# Domain 1: Design Secure Architectures

- [Task Statement 1.1: Design secure access to AWS resources](/study-group/aws-certified-solutions-architect-associate/domain-1-design-secure-architectures/task-statement-1.1-design-secure-access-to-aws-resources.md)
- [SecureCart's Journey](/study-group/aws-certified-solutions-architect-associate/domain-1-design-secure-architectures/task-statement-1.1-design-secure-access-to-aws-resources/securecarts-journey.md)
- [AWS Identity & Access Management (IAM) Fundamentals](/study-group/aws-certified-solutions-architect-associate/domain-1-design-secure-architectures/task-statement-1.1-design-secure-access-to-aws-resources/aws-identity-and-access-management-iam-fundamentals.md)
- [AWS Security Token Service (STS)](/study-group/aws-certified-solutions-architect-associate/domain-1-design-secure-architectures/task-statement-1.1-design-secure-access-to-aws-resources/aws-security-token-service-sts.md)
- [AWS Organization](/study-group/aws-certified-solutions-architect-associate/domain-1-design-secure-architectures/task-statement-1.1-design-secure-access-to-aws-resources/aws-organization.md)
- [IAM Identity Center](/study-group/aws-certified-solutions-architect-associate/domain-1-design-secure-architectures/task-statement-1.1-design-secure-access-to-aws-resources/iam-identity-center.md)
- [AWS Policies](/study-group/aws-certified-solutions-architect-associate/domain-1-design-secure-architectures/task-statement-1.1-design-secure-access-to-aws-resources/aws-policies.md)
- [Federated Access](/study-group/aws-certified-solutions-architect-associate/domain-1-design-secure-architectures/task-statement-1.1-design-secure-access-to-aws-resources/federated-access.md)
- [Directory Service](/study-group/aws-certified-solutions-architect-associate/domain-1-design-secure-architectures/task-statement-1.1-design-secure-access-to-aws-resources/directory-service.md)
- [Managing Access Across Multiple Accounts](/study-group/aws-certified-solutions-architect-associate/domain-1-design-secure-architectures/task-statement-1.1-design-secure-access-to-aws-resources/managing-access-across-multiple-accounts.md)
- [Authorization Models in IAM](/study-group/aws-certified-solutions-architect-associate/domain-1-design-secure-architectures/task-statement-1.1-design-secure-access-to-aws-resources/authorization-models-in-iam.md)
- [AWS Control Tower](/study-group/aws-certified-solutions-architect-associate/domain-1-design-secure-architectures/task-statement-1.1-design-secure-access-to-aws-resources/aws-control-tower.md)
- [AWS Service Control Policies (SCPs)](/study-group/aws-certified-solutions-architect-associate/domain-1-design-secure-architectures/task-statement-1.1-design-secure-access-to-aws-resources/aws-service-control-policies-scps.md)
- [Use Cases](/study-group/aws-certified-solutions-architect-associate/domain-1-design-secure-architectures/task-statement-1.1-design-secure-access-to-aws-resources/use-cases.md)
- [Using IAM Policies and Tags for Access Control in AWS](/study-group/aws-certified-solutions-architect-associate/domain-1-design-secure-architectures/task-statement-1.1-design-secure-access-to-aws-resources/use-cases/using-iam-policies-and-tags-for-access-control-in-aws.md)
- [Task Statement 1.2: Design Secure Workloads and Applications](/study-group/aws-certified-solutions-architect-associate/domain-1-design-secure-architectures/task-statement-1.2-design-secure-workloads-and-applications.md)
- [SecureCart Journey](/study-group/aws-certified-solutions-architect-associate/domain-1-design-secure-architectures/task-statement-1.2-design-secure-workloads-and-applications/securecart-journey.md)
- [Application Configuration & Credential Security](/study-group/aws-certified-solutions-architect-associate/domain-1-design-secure-architectures/task-statement-1.2-design-secure-workloads-and-applications/application-configuration-and-credential-security.md)
- [Copy of Application Configuration & Credential Security](/study-group/aws-certified-solutions-architect-associate/domain-1-design-secure-architectures/task-statement-1.2-design-secure-workloads-and-applications/copy-of-application-configuration-and-credential-security.md)
- [Network Segmentation Strategies & Traffic Control](/study-group/aws-certified-solutions-architect-associate/domain-1-design-secure-architectures/task-statement-1.2-design-secure-workloads-and-applications/network-segmentation-strategies-and-traffic-control.md)
- [Securing Network Traffic & AWS Service Endpoints](/study-group/aws-certified-solutions-architect-associate/domain-1-design-secure-architectures/task-statement-1.2-design-secure-workloads-and-applications/securing-network-traffic-and-aws-service-endpoints.md)
- [Protecting Applications from External Threats](/study-group/aws-certified-solutions-architect-associate/domain-1-design-secure-architectures/task-statement-1.2-design-secure-workloads-and-applications/protecting-applications-from-external-threats.md)
- [Securing External Network Connections](/study-group/aws-certified-solutions-architect-associate/domain-1-design-secure-architectures/task-statement-1.2-design-secure-workloads-and-applications/securing-external-network-connections.md)
- [AWS Network Firewall](/study-group/aws-certified-solutions-architect-associate/domain-1-design-secure-architectures/task-statement-1.2-design-secure-workloads-and-applications/aws-network-firewall.md)
- [AWS Firewall Manager](/study-group/aws-certified-solutions-architect-associate/domain-1-design-secure-architectures/task-statement-1.2-design-secure-workloads-and-applications/aws-firewall-manager.md)
- [IAM Authentication Works with Databases](/study-group/aws-certified-solutions-architect-associate/domain-1-design-secure-architectures/task-statement-1.2-design-secure-workloads-and-applications/iam-authentication-works-with-databases.md)
- [AWS WAF (Web Application Firewall)](/study-group/aws-certified-solutions-architect-associate/domain-1-design-secure-architectures/task-statement-1.2-design-secure-workloads-and-applications/aws-waf-web-application-firewall.md)
- [Use Cases](/study-group/aws-certified-solutions-architect-associate/domain-1-design-secure-architectures/task-statement-1.2-design-secure-workloads-and-applications/use-cases.md)
- [AWS Endpoint Policy for Trusted S3 Buckets](/study-group/aws-certified-solutions-architect-associate/domain-1-design-secure-architectures/task-statement-1.2-design-secure-workloads-and-applications/use-cases/aws-endpoint-policy-for-trusted-s3-buckets.md)
- [Increasing Fault Tolerance for AWS Direct Connect in SecureCart’s Multi-VPC Network](/study-group/aws-certified-solutions-architect-associate/domain-1-design-secure-architectures/task-statement-1.2-design-secure-workloads-and-applications/use-cases/increasing-fault-tolerance-for-aws-direct-connect-in-securecarts-multi-vpc-network.md)
- [Securing Multi-Domain SSL with ALB in SecureCart Using SNI-Based SSL](/study-group/aws-certified-solutions-architect-associate/domain-1-design-secure-architectures/task-statement-1.2-design-secure-workloads-and-applications/use-cases/securing-multi-domain-ssl-with-alb-in-securecart-using-sni-based-ssl.md)
- [Configuring a Custom Domain Name for API Gateway with AWS Certificate Manager and Route 53](/study-group/aws-certified-solutions-architect-associate/domain-1-design-secure-architectures/task-statement-1.2-design-secure-workloads-and-applications/use-cases/configuring-a-custom-domain-name-for-api-gateway-with-aws-certificate-manager-and-route-53.md)
- [Application Load Balancer (ALB) – Redirecting HTTP to HTTPS](/study-group/aws-certified-solutions-architect-associate/domain-1-design-secure-architectures/task-statement-1.2-design-secure-workloads-and-applications/use-cases/application-load-balancer-alb-redirecting-http-to-https.md)
- [Security Considerations in ALB Logging & Monitoring](/study-group/aws-certified-solutions-architect-associate/domain-1-design-secure-architectures/task-statement-1.2-design-secure-workloads-and-applications/use-cases/security-considerations-in-alb-logging-and-monitoring.md)
- [Amazon CloudFront and Different Origin Use Cases](/study-group/aws-certified-solutions-architect-associate/domain-1-design-secure-architectures/task-statement-1.2-design-secure-workloads-and-applications/amazon-cloudfront-and-different-origin-use-cases.md)
- [Security Group](/study-group/aws-certified-solutions-architect-associate/domain-1-design-secure-architectures/task-statement-1.2-design-secure-workloads-and-applications/security-group.md)
- [CloudFront](/study-group/aws-certified-solutions-architect-associate/domain-1-design-secure-architectures/task-statement-1.2-design-secure-workloads-and-applications/cloudfront.md)
- [NACL](/study-group/aws-certified-solutions-architect-associate/domain-1-design-secure-architectures/task-statement-1.2-design-secure-workloads-and-applications/nacl.md)
- [Amazon Cognito](/study-group/aws-certified-solutions-architect-associate/domain-1-design-secure-architectures/task-statement-1.2-design-secure-workloads-and-applications/amazon-cognito.md)
- [VPC Endpoint](/study-group/aws-certified-solutions-architect-associate/domain-1-design-secure-architectures/task-statement-1.2-design-secure-workloads-and-applications/vpc-endpoint.md)
- [Task Statement 1.3: Determine appropriate data security controls](/study-group/aws-certified-solutions-architect-associate/domain-1-design-secure-architectures/task-statement-1.3-determine-appropriate-data-security-controls.md)
- [SecureCart Journey](/study-group/aws-certified-solutions-architect-associate/domain-1-design-secure-architectures/task-statement-1.3-determine-appropriate-data-security-controls/securecart-journey.md)
- [Data Access & Governance](/study-group/aws-certified-solutions-architect-associate/domain-1-design-secure-architectures/task-statement-1.3-determine-appropriate-data-security-controls/data-access-and-governance.md)
- [Data Encryption & Key Management](/study-group/aws-certified-solutions-architect-associate/domain-1-design-secure-architectures/task-statement-1.3-determine-appropriate-data-security-controls/data-encryption-and-key-management.md)
- [Data Retention, Classification & Compliance](/study-group/aws-certified-solutions-architect-associate/domain-1-design-secure-architectures/task-statement-1.3-determine-appropriate-data-security-controls/data-retention-classification-and-compliance.md)
- [Data Backup, Replication & Recovery](/study-group/aws-certified-solutions-architect-associate/domain-1-design-secure-architectures/task-statement-1.3-determine-appropriate-data-security-controls/data-backup-replication-and-recovery.md)
- [Managing Data Lifecycle & Protection Policies](/study-group/aws-certified-solutions-architect-associate/domain-1-design-secure-architectures/task-statement-1.3-determine-appropriate-data-security-controls/managing-data-lifecycle-and-protection-policies.md)
- [KMS](/study-group/aws-certified-solutions-architect-associate/domain-1-design-secure-architectures/task-statement-1.3-determine-appropriate-data-security-controls/kms.md)
- [S3 Security Measures](/study-group/aws-certified-solutions-architect-associate/domain-1-design-secure-architectures/task-statement-1.3-determine-appropriate-data-security-controls/s3-security-measures.md)
- [KMS Use Cases](/study-group/aws-certified-solutions-architect-associate/domain-1-design-secure-architectures/task-statement-1.3-determine-appropriate-data-security-controls/kms-use-cases.md)
- [Use Cases](/study-group/aws-certified-solutions-architect-associate/domain-1-design-secure-architectures/task-statement-1.3-determine-appropriate-data-security-controls/use-cases.md)
- [Safely Storing Sensitive Data on EBS and S3](/study-group/aws-certified-solutions-architect-associate/domain-1-design-secure-architectures/task-statement-1.3-determine-appropriate-data-security-controls/use-cases/safely-storing-sensitive-data-on-ebs-and-s3.md)
- [Managing Compliance & Security with AWS Config](/study-group/aws-certified-solutions-architect-associate/domain-1-design-secure-architectures/task-statement-1.3-determine-appropriate-data-security-controls/use-cases/managing-compliance-and-security-with-aws-config.md)
- [Preventing Sensitive Data Exposure in Amazon S3](/study-group/aws-certified-solutions-architect-associate/domain-1-design-secure-architectures/task-statement-1.3-determine-appropriate-data-security-controls/use-cases/preventing-sensitive-data-exposure-in-amazon-s3.md)
- [Encrypting EBS Volumes for HIPAA Compliance](/study-group/aws-certified-solutions-architect-associate/domain-1-design-secure-architectures/task-statement-1.3-determine-appropriate-data-security-controls/use-cases/encrypting-ebs-volumes-for-hipaa-compliance.md)
- [EBS Encryption Behavior](/study-group/aws-certified-solutions-architect-associate/domain-1-design-secure-architectures/task-statement-1.3-determine-appropriate-data-security-controls/use-cases/ebs-encryption-behavior.md)
- [Using EBS Volume While Snapshot is in Progress](/study-group/aws-certified-solutions-architect-associate/domain-1-design-secure-architectures/task-statement-1.3-determine-appropriate-data-security-controls/use-cases/using-ebs-volume-while-snapshot-is-in-progress.md)
- [Compliance](/study-group/aws-certified-solutions-architect-associate/domain-1-design-secure-architectures/task-statement-1.3-determine-appropriate-data-security-controls/compliance.md)
- [Implementing Access Policies for Encryption Keys](/study-group/aws-certified-solutions-architect-associate/domain-1-design-secure-architectures/task-statement-1.3-determine-appropriate-data-security-controls/implementing-access-policies-for-encryption-keys.md)
- [Rotating Encryption Keys and Renewing Certificates](/study-group/aws-certified-solutions-architect-associate/domain-1-design-secure-architectures/task-statement-1.3-determine-appropriate-data-security-controls/rotating-encryption-keys-and-renewing-certificates.md)
- [Implementing Policies for Data Access, Lifecycle, and Protection](/study-group/aws-certified-solutions-architect-associate/domain-1-design-secure-architectures/task-statement-1.3-determine-appropriate-data-security-controls/implementing-policies-for-data-access-lifecycle-and-protection.md)
- [Rotating encryption keys and renewing certificates](/study-group/aws-certified-solutions-architect-associate/domain-1-design-secure-architectures/task-statement-1.3-determine-appropriate-data-security-controls/rotating-encryption-keys-and-renewing-certificates-1.md)
- [Instance Store](/study-group/aws-certified-solutions-architect-associate/domain-1-design-secure-architectures/task-statement-1.3-determine-appropriate-data-security-controls/instance-store.md)
- [AWS License Manager](/study-group/aws-certified-solutions-architect-associate/domain-1-design-secure-architectures/task-statement-1.3-determine-appropriate-data-security-controls/aws-license-manager.md)
- [Glacier](/study-group/aws-certified-solutions-architect-associate/domain-1-design-secure-architectures/task-statement-1.3-determine-appropriate-data-security-controls/glacier.md)
- [AWS CloudHSM Key Management & Zeroization Protection](/study-group/aws-certified-solutions-architect-associate/domain-1-design-secure-architectures/task-statement-1.3-determine-appropriate-data-security-controls/aws-cloudhsm-key-management-and-zeroization-protection.md)
- [EBS](/study-group/aws-certified-solutions-architect-associate/domain-1-design-secure-architectures/task-statement-1.3-determine-appropriate-data-security-controls/ebs.md)
- [AWS Security Services](/study-group/aws-certified-solutions-architect-associate/domain-1-design-secure-architectures/aws-security-services.md)
- [Use Cases](/study-group/aws-certified-solutions-architect-associate/domain-1-design-secure-architectures/use-cases.md)
- [IAM Policy & Directory Setup for S3 Access via Single Sign-On (SSO)](/study-group/aws-certified-solutions-architect-associate/domain-1-design-secure-architectures/use-cases/iam-policy-and-directory-setup-for-s3-access-via-single-sign-on-sso.md)
- [Federating AWS Access with Active Directory (AD FS) for Hybrid Cloud Access](/study-group/aws-certified-solutions-architect-associate/domain-1-design-secure-architectures/use-cases/federating-aws-access-with-active-directory-ad-fs-for-hybrid-cloud-access.md)