706,stroke:#b45309,color:#fff,rx:8
classDef principle fill:#7c3aed,stroke:#6d28d9,color:#fff,rx:8
classDef advanced fill:#0891b2,stroke:#0e7490,color:#fff,rx:8
classDef secure fill:#16a34a,stroke:#15803d,color:#fff,rx:8
Step 6 — Databases (RDS)
Step 6 of 6 · Click any block RDS Architecture for Freshers
flowchart TD
APP["🖥️ EC2 Application\n(your web server)"]:::ec2
SG2["🔒 Security Group\n(port 3306 from EC2 only)"]:::sec
RDS["🗄️ Amazon RDS\nMySQL / PostgreSQL"]:::rds
PRIV["🔒 Private Subnet\n(not public internet!)"]:::net
AZ1["🏢 Primary AZ\n(ap-south-1a)"]:::az
AZ2["🏢 Standby AZ\n(ap-south-1b)\nMulti-AZ Failover"]:::az
SNAP["📸 Automated Snapshots\n(daily backups)"]:::feature
PR["📖 Read Replica\n(scale reads — optional)"]:::feature
PARAM["⚙️ Parameter Group\n(DB config settings)"]:::config
APP -->|"connects via 3306"| SG2
SG2 --> RDS
RDS --> PRIV
PRIV --> AZ1
AZ1 -->|"sync replication"| AZ2
RDS --> SNAP
RDS -.->|"async"| PR
PARAM -->|"config"| RDS
click APP call lpClick("ec2-app")
click SG2 call lpClick("rds-sg")
click RDS call lpClick("rds-overview")
click PRIV call lpClick("private-subnet")
click AZ1 call lpClick("rds-primary")
click AZ2 call lpClick("rds-multiaz")
click SNAP call lpClick("rds-snapshots")
click PR call lpClick("read-replica")
click PARAM call lpClick("parameter-group")
classDef ec2 fill:#d97706,stroke:#b45309,color:#fff,rx:8
classDef sec fill:#dc2626,stroke:#b91c1c,color:#fff,rx:8
classDef rds fill:#2563eb,stroke:#1d4ed8,color:#fff,rx:8
classDef net fill:#7c3aed,stroke:#6d28d9,color:#fff,rx:8
classDef az fill:#16a34a,stroke:#15803d,color:#fff,rx:8
classDef feature fill:#0891b2,stroke:#0e7490,color:#fff,rx:8
classDef config fill:#e65100,stroke:#bf360c,color:#fff,rx:8
What You’ll Achieve
After completing all 6 steps you’ll be able to:
- Explain how AWS works to your team or in an interview
- Launch EC2 instances and connect via SSH
- Store files and host websites on S3
- Write IAM policies and manage user permissions
- Deploy a MySQL database on RDS inside a private subnet
- Monitor costs and avoid surprise bills
Help Improve This Learning Path
Have a resource, project idea, or milestone suggestion? Submit it!
Open Google Form