# Task Statement 1.2: Design Secure Workloads and Applications

In this study group, we will **secure workloads and applications on AWS** by learning **best practices for application security, network segmentation, credential protection, and external threat mitigation**.

This guide follows **SecureCart**, an e-commerce company, as they **implement a secure AWS architecture** while protecting their infrastructure from **external and internal threats**.

***

### **📅 Study Group Agenda**

| **Week**   | **Topic**                                         | **Key AWS Services**                                       |
| ---------- | ------------------------------------------------- | ---------------------------------------------------------- |
| **Week 1** | Application Configuration & Credential Security   | AWS Secrets Manager, AWS Systems Manager Parameter Store   |
| **Week 2** | Securing Network Traffic & AWS Service Endpoints  | VPC Endpoints, Security Groups, Network ACLs, Route Tables |
| **Week 3** | Network Segmentation Strategies & Traffic Control | Public/Private Subnets, NAT Gateway, VPC Peering           |
| **Week 4** | Protecting Applications from External Threats     | AWS WAF, AWS Shield, Amazon GuardDuty                      |
| **Week 5** | Securing External Network Connections             | AWS Direct Connect, VPN, Transit Gateway                   |
| **Week 6** | Hands-on Labs & Final Challenge                   | Implementing End-to-End Secure Workloads                   |

***

### **🎯 Final Study Group Summary**

| **Week**   | **Focus Area**                   | **Outcome**                                           |
| ---------- | -------------------------------- | ----------------------------------------------------- |
| **Week 1** | Secure Application Credentials   | Use AWS Secrets Manager & IAM Policies                |
| **Week 2** | Secure AWS Service Communication | Implement VPC Endpoints & Secure Networking           |
| **Week 3** | Network Segmentation & Security  | Configure Private/Public Subnets & NAT Gateway        |
| **Week 4** | Protecting Against Cyber Threats | Use AWS WAF, Shield, GuardDuty, & Macie               |
| **Week 5** | Secure External Connectivity     | Implement AWS VPN, Direct Connect, Transit Gateway    |
| **Week 6** | Hands-on Scenarios               | Apply all security best practices to real-world cases |

###