vinod sharma .in Solution Architect, Author & Educator
Courses, books, roadmaps, and tutorials to help developers build real-world skills.
© 2026 Vinod Sharma. All rights reserved.
Cloud Architect A comprehensive roadmap to becoming a cloud architect. This path takes you from cloud fundamentals and certifications through networking, compute, serverless, microservices, data architecture, security, cost optimisation, multi-cloud strategy, disaster recovery, enterprise migration, and the Well-Architected Framework.
12 milestones in this roadmap
Step 1 beginner 4-6 weeks
Cloud Fundamentals & Certifications Establish a solid foundation in cloud computing concepts, service models, and earn a foundational certification.
1 Cloud computing models: IaaS, PaaS, SaaS, and FaaS 2 Shared responsibility model and cloud provider SLAs 3 Regions, availability zones, edge locations, and global infrastructure 4 Cloud economics: OpEx vs CapEx, pay-as-you-go, and reserved capacity 5 Foundational certifications: AWS Cloud Practitioner, AZ-900 6 Well-Architected Framework overview and cloud-native design principles
AWS Free Tier / Azure Free Account AWS Skill Builder / Microsoft Learn Cloud provider documentation A Cloud Guru / Cantrill.io
Step 1 beginner 4-6 weeks
Cloud Fundamentals & Certifications Establish a solid foundation in cloud computing concepts, service models, and earn a foundational certification.
1 Cloud computing models: IaaS, PaaS, SaaS, and FaaS 2 Shared responsibility model and cloud provider SLAs 3 Regions, availability zones, edge locations, and global infrastructure 4 Cloud economics: OpEx vs CapEx, pay-as-you-go, and reserved capacity 5 Foundational certifications: AWS Cloud Practitioner, AZ-900
Step 2 intermediate 6-8 weeks
Networking in the Cloud (VPC/Subnets/DNS) Master cloud networking including VPCs, subnets, routing, DNS, load balancing, and hybrid connectivity.
1 VPC architecture: CIDR blocks, public/private subnets, and route tables 2 NAT gateways, internet gateways, and VPC endpoints (PrivateLink) 3 Security groups vs NACLs: stateful vs stateless firewall rules 4 DNS management with Route 53 / Cloud DNS: hosted zones, record types, routing policies
Step 3 intermediate 6-8 weeks
Compute & Storage Services Understand the full spectrum of compute and storage options and learn to match workloads to the right services.
1 Virtual machines: instance types, families, placement groups, and AMIs 2 Auto-scaling groups, launch templates, and scaling policies 3 Block storage (EBS): volume types, IOPS provisioning, and snapshots 4 Object storage (S3): storage classes, lifecycle policies, versioning, replication
Step 4 intermediate 6-8 weeks
Serverless Architecture Design event-driven serverless applications that scale automatically without managing infrastructure.
1 AWS Lambda: handler functions, layers, concurrency, and cold start mitigation 2 API Gateway: REST APIs, HTTP APIs, WebSocket APIs, and authorisers 3 Step Functions for orchestrating multi-step serverless workflows 4 EventBridge: event buses, rules, schemas, and event-driven patterns
Step 5 advanced 8-10 weeks
Microservices & Containers Architect microservice-based applications using containers, orchestration, and resilience patterns.
1 Microservice decomposition: bounded contexts and domain-driven design 2 Container orchestration with EKS/GKE/AKS and Fargate/Cloud Run 3 Service mesh: Istio, Linkerd for mTLS, traffic management, and observability 4 API gateways: Kong, AWS API Gateway for routing and rate limiting
Step 6 advanced 6-8 weeks
Data Architecture (Lakes & Warehouses) Design modern data platforms with data lakes, warehouses, and streaming pipelines for analytics and machine learning.
1 Data lake architecture: S3/GCS + Glue/Dataproc + Athena/BigQuery 2 Data warehouses: Redshift, Snowflake, BigQuery design and optimisation 3 ETL vs ELT pipelines and orchestration with Airflow or Step Functions 4 Real-time streaming: Kinesis, Kafka (MSK), Pub/Sub, and stream processing
Step 7 advanced 6-8 weeks
Security & Identity Management Implement defence-in-depth security with IAM, encryption, network segmentation, and multi-account governance.
1 IAM policies: least privilege, conditions, permission boundaries, and SCPs 2 Encryption at rest (KMS, SSE) and in transit (TLS, ACM certificate management) 3 Web Application Firewall (WAF) rules and AWS Shield for DDoS protection 4 Identity federation: SAML 2.0, OIDC, and SSO with Azure AD / Okta
Step 8 intermediate 3-4 weeks
Cost Optimisation & FinOps Apply FinOps principles to analyse, optimise, and govern cloud spending without sacrificing performance.
1 Cost allocation with tagging strategies and cost categories 2 Reserved Instances, Savings Plans, and Spot/Preemptible instances 3 Right-sizing recommendations and compute optimiser analysis 4 Budget alerts, anomaly detection, and cost forecasting 5
Step 9 advanced 4-6 weeks
Multi-Cloud Strategy Design portable, vendor-agnostic architectures and understand when multi-cloud strategies deliver real value.
1 Evaluating multi-cloud: vendor lock-in, regulatory, and best-of-breed drivers 2 Infrastructure abstraction with Terraform for multi-cloud provisioning 3 Kubernetes as a workload portability layer across providers 4 Cloud-agnostic data strategies: object storage APIs, database abstractions
Step 10 advanced 4-6 weeks
Disaster Recovery & High Availability Design architectures that survive failures at every level from single instances to entire regions with tested recovery plans.
1 RTO and RPO calculation for each workload tier 2 DR strategies: backup-restore, pilot light, warm standby, active-active 3 Cross-region replication for databases, storage, and stateful services 4 Auto-scaling, health checks, and automated failover mechanisms
Step 11 advanced 6-8 weeks
Enterprise Migration Strategy Plan and execute large-scale cloud migrations using structured frameworks, assessment tools, and wave-based execution.
1 7 Rs migration framework: rehost, replatform, repurchase, refactor, retire, retain, relocate 2 Portfolio assessment and workload prioritisation with discovery tools 3 Landing zone design: account structure, networking, and security baselines 4 Migration factory: wave planning, runbooks, and cutover procedures
Step 12 advanced 4-6 weeks
Well-Architected Framework Mastery Internalise the Well-Architected Framework across all pillars and conduct architectural reviews for production workloads.
1 Operational Excellence: runbooks, deployment automation, and observability 2 Security: IAM, detective controls, data protection, and incident response 3 Reliability: fault tolerance, recovery procedures, and change management 4 Performance Efficiency: right-sizing, monitoring, and architectural trade-offs Ready to start this journey? Browse our courses and books to begin your learning path.
6 Well-Architected Framework overview and cloud-native design principles
AWS Free Tier / Azure Free Account AWS Skill Builder / Microsoft Learn Cloud provider documentation A Cloud Guru / Cantrill.io
5
Load balancing: ALB (L7), NLB (L4), and GWLB for appliances
6 Hybrid connectivity: VPN (site-to-site, client), Direct Connect, and Transit Gateway
AWS VPC / Azure VNet / GCP VPC Route 53 / Cloud DNS ALB / NLB AWS Transit Gateway
Step 2 intermediate 6-8 weeks
Networking in the Cloud (VPC/Subnets/DNS) Master cloud networking including VPCs, subnets, routing, DNS, load balancing, and hybrid connectivity.
1 VPC architecture: CIDR blocks, public/private subnets, and route tables 2 NAT gateways, internet gateways, and VPC endpoints (PrivateLink) 3 Security groups vs NACLs: stateful vs stateless firewall rules 4 DNS management with Route 53 / Cloud DNS: hosted zones, record types, routing policies 5 Load balancing: ALB (L7), NLB (L4), and GWLB for appliances 6 Hybrid connectivity: VPN (site-to-site, client), Direct Connect, and Transit Gateway
AWS VPC / Azure VNet / GCP VPC Route 53 / Cloud DNS ALB / NLB AWS Transit Gateway
5
File storage (EFS/FSx) and archival storage (Glacier, Deep Archive)
6 Choosing compute and storage based on performance, durability, and cost
EC2 / Azure VMs / GCE S3 / GCS / Azure Blob EBS / Persistent Disks EFS / FSx
Step 3 intermediate 6-8 weeks
Compute & Storage Services Understand the full spectrum of compute and storage options and learn to match workloads to the right services.
1 Virtual machines: instance types, families, placement groups, and AMIs 2 Auto-scaling groups, launch templates, and scaling policies 3 Block storage (EBS): volume types, IOPS provisioning, and snapshots 4 Object storage (S3): storage classes, lifecycle policies, versioning, replication 5 File storage (EFS/FSx) and archival storage (Glacier, Deep Archive) 6 Choosing compute and storage based on performance, durability, and cost
EC2 / Azure VMs / GCE S3 / GCS / Azure Blob EBS / Persistent Disks EFS / FSx
5
DynamoDB: partition keys, sort keys, GSIs, LSIs, and single-table design
6 Serverless Framework / AWS SAM: templates, local testing, and deployment
AWS Lambda / Azure Functions / Cloud Functions API Gateway / Azure API Management Step Functions / Durable Functions Serverless Framework / SAM
Step 4 intermediate 6-8 weeks
Serverless Architecture Design event-driven serverless applications that scale automatically without managing infrastructure.
1 AWS Lambda: handler functions, layers, concurrency, and cold start mitigation 2 API Gateway: REST APIs, HTTP APIs, WebSocket APIs, and authorisers 3 Step Functions for orchestrating multi-step serverless workflows 4 EventBridge: event buses, rules, schemas, and event-driven patterns 5 DynamoDB: partition keys, sort keys, GSIs, LSIs, and single-table design 6 Serverless Framework / AWS SAM: templates, local testing, and deployment
AWS Lambda / Azure Functions / Cloud Functions API Gateway / Azure API Management Step Functions / Durable Functions Serverless Framework / SAM
5
Resilience patterns: circuit breaker, retry, timeout, bulkhead
6 Inter-service communication: synchronous (gRPC, REST) vs asynchronous (events, queues)
EKS / GKE / AKS Istio / Linkerd AWS App Mesh Cloud Run / ECS Fargate
Step 5 advanced 8-10 weeks
Microservices & Containers Architect microservice-based applications using containers, orchestration, and resilience patterns.
1 Microservice decomposition: bounded contexts and domain-driven design 2 Container orchestration with EKS/GKE/AKS and Fargate/Cloud Run 3 Service mesh: Istio, Linkerd for mTLS, traffic management, and observability 4 API gateways: Kong, AWS API Gateway for routing and rate limiting 5 Resilience patterns: circuit breaker, retry, timeout, bulkhead 6 Inter-service communication: synchronous (gRPC, REST) vs asynchronous (events, queues)
EKS / GKE / AKS Istio / Linkerd AWS App Mesh Cloud Run / ECS Fargate
5
Data cataloguing, governance, and lineage tracking
6 Lakehouse architecture: Delta Lake, Apache Iceberg, and Apache Hudi
AWS Glue / Dataproc Redshift / BigQuery / Snowflake Apache Kafka (MSK) / Kinesis Apache Airflow / Step Functions
Step 6 advanced 6-8 weeks
Data Architecture (Lakes & Warehouses) Design modern data platforms with data lakes, warehouses, and streaming pipelines for analytics and machine learning.
1 Data lake architecture: S3/GCS + Glue/Dataproc + Athena/BigQuery 2 Data warehouses: Redshift, Snowflake, BigQuery design and optimisation 3 ETL vs ELT pipelines and orchestration with Airflow or Step Functions 4 Real-time streaming: Kinesis, Kafka (MSK), Pub/Sub, and stream processing 5 Data cataloguing, governance, and lineage tracking 6 Lakehouse architecture: Delta Lake, Apache Iceberg, and Apache Hudi
AWS Glue / Dataproc Redshift / BigQuery / Snowflake Apache Kafka (MSK) / Kinesis Apache Airflow / Step Functions
5
Multi-account governance: AWS Organizations, Control Tower, and landing zones
6 Security Hub, GuardDuty, CloudTrail, and automated compliance checks
AWS IAM / Azure AD AWS KMS / Azure Key Vault AWS WAF / CloudFront AWS Security Hub / GuardDuty
Step 7 advanced 6-8 weeks
Security & Identity Management Implement defence-in-depth security with IAM, encryption, network segmentation, and multi-account governance.
1 IAM policies: least privilege, conditions, permission boundaries, and SCPs 2 Encryption at rest (KMS, SSE) and in transit (TLS, ACM certificate management) 3 Web Application Firewall (WAF) rules and AWS Shield for DDoS protection 4 Identity federation: SAML 2.0, OIDC, and SSO with Azure AD / Okta 5 Multi-account governance: AWS Organizations, Control Tower, and landing zones 6 Security Hub, GuardDuty, CloudTrail, and automated compliance checks
AWS IAM / Azure AD AWS KMS / Azure Key Vault AWS WAF / CloudFront AWS Security Hub / GuardDuty
Storage tiering and lifecycle policies for cost reduction
6 FinOps operating model: inform, optimise, operate phases
AWS Cost Explorer / Azure Cost Management CloudHealth / Spot.io Infracost (IaC cost estimation) AWS Trusted Advisor / Compute Optimizer
Step 8 intermediate 3-4 weeks
Cost Optimisation & FinOps Apply FinOps principles to analyse, optimise, and govern cloud spending without sacrificing performance.
1 Cost allocation with tagging strategies and cost categories 2 Reserved Instances, Savings Plans, and Spot/Preemptible instances 3 Right-sizing recommendations and compute optimiser analysis 4 Budget alerts, anomaly detection, and cost forecasting 5 Storage tiering and lifecycle policies for cost reduction 6 FinOps operating model: inform, optimise, operate phases
AWS Cost Explorer / Azure Cost Management CloudHealth / Spot.io Infracost (IaC cost estimation) AWS Trusted Advisor / Compute Optimizer
5
Networking across clouds: interconnects, VPN peering, and DNS federation
6 Governance and operational consistency across heterogeneous cloud estates
Terraform (multi-provider) Kubernetes (multi-cluster) Pulumi Anthos / Azure Arc
Step 9 advanced 4-6 weeks
Multi-Cloud Strategy Design portable, vendor-agnostic architectures and understand when multi-cloud strategies deliver real value.
1 Evaluating multi-cloud: vendor lock-in, regulatory, and best-of-breed drivers 2 Infrastructure abstraction with Terraform for multi-cloud provisioning 3 Kubernetes as a workload portability layer across providers 4 Cloud-agnostic data strategies: object storage APIs, database abstractions 5 Networking across clouds: interconnects, VPN peering, and DNS federation 6 Governance and operational consistency across heterogeneous cloud estates
Terraform (multi-provider) Kubernetes (multi-cluster) Pulumi Anthos / Azure Arc
5
Game days, tabletop exercises, and DR plan testing cadence
6 Chaos engineering for validating resilience assumptions
AWS Backup / Azure Site Recovery Route 53 health checks / failover routing S3 Cross-Region Replication Chaos Monkey / AWS FIS
Step 10 advanced 4-6 weeks
Disaster Recovery & High Availability Design architectures that survive failures at every level from single instances to entire regions with tested recovery plans.
1 RTO and RPO calculation for each workload tier 2 DR strategies: backup-restore, pilot light, warm standby, active-active 3 Cross-region replication for databases, storage, and stateful services 4 Auto-scaling, health checks, and automated failover mechanisms 5 Game days, tabletop exercises, and DR plan testing cadence 6 Chaos engineering for validating resilience assumptions
AWS Backup / Azure Site Recovery Route 53 health checks / failover routing S3 Cross-Region Replication Chaos Monkey / AWS FIS
5
Database migration: homogeneous and heterogeneous with DMS/SCT
6 Application modernisation patterns: strangler fig, anti-corruption layer
AWS Migration Hub / Azure Migrate AWS DMS / SCT CloudEndure / AWS MGN AWS Control Tower
Step 11 advanced 6-8 weeks
Enterprise Migration Strategy Plan and execute large-scale cloud migrations using structured frameworks, assessment tools, and wave-based execution.
1 7 Rs migration framework: rehost, replatform, repurchase, refactor, retire, retain, relocate 2 Portfolio assessment and workload prioritisation with discovery tools 3 Landing zone design: account structure, networking, and security baselines 4 Migration factory: wave planning, runbooks, and cutover procedures 5 Database migration: homogeneous and heterogeneous with DMS/SCT 6 Application modernisation patterns: strangler fig, anti-corruption layer
AWS Migration Hub / Azure Migrate AWS DMS / SCT CloudEndure / AWS MGN AWS Control Tower
5 Cost Optimisation: expenditure awareness, pay-per-use, and right-sizing
6 Sustainability: efficient resource usage, managed services, and carbon-aware design
AWS Well-Architected Tool AWS Trusted Advisor Azure Advisor / GCP Recommender Architecture Decision Records (ADRs)
Step 12 advanced 4-6 weeks
Well-Architected Framework Mastery Internalise the Well-Architected Framework across all pillars and conduct architectural reviews for production workloads.
1 Operational Excellence: runbooks, deployment automation, and observability 2 Security: IAM, detective controls, data protection, and incident response 3 Reliability: fault tolerance, recovery procedures, and change management 4 Performance Efficiency: right-sizing, monitoring, and architectural trade-offs 5 Cost Optimisation: expenditure awareness, pay-per-use, and right-sizing 6 Sustainability: efficient resource usage, managed services, and carbon-aware design
AWS Well-Architected Tool AWS Trusted Advisor Azure Advisor / GCP Recommender Architecture Decision Records (ADRs)