Discover / Amazon Web Services (AWS) / Reading path

Learn AWS in order: a reading path from core services to the cloud

@codesherpaBeginner → Expert
9
Books
70
Hours
5
Stages
Not yet rated

This curriculum takes a beginner from zero cloud knowledge to confidently architecting scalable, reliable AWS applications across four progressive stages. Each stage builds on the last — starting with cloud fundamentals, moving through core AWS services (EC2, S3, IAM, networking), then diving into serverless and advanced architecture patterns, so no concept is introduced before its foundation is in place.

1

Cloud & AWS Foundations

Beginner

Understand what cloud computing is, why AWS exists, and get comfortable navigating the AWS console and core vocabulary before touching any specific service.

Study plan for this stage

Pace: 4–5 weeks, ~25–30 pages/day (approximately 150–175 pages/week across both books)

Key concepts
  • Cloud computing models (IaaS, PaaS, SaaS) and how AWS fits into the landscape
  • AWS global infrastructure: regions, availability zones, and edge locations
  • Core AWS services overview: compute (EC2), storage (S3), databases (RDS), and networking (VPC)
  • AWS pricing model and cost optimization fundamentals
  • IAM (Identity and Access Management) for secure access control
  • The AWS Management Console and CLI basics for navigation and resource management
  • Shared responsibility model: what AWS manages vs. what you manage
  • Common use cases and architectural patterns for cloud deployments
You should be able to answer
  • What are the three main cloud computing models (IaaS, PaaS, SaaS), and which AWS services map to each?
  • Explain the difference between AWS regions and availability zones, and why this matters for application design
  • What is the shared responsibility model, and how does it change your security obligations compared to on-premises infrastructure?
  • How does AWS's pay-as-you-go pricing model work, and what are three strategies to optimize costs?
  • What is IAM, and why is it critical for securing your AWS account from day one?
  • Describe the basic architecture of a simple web application deployed on AWS (compute, storage, database, networking)
Practice
  • Create an AWS free-tier account and spend 30 minutes exploring the AWS Management Console; identify where major services (EC2, S3, RDS, VPC) are located
  • Launch a simple EC2 instance using the AWS Console, connect to it via SSH or RDP, and terminate it; document the steps
  • Create an S3 bucket, upload a file, and configure basic public/private access permissions; verify you understand object-level vs. bucket-level permissions
  • Set up an IAM user with limited permissions (e.g., read-only access to S3) and test logging in with those credentials
  • Draw or diagram a simple 3-tier architecture (web tier, app tier, database tier) and map each component to AWS services learned
  • Use the AWS Pricing Calculator to estimate monthly costs for a small web application (1 EC2 instance, 100 GB S3 storage, small RDS database)

Next up: With a solid grasp of cloud fundamentals, AWS infrastructure, and core service categories, you're ready to dive deep into specific services and design production-ready architectures in the next stage.

AWS Certified Cloud Practitioner Study Guide
Ben Piper · 2019 · 304 pp

Written specifically for absolute beginners, this book explains cloud concepts, AWS global infrastructure, pricing, and the shared responsibility model — the essential mental model before anything else.

Amazon Web Services in Action
Andreas Wittig · 2016 · 476 pp

A hands-on, practical introduction to AWS as a whole platform; it introduces EC2, S3, IAM, and networking together in context, giving beginners a broad map of how services relate before studying each deeply.

2

Core Services — Compute, Storage & Identity

Beginner

Gain working knowledge of EC2 (virtual machines), S3 (object storage), and IAM (identity and access management) — the three pillars every AWS workload depends on.

Study plan for this stage

Pace: 4–5 weeks, ~40–50 pages/day. Week 1–2: AWS Certified SysOps Administrator (EC2 & S3 chapters); Week 3: AWS Certified SysOps Administrator (IAM chapter); Week 4: Securing DevOps (cloud security & identity sections); Week 5: Review and hands-on labs.

Key concepts
  • EC2 instance types, lifecycle states, and how to launch, configure, and manage virtual machines for different workload requirements
  • S3 bucket creation, object management, versioning, lifecycle policies, and access control as the foundation of AWS object storage
  • IAM users, roles, policies, and permission models—the principle of least privilege and how to enforce it across AWS resources
  • Security groups and network ACLs as compute-layer access controls that complement IAM identity-based policies
  • Cross-service integration: how EC2 instances assume IAM roles to securely access S3 and other AWS services without hardcoded credentials
  • DevOps security practices in the cloud: automating identity and access management, auditing, and compliance monitoring
  • Practical threat modeling and defense strategies specific to compute, storage, and identity layers
You should be able to answer
  • What are the key differences between EC2 instance types (compute-optimized, memory-optimized, general-purpose), and how do you choose the right type for a given workload?
  • Explain the principle of least privilege in IAM and describe how to design a policy that grants an EC2 instance permission to read from a specific S3 bucket without granting unnecessary permissions.
  • How do security groups and IAM policies work together to control access to EC2 instances, and what is the difference between them?
  • What is an IAM role, and why is it preferable to embedding AWS credentials directly in an EC2 instance or application code?
  • Describe the S3 access control mechanisms (bucket policies, ACLs, and IAM policies) and when to use each one.
  • How would you audit and monitor who accessed what resources in your AWS environment, and what tools or logs would you use?
Practice
  • Launch an EC2 instance (t3.micro), connect via SSH, and configure a basic web server; then terminate it and document the lifecycle.
  • Create an S3 bucket, upload objects with different storage classes, enable versioning, and configure a lifecycle policy to transition old versions to Glacier.
  • Create an IAM user with programmatic access (access key/secret key), attach a policy that grants read-only access to a specific S3 bucket, and test access using the AWS CLI.
  • Create an IAM role with a trust policy that allows EC2 instances to assume it; attach an S3 read policy, launch an EC2 instance with this role, and verify it can access S3 without hardcoded credentials.
  • Design and implement a security group for a web server (allow HTTP/HTTPS inbound, SSH from your IP, deny all other inbound traffic) and test the rules.
  • Set up CloudTrail logging to an S3 bucket and review logs to see who performed what actions; document a sample audit trail for compliance purposes.

Next up: Mastery of EC2, S3, and IAM as the foundational trio equips you to architect secure, scalable workloads and prepares you for the next stage—advanced networking, databases, and multi-tier application design—where these core services are orchestrated together.

AWS Certified SysOps Administrator Official Study Guide
Stephen Cole · 2017 · 552 pp

Covers EC2 lifecycle, EBS volumes, S3 storage classes, and IAM policies in operational depth, bridging the gap between conceptual awareness and day-to-day administration of core services.

Securing DevOps: Security in the Cloud
Julien Vehent · 2018 · 384 pp

Focuses on IAM best practices, least-privilege design, and securing cloud infrastructure — critical reading immediately after learning what IAM is, so good habits are formed early.

3

Networking & Scalable Architecture

Intermediate

Understand AWS networking (VPC, subnets, security groups, load balancers, Route 53) and learn how to design applications that are highly available and horizontally scalable.

Study plan for this stage

Pace: 6–8 weeks, ~40–50 pages/day (mix of dense technical content and architecture patterns; allow extra time for hands-on labs)

Key concepts
  • VPC design and configuration: CIDR blocks, subnets, availability zones, and multi-AZ deployment patterns
  • Security groups and network ACLs: stateful vs. stateless filtering, inbound/outbound rules, and least-privilege access
  • Elastic Load Balancing: ALB, NLB, and CLB use cases, target groups, health checks, and cross-AZ distribution
  • Route 53: DNS management, routing policies (simple, weighted, latency-based, failover, geolocation), and health checks for failover
  • VPC connectivity: NAT gateways, VPN, Direct Connect, and VPC peering for hybrid and multi-VPC architectures
  • Horizontal scalability patterns: stateless application design, auto-scaling groups, and distributed system principles from Cloud Architecture Patterns
  • High availability design: redundancy across AZs, multi-region strategies, and resilience patterns for fault tolerance
  • Network performance optimization: VPC endpoints, placement groups, and monitoring with VPC Flow Logs and CloudWatch
You should be able to answer
  • How would you design a VPC with public and private subnets across multiple availability zones, and what CIDR block strategy would you use?
  • What is the difference between security groups and network ACLs, and when would you use each to enforce least-privilege access?
  • How would you configure an Application Load Balancer to distribute traffic across instances in multiple AZs, and what health checks would you implement?
  • Explain Route 53's latency-based routing and failover policies—when would you use each, and how do they support high availability?
  • Design a horizontally scalable application architecture using auto-scaling groups, load balancers, and stateless application principles. What would break if your application stored session state locally?
  • How would you connect an on-premises data center to AWS using VPN or Direct Connect, and what security considerations apply?
  • What are the trade-offs between multi-AZ and multi-region deployments for high availability and disaster recovery?
  • How would you use VPC Flow Logs and CloudWatch to monitor and troubleshoot network performance issues?
Practice
  • Build a multi-AZ VPC from scratch: create a VPC with public and private subnets in 2+ AZs, configure route tables, and launch EC2 instances in each subnet to verify connectivity
  • Configure security groups and network ACLs: create layered security rules for a web tier (ALB), application tier (EC2), and database tier (RDS), then test inbound/outbound traffic with curl and telnet
  • Set up an Application Load Balancer: create an ALB with target groups across multiple AZs, configure health checks, and use Route 53 to alias the ALB; test failover by stopping instances
  • Implement Route 53 routing policies: create hosted zones with simple, weighted, and latency-based routing; simulate region failures and verify failover behavior
  • Design and deploy a horizontally scalable application: create an auto-scaling group with a launch template, attach an ALB, and use CloudWatch to trigger scaling based on CPU utilization
  • Configure VPC connectivity: set up a VPN connection or VPC peering between two VPCs, then verify cross-VPC communication and test security group rules
  • Build a multi-region high-availability architecture: replicate a VPC and application stack in a second region, use Route 53 health checks to failover between regions, and document RTO/RPO
  • Monitor and troubleshoot network issues: enable VPC Flow Logs, analyze logs in CloudWatch or S3, identify traffic patterns, and use the VPC Reachability Analyzer to diagnose connectivity problems

Next up: This stage equips you with the networking and scalability foundations needed to architect resilient, production-grade AWS applications; the next stage will build on these patterns to cover database scaling, caching strategies, and application-level optimization for even higher performance and cost efficiency.

AWS Certified Advanced Networking Study Guide
Todd Montgomery · 2023

The most thorough treatment of VPC design, hybrid connectivity, Direct Connect, and Route 53 available in book form — reads naturally after mastering compute and storage basics.

Cloud Architecture Patterns
Bill Wilder · 2012 · 182 pp

Introduces cloud-native patterns — auto-scaling, queue-centric workflows, eventual consistency — that directly apply to AWS and prepare the reader to think architecturally rather than just operationally.

4

Serverless & Modern Application Design

Intermediate

Master AWS Lambda, API Gateway, DynamoDB, and event-driven design to build fully serverless, cost-efficient applications without managing servers.

Study plan for this stage

Pace: 4–5 weeks, ~25–30 pages/day, with 2–3 days per week dedicated to hands-on labs

Key concepts
  • Lambda function lifecycle: creation, deployment, invocation, and execution model (synchronous vs. asynchronous)
  • Event sources and triggers: how Lambda integrates with S3, DynamoDB Streams, SNS, SQS, API Gateway, and CloudWatch Events
  • Lambda permissions and IAM roles: granting functions the minimum required access to other AWS services
  • Function optimization: memory allocation, timeout configuration, cold starts, and performance tuning
  • Packaging and deployment: creating deployment packages, using layers for code reuse, and versioning strategies
  • Error handling and retries: dead-letter queues, exponential backoff, and resilience patterns in event-driven architectures
  • Monitoring and debugging: CloudWatch Logs, X-Ray tracing, and performance metrics to troubleshoot production issues
  • Cost optimization: understanding Lambda pricing, execution duration, and how to design cost-efficient serverless workflows
You should be able to answer
  • What is the difference between synchronous and asynchronous Lambda invocations, and when would you use each?
  • How do you configure an IAM role for a Lambda function, and what principle should guide the permissions you grant?
  • Explain the Lambda cold start problem and describe at least two strategies to mitigate it.
  • How do Lambda layers work, and what are the benefits of using them in a multi-function application?
  • What is a dead-letter queue, and how would you use one to handle failed asynchronous Lambda invocations?
  • How would you use X-Ray to trace and debug a Lambda function that is failing intermittently in production?
Practice
  • Create a simple Lambda function that responds to API Gateway HTTP requests; test both synchronous invocation and monitoring via CloudWatch Logs.
  • Build a Lambda function triggered by S3 events (e.g., object upload); implement error handling and log all invocations.
  • Write a Lambda function that processes messages from an SQS queue; configure a dead-letter queue and test failure scenarios.
  • Deploy a Lambda function using a deployment package and a Lambda layer; verify that the layer code is accessible to the function.
  • Set up X-Ray tracing for a Lambda function; invoke it multiple times and analyze the service map and traces in the X-Ray console.
  • Optimize a Lambda function by adjusting memory allocation and measuring execution time; calculate the cost difference between configurations.

Next up: Understanding Lambda's core mechanics, event-driven triggers, and operational best practices establishes the foundation for integrating Lambda with API Gateway and DynamoDB to build complete serverless applications in the next stage.

Programming AWS Lambda
John Chapin · 2020 · 224 pp

A focused, practical guide to Lambda and API Gateway — the two serverless cornerstones — covering deployment, testing, and event sources in a way that builds directly on prior EC2 and networking knowledge.

5

Architecting for Production — Reliability & Scale

Expert

Apply AWS Well-Architected Framework principles to design production-grade systems that are resilient, observable, cost-optimized, and ready for real-world scale.

Study plan for this stage

Pace: 8–10 weeks, ~40–50 pages/day, with 2–3 days per week dedicated to hands-on labs and architecture reviews

Key concepts
  • AWS Well-Architected Framework pillars: operational excellence, security, reliability, performance efficiency, and cost optimization
  • High-availability architecture patterns: multi-AZ deployments, auto-scaling, load balancing, and failover mechanisms
  • Distributed systems design patterns: sidecar, ambassador, adapter, and replica patterns for resilience and observability
  • Infrastructure as Code (IaC) and automation for reproducible, production-grade deployments
  • Monitoring, logging, and observability strategies using CloudWatch, X-Ray, and structured logging
  • Cost optimization techniques: reserved instances, spot instances, right-sizing, and architectural efficiency
  • Disaster recovery and business continuity: RTO/RPO targets, backup strategies, and multi-region failover
  • Security by design: least privilege, encryption in transit/at rest, and compliance in production systems
You should be able to answer
  • How would you design a production system on AWS that meets a 99.99% availability SLA, and what AWS services would you use to achieve it?
  • Explain the trade-offs between the five pillars of the Well-Architected Framework and how you would balance them for a real-world application
  • What distributed systems patterns would you apply to make a microservices architecture resilient to partial failures, and why?
  • How would you implement comprehensive monitoring and observability for a production system, and what metrics would you track?
  • Describe a cost optimization strategy for a production workload that maintains reliability and performance while reducing spend
  • What is your approach to designing disaster recovery and multi-region failover for a business-critical application?
Practice
  • Design and deploy a multi-AZ, auto-scaling web application using EC2, ALB, and RDS with automated failover; document your architecture decisions against each Well-Architected pillar
  • Implement a distributed system using containerized microservices (ECS or EKS) with sidecar and ambassador patterns for logging and monitoring; test partial failure scenarios
  • Build a comprehensive CloudWatch dashboard and X-Ray service map for a multi-tier application; configure alarms and automated remediation using Lambda and SNS
  • Create an Infrastructure as Code template (CloudFormation or Terraform) for a production-grade application stack; version control it and practice blue-green deployments
  • Conduct a cost optimization audit on a running AWS environment: identify right-sizing opportunities, reserved instance candidates, and architectural inefficiencies; calculate potential savings
  • Design and test a disaster recovery plan with a secondary AWS region: implement cross-region replication, failover automation, and RTO/RPO validation

Next up: This stage equips you with the architectural patterns and AWS service expertise to build resilient, observable, and cost-efficient systems; the next stage will deepen your ability to optimize these systems further and prepare you for advanced certification or specialized domains like security, data engineering, or serverless architecture.

AWS Certified Solutions Architect Official Study Guide
Joe Baron · 2016 · 504 pp

Synthesizes everything — EC2, S3, IAM, VPC, serverless, databases, and more — through the lens of solution design, making it the ideal capstone that ties all prior stages together.

Designing Distributed Systems: Patterns and Paradigms for Scalable, Reliable Services
Brendan Burns · 2018 · 166 pp

Written by a Kubernetes co-creator, this book covers distributed patterns (sidecars, ambassadors, scatter-gather) that apply directly to multi-service AWS architectures, elevating the reader from AWS user to cloud architect.

Discussion

Keep reading

Paths that share books, cover the same subject, or open a related topic.

Shares 1 book

Learn cloud computing: from servers to serverless

Beginner9books87 hrs4 stages
Shares 1 book

Learn DevOps: ship software that stays up

Intermediate10books92 hrs5 stages
More on C++ programming

C++ reading path: from core syntax to modern, high-performance code

Beginner8books120 hrs4 stages