Design Secure Workloads and Applications

In this lesson, we focus on the second task statement of Domain 1: Design Secure Workloads and Applications. This involves ensuring that the people, tools, and applications interacting with your AWS environment do so securely.

This includes determining who or what can launch or terminate resources, managing how and when access is granted, operational permissions, and any interactions involving AWS service calls.

VPC Fundamentals

Before diving deeper, it's essential to revisit some foundational concepts:

• Amazon Virtual Private Cloud (VPC) : Understand how to design, build, and secure both default and custom VPCs. Know the differences between them and their initial security configurations.
• Resiliency of VPCs : Recognize that an Amazon VPC is a regional service, existing within a single AWS Region and account.

Just in case you need it, here is a refresher on default and custom VPCs (Virtual Private Clouds). VPCs allow you to create isolated networks for AWS resources. Here’s a quick breakdown of default and custom VPCs:

Default VPC

• Preconfigured : Comes automatically in each AWS region with public subnets, an internet gateway, and route tables.
• Public by Default : Resources (e.g., EC2 instances) get public IPs and are internet-accessible.
• Use Case : Quick setups, testing environments.

Custom VPC

• User-Defined : Built from scratch to meet specific requirements. No preconfigured subnets or gateways.
• Private by Default : Resources are isolated unless configured otherwise.
• Use Case : Production environments requiring advanced networking and security.

Designing Secure VPC Architectures

Two critical components for achieving this are Security Groups and Network ACLs , and Route Tables and NAT Gateways.

Security Groups and Network ACLs

Security Groups act as virtual firewalls at the instance level, controlli…