Progress Dashboard

Week 1 (March 14-20)

• ○ Cloud Architect resume edits back to contact (someone is waiting on you)
• ○ Identify an Oklahoma employment attorney (ask network if needed, don't need to retain yet)
• ○ Draft executive search InMail message (workshop with Olly)
• ○ Research 8-10 partners/senior consultants at Korn Ferry, Heidrick & Struggles, Spencer Stuart
• ○ Add target consultants to [[executive_search_tracker]]

Week 2 (March 21-27)

• ○ Send first batch of executive search InMails (4-5 people)
• ○ Network outreach: 3-4 messages from your 25-person list
• ○ Begin interview prep: write "why did you leave" narrative in [[interview_prep]]
• ○ Ask your 4 lunch contacts for local/regional recruiter recommendations
• ○ Update [[network_outreach_tracker]] with outreach status

Week 3 (March 28 – April 3)

• ○ Send second batch of executive search InMails (4-5 more, include boutiques)
• ○ Network outreach: 3-4 more contacts
• ○ Interview prep: draft 5-6 STAR stories in [[interview_prep]]
• ○ Research and contact 2-3 local/regional recruiters from lunch referrals
• ○ Follow up with Cloud Architect lead (check status)

Week 4 (April 4-10)

• ○ Network outreach: 3-4 contacts
• ○ Follow up on unanswered Week 2 executive search InMails (one follow-up each, then rest)
• ○ Mock interview session: layoff narrative + 2 STAR stories
• ○ Personal website: finalize copy
• ○ Update [[opportunity_tracker]] with any new leads

Week 5 (April 11-17)

• ○ Personal website launched
• ○ Network outreach: 3-4 contacts
• ○ Mock interview session: leadership philosophy, culture questions, Westrum model
• ○ Begin light monitoring of posted roles (30 min/week, genuine fits only)
• ○ LinkedIn content: first post (time it with peak profile views from outreach)

Week 6 (April 18-24)

• ○ Network outreach: continue (should be 15-20 contacts deep by now)
• ○ Follow up on boutique firm InMails from Week 3
• ○ Mock interview session: technical depth (architecture decisions, Terraform strategy, cost optimization, incident management philosophy)
• ○ Shift prep time to company-specific research if interviews are on calendar

Weeks 7-8 (April 25 – May 8)

• ○ Active interviews (hopefully)
• ○ Continue network outreach with remaining contacts
• ○ Company-specific research and prep for live opportunities
• ○ Follow up with any recruiter relationships that have gone quiet
• ○ If pipeline is thin: increase volume on posted role applications
• ○ LinkedIn content: second post if timing is right

Weeks 9-10 (May 9 – May 22)

• ○ Active interviews and follow-up
• ○ Separation agreement arrives: get it to attorney immediately
• ○ Remaining network outreach
• ○ Post-employment search plan: sketch out what weeks 11+ look like if nothing has closed yet (this is realistic planning, not failure)

Running Throughout All Phases

• ○ AWS Solutions Architect study (separate plan, already in progress)
• ○ LinkedIn content: 1-2 posts total during the 10 weeks
• ○ Keep [[opportunity_tracker]] current
• ○ Log all conversations with #conversation and #hire-me-2026

Resources You Need Before Day 1

• ✓ Create your AWS Free Tier account and enable MFA on the root user immediately
• ✓ Create a non-root IAM admin user and use that for everything going forward
• ✓ Install Terraform CLI in your Codespaces devcontainer (`terraform -version` to confirm)
• ○ Purchase Tutorials Dojo SAA practice exam pack
• ○ Bookmark: developer.hashicorp.com/terraform/tutorials/aws-get-started

How to Use This Plan

• ○ Cantrill is your primary content engine. Watch actively, not passively. Pause and replay.
• ○ Hands-on labs follow each major Cantrill section. Do not skip these. Watching is not learning.
• ○ Terraform shadowing means: after you learn an AWS service in Cantrill, you go provision that same thing in Terraform. This builds both skills simultaneously.
• ○ Fridays are lighter and include AI/freeform play. This is intentional. Protect the recovery time.
• ○ Practice exams start Week 10. Not earlier. You need the content foundation first.
• ○ Flag your weak spots as you go. Keep a running note called SAA Weak Spots in Obsidian and add to it whenever a topic does not click. Week 10-11 is when you drill those specifically.

Monday Mar 17

• ○ Set up AWS Free Tier account
• ○ Enable MFA on root account (do not skip this)
• ○ Create IAM admin user, attach AdministratorAccess policy, generate access keys
• ○ Configure AWS CLI: `aws configure`
• ○ Verify: `aws sts get-caller-identity`
• ○ Install Terraform CLI, run `terraform -version`
• ○ Cantrill: Watch the course introduction and the "AWS Accounts" section

Tuesday Mar 18

• ○ Cantrill: AWS Global Infrastructure (Regions, AZs, Edge Locations)
• ○ Cantrill: IAM Identity Basics
• ○ Hands-on: Create an IAM user, group, and policy in the console by hand
• ○ Terraform: Complete "Install Terraform" + "Build Infrastructure" tutorials on HashiCorp Learn

Wednesday Mar 19

• ○ Cantrill: IAM continued — Roles, Policies, STS basics
• ○ Hands-on: Create an IAM role with a trust policy, assume it via CLI
• ○ Terraform: Complete "Change Infrastructure" and "Destroy Infrastructure" tutorials
• ○ Start your SAA Weak Spots note in Obsidian

Thursday Mar 20

• ○ Cantrill: AWS Organizations and Service Control Policies
• ○ Hands-on: Create a member account under your org (optional but valuable)
• ○ Terraform: Complete "Define Input Variables" and "Query Data with Outputs" tutorials
• ○ HashiCorp Learn: Read "Terraform Language" overview page

Friday Mar 21 — Freeform AI Day

• ○ Spend 60-90 min playing with an LLM API or tool of your choice
• ○ Suggested: Use the AWS CLI to invoke Amazon Bedrock, or explore the Bedrock console
• ○ Light Cantrill: Re-watch anything from this week that felt shaky

Week 2 (Mar 24-28): Networking Foundations

• ○ Cantrill: VPC Fundamentals — what a VPC is, CIDR blocks, default vs custom VPCs
• ○ Hands-on: Create a custom VPC with a CIDR block in the console, explore what gets created automatically
• ○ Cantrill: Subnets, Route Tables, Internet Gateways
• ○ Hands-on: Add public and private subnets to your VPC, attach an IGW, update route tables
• ○ Terraform: Provision a VPC and subnets using `aws_vpc` and `aws_subnet` — your first real Terraform shadow exercise
• ○ Cantrill: NAT Gateways, Bastion Hosts, NACLs vs Security Groups
• ○ Hands-on: Launch an EC2 instance in your public subnet, SSH in
• ○ Note the difference between NACLs (stateless) and Security Groups (stateful) in your notes
• ○ Cantrill: VPC Peering, VPC Endpoints (Gateway vs Interface)
• ○ Hands-on: Create a VPC endpoint for S3 and test access from an EC2 instance
• ○ Terraform: Add a security group and an internet gateway to your Terraform VPC config
• ○ AI play: Try using Claude or another LLM to explain what a VPC is. Argue with it. See if it gets things wrong.
• ○ Light Cantrill: Review any VPC topics that felt unclear this week

Week 3 (Mar 31 - Apr 4): Compute

• ○ Cantrill: EC2 Architecture, Instance Types, AMIs
• ○ Hands-on: Launch instances of different types, compare pricing in the console
• ○ Cantrill: EC2 Storage — EBS volume types, instance store, EBS snapshots
• ○ Hands-on: Attach an EBS volume to a running instance, format it, mount it, take a snapshot
• ○ Terraform: Provision an EC2 instance with an attached EBS volume using `aws_instance` and `aws_ebs_volume`
• ○ Cantrill: EC2 Purchase Options — On-Demand, Reserved, Spot, Dedicated
• ○ Cantrill: Auto Scaling Groups — launch templates, scaling policies
• ○ Hands-on: Create a launch template and a simple ASG with min/max/desired
• ○ Cantrill: Elastic Load Balancing — ALB vs NLB vs CLB, listeners, target groups
• ○ Hands-on: Put an ALB in front of two EC2 instances, test failover
• ○ Terraform: Add an ALB and target group to your Terraform config
• ○ AI play: Prompt an LLM to quiz you on EC2 purchase options with hard scenario questions
• ○ Light review: Sketch the architecture you built this week from memory on paper

Week 4 (Apr 7-11): Storage

• ○ Cantrill: S3 Fundamentals — buckets, objects, storage classes
• ○ Hands-on: Create an S3 bucket, upload objects, set a lifecycle policy
• ○ Terraform: Provision an S3 bucket with versioning enabled using `aws_s3_bucket`
• ○ Cantrill: S3 Security — bucket policies, ACLs, pre-signed URLs, S3 Block Public Access
• ○ Hands-on: Write a bucket policy that allows read access to a specific IAM role only
• ○ Test it by assuming the role and trying to access the bucket
• ○ Cantrill: S3 Advanced — versioning, replication (CRR/SRR), object lock, MFA delete
• ○ Cantrill: S3 Performance — multipart upload, Transfer Acceleration
• ○ Hands-on: Enable versioning, delete an object, then restore it
• ○ Cantrill: EFS — when to use it vs EBS, mount targets, performance modes
• ○ Cantrill: FSx variants (brief orientation)
• ○ Hands-on: Mount an EFS volume to two EC2 instances simultaneously
• ○ AI play: Ask an LLM to give you an architecture scenario and ask which S3 storage class you would use and why
• ○ Review: Update your Obsidian weak spots note

Week 5 (Apr 14-18): Databases

• ○ Cantrill: RDS Architecture — Multi-AZ, Read Replicas, supported engines
• ○ Hands-on: Launch an RDS MySQL instance (use db.t3.micro for free tier)
• ○ Terraform: Provision an RDS instance using `aws_db_instance`
• ○ Cantrill: Aurora — architecture differences from RDS, Aurora Serverless
• ○ Cantrill: RDS Backup and Restore — automated backups, snapshots, PITR
• ○ Hands-on: Take a manual RDS snapshot, restore it to a new instance
• ○ Cantrill: DynamoDB — partition keys, sort keys, read/write capacity modes
• ○ Cantrill: DynamoDB Streams and Global Tables
• ○ Hands-on: Create a DynamoDB table, put items, query them via CLI
• ○ Cantrill: ElastiCache — Redis vs Memcached, when to use each
• ○ Cantrill: Redshift basics
• ○ Terraform: Provision a DynamoDB table using `aws_dynamodb_table`
• ○ AI play: Have an LLM generate a scenario: "Your app needs session data for millions of users with sub-millisecond reads." Walk through your reasoning.
• ○ Light Cantrill review

Week 6 (Apr 21-25): Application Integration + Serverless

• ○ Cantrill: SQS — standard vs FIFO, visibility timeout, dead letter queues
• ○ Cantrill: SNS — topics, subscriptions, fan-out pattern
• ○ Hands-on: Create an SQS queue and SNS topic, subscribe the queue to the topic, publish a message
• ○ Cantrill: Lambda — invocation models, execution roles, layers, concurrency
• ○ Hands-on: Write a Lambda function that reads from SQS and logs to CloudWatch
• ○ Terraform: Deploy a Lambda function using `aws_lambda_function`
• ○ Cantrill: API Gateway — REST vs HTTP APIs, stages, throttling
• ○ Cantrill: Step Functions basics
• ○ Hands-on: Wire API Gateway to your Lambda function from Tuesday
• ○ Cantrill: EventBridge — rules, event buses, patterns
• ○ Cantrill: Kinesis overview
• ○ Terraform: Create an SQS queue and SNS topic with a subscription in Terraform
• ○ AI play: Design a serverless architecture for a simple web app: API Gateway + Lambda + DynamoDB + S3. Ask an LLM to poke holes in it.
• ○ Review: End of Phase 1. Full review of your weak spots note.

Week 7 (Apr 28 - May 2): Security and Identity

• ○ Cantrill: KMS — CMKs, key policies, envelope encryption, grants
• ○ Hands-on: Create a KMS key, encrypt an S3 object with it, test access controls
• ○ Cantrill: Secrets Manager vs Parameter Store
• ○ Cantrill: Certificate Manager (ACM)
• ○ Hands-on: Store a database password in Secrets Manager, retrieve it via CLI and via Lambda
• ○ Terraform: Use `aws_secretsmanager_secret` to provision a secret
• ○ Cantrill: CloudTrail, Config, and GuardDuty — the audit/compliance triad
• ○ Hands-on: Enable CloudTrail in your account, trigger an event, find it in the logs
• ○ Cantrill: WAF, Shield, and Firewall Manager
• ○ Cantrill: Cognito — User Pools vs Identity Pools
• ○ Hands-on: Create a Cognito User Pool and test sign-up/sign-in flow
• ○ AI play: Ask an LLM to create a security audit checklist for an AWS account. Critique it based on what you learned this week.

Week 8 (May 5-9): High Availability and DR

• ○ Cantrill: Route 53 — all routing policies (Simple, Weighted, Latency, Failover, Geolocation, Geoproximity, Multivalue)
• ○ Hands-on: Create a hosted zone, add A records, experiment with weighted routing
• ○ Cantrill: CloudFront — distributions, origins, behaviors, signed URLs vs signed cookies
• ○ Hands-on: Put a CloudFront distribution in front of your S3 bucket
• ○ Terraform: Provision a CloudFront distribution using `aws_cloudfront_distribution`
• ○ Cantrill: Global Accelerator vs CloudFront — know the difference cold
• ○ Cantrill: Disaster Recovery strategies — Backup/Restore, Pilot Light, Warm Standby, Multi-Site
• ○ Make a comparison table in Obsidian: RPO/RTO for each strategy
• ○ Cantrill: Elastic Disaster Recovery (DRS)
• ○ Cantrill: Multi-Region architecture patterns
• ○ Hands-on: Sketch a multi-region active-passive architecture on paper
• ○ AI play: Give an LLM a DR scenario and ask it to recommend a strategy with justification. Disagree with it and see how it responds.

Week 9 (May 12-16): Monitoring, Cost, and Hybrid

• ○ Cantrill: CloudWatch — metrics, alarms, logs, log insights, dashboards
• ○ Hands-on: Create a CloudWatch alarm on EC2 CPU utilization, trigger it
• ○ Terraform: Create a CloudWatch alarm using `aws_cloudwatch_metric_alarm`
• ○ Cantrill: Cost management — Cost Explorer, Budgets, Trusted Advisor, Compute Optimizer
• ○ Hands-on: Set a billing alarm in your account. Do this for real, not just for the exam.
• ○ Cantrill: Direct Connect and Site-to-Site VPN
• ○ Cantrill: Transit Gateway
• ○ Focus on understanding the use cases and diagramming them
• ○ Cantrill: ECS and EKS overview
• ○ Cantrill: Elastic Beanstalk
• ○ Hands-on: Deploy a simple containerized app to ECS Fargate
• ○ End of Phase 2. Full review of weak spots note.
• ○ AI play: Ask an LLM to generate 10 hard SAA-style scenario questions on your weak spot topics.

Week 10 (May 19-23): First Practice Exam Pass

• ○ Take Tutorials Dojo Practice Exam 1 — timed, exam conditions (no notes, 130 min, 65 questions)
• ○ Score it. Do not look at answers until you finish.
• ○ Note every question you were uncertain about, even ones you got right.
• ○ Review every wrong answer from Exam 1 in depth. Go back to Cantrill for that topic.
• ○ Add every weak area to your SAA Weak Spots note with a specific action item.
• ○ Targeted Cantrill re-watch: top 3 weak spots from Exam 1
• ○ Hands-on lab on at least one of those topics
• ○ Take Tutorials Dojo Practice Exam 2 under timed conditions
• ○ Same process: finish first, then review
• ○ Review Exam 2 wrong answers
• ○ Identify patterns (is it always networking? always DR? always pricing?)

Week 11 (May 26-30): Gap Closing and Final Reps

• ○ Targeted Cantrill re-watch: top 3 weak spots from Exam 2
• ○ Take Tutorials Dojo Practice Exam 3
• ○ Full review of Exam 3
• ○ Focus on any question type that keeps appearing
• ○ Take Tutorials Dojo Practice Exam 4
• ○ You should be scoring above 80% consistently now. If not, add a buffer week before booking.
• ○ Light review only — go through your complete weak spots note one final time
• ○ No new content. No new labs. Trust the work.
• ○ Book your exam if you have not already. Booking it makes it real.
• ○ Rest. One light re-read of your Obsidian notes.
• ○ No practice exams today.

Phase 4 — Exam Week (Week 12: Jun 2-6)

• ○ Final light review: IAM, VPC, S3, RDS, Route 53
• ○ Final light review: Lambda, SQS/SNS, CloudFront, KMS, CloudWatch
• ○ Take 20-30 Tutorials Dojo quiz questions max. No full exams.
• ○ Rest day. Go do something physical.
• ○ Eat well and sleep the night before
• ○ Arrive early or set up remote proctoring environment well in advance
• ○ Flag uncertain questions and come back. Do not get stuck.
• ○ You have 130 minutes for 65 questions. That is 2 minutes per question.

Week 13: State and Backends

• ○ HashiCorp Learn: "Store Remote State" (S3 backend)
• ○ Configure S3 backend with DynamoDB locking for your existing configs
• ○ Learn `terraform state list`, `show`, `mv`, `rm`
• ○ Read the Terraform docs page on state entirely

Week 14: Modules and Workspaces

• ○ HashiCorp Learn: "Reuse Configuration with Modules"
• ○ Refactor your existing VPC config into a reusable module
• ○ HashiCorp Learn: "Use Terraform Workspaces"
• ○ Create dev/staging/prod workspaces for a simple config

Week 15: Advanced HCL and Exam Topics

• ○ Practice `count` and `for_each` — provision N EC2 instances dynamically
• ○ Practice `dynamic` blocks for variable security group rules
• ○ Read the exam guide: hashicorp.com/certification/terraform-associate
• ○ Take the official HashiCorp sample questions

Week 16: Practice Exams and Exam Day

• ○ Bryan Krausen Terraform Associate practice exams on Udemy (~$12-15)
• ○ Take all available practice exams, review every wrong answer
• ○ Book and sit the Terraform Associate exam

Exam Day Logistics Checklist

• ○ Book exam at least 2 weeks in advance (Pearson VUE)
• ○ Test webcam, microphone, and internet 48 hours before
• ○ Have two forms of government-issued ID ready
• ○ Clear your desk completely — they will scan the room
• ○ Exam: 65 questions, 130 minutes, passing score ~720/1000

Terraform Associate Exam Logistics

• ○ Delivered by PSI (not Pearson VUE)
• ○ 57 questions, 60 minutes
• ○ Passing score: ~70%
• ○ Book at least 1 week in advance

A Note on the AI Play Sessions

• ○ Weeks 1-4: Explore AWS AI services — Bedrock, Rekognition, Comprehend. No coding required.
• ○ Weeks 5-8: Prompt LLMs with architecture problems. Critique their answers. Use them to quiz yourself.
• ○ Weeks 9-12: Start thinking about MCP and agentic patterns on AWS infrastructure. Lambda + API Gateway + Bedrock is a real and common pattern.
• ○ Post-SAA: This becomes its own learning thread. You will have the infrastructure foundation to actually build things.