# Task Statement 1.2: Design Secure Workloads and Applications

In this study group, we will **secure workloads and applications on AWS** by learning **best practices for application security, network segmentation, credential protection, and external threat mitigation**.

This guide follows **SecureCart**, an e-commerce company, as they **implement a secure AWS architecture** while protecting their infrastructure from **external and internal threats**.

***

### **📅 Study Group Agenda**

| **Week**   | **Topic**                                         | **Key AWS Services**                                       |
| ---------- | ------------------------------------------------- | ---------------------------------------------------------- |
| **Week 1** | Application Configuration & Credential Security   | AWS Secrets Manager, AWS Systems Manager Parameter Store   |
| **Week 2** | Securing Network Traffic & AWS Service Endpoints  | VPC Endpoints, Security Groups, Network ACLs, Route Tables |
| **Week 3** | Network Segmentation Strategies & Traffic Control | Public/Private Subnets, NAT Gateway, VPC Peering           |
| **Week 4** | Protecting Applications from External Threats     | AWS WAF, AWS Shield, Amazon GuardDuty                      |
| **Week 5** | Securing External Network Connections             | AWS Direct Connect, VPN, Transit Gateway                   |
| **Week 6** | Hands-on Labs & Final Challenge                   | Implementing End-to-End Secure Workloads                   |

***

### **🎯 Final Study Group Summary**

| **Week**   | **Focus Area**                   | **Outcome**                                           |
| ---------- | -------------------------------- | ----------------------------------------------------- |
| **Week 1** | Secure Application Credentials   | Use AWS Secrets Manager & IAM Policies                |
| **Week 2** | Secure AWS Service Communication | Implement VPC Endpoints & Secure Networking           |
| **Week 3** | Network Segmentation & Security  | Configure Private/Public Subnets & NAT Gateway        |
| **Week 4** | Protecting Against Cyber Threats | Use AWS WAF, Shield, GuardDuty, & Macie               |
| **Week 5** | Secure External Connectivity     | Implement AWS VPN, Direct Connect, Transit Gateway    |
| **Week 6** | Hands-on Scenarios               | Apply all security best practices to real-world cases |

###


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://awsinpractice.itassist.com/study-group/aws-certified-solutions-architect-associate/domain-1-design-secure-architectures/task-statement-1.2-design-secure-workloads-and-applications.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.