# Content Domain 2: Security


**Topics**
+ [

## Task 1: Implement authentication and/or authorization for applications and AWS services
](#developer-associate-02-domain2-task1)
+ [

## Task 2: Implement encryption by using AWS services
](#developer-associate-02-domain2-task2)
+ [

## Task 3: Manage sensitive data in application code
](#developer-associate-02-domain2-task3)

## Task 1: Implement authentication and/or authorization for applications and AWS services

+ Skill 2.1.1: Use an identity provider to implement federated access (for example, Amazon Cognito, IAM)
+ Skill 2.1.2: Secure applications by using bearer tokens
+ Skill 2.1.3: Configure programmatic access to AWS
+ Skill 2.1.4: Make authenticated calls to AWS services
+ Skill 2.1.5: Assume an IAM role
+ Skill 2.1.6: Define permissions for IAM principals
+ Skill 2.1.7: Implement application-level authorization for fine-grained access control
+ Skill 2.1.8: Handle cross-service authentication in microservice architectures

## Task 2: Implement encryption by using AWS services

+ Skill 2.2.1: Define encryption at rest and in transit
+ Skill 2.2.2: Describe certificate management (for example, AWS Private CA)
+ Skill 2.2.3: Describe differences between client-side encryption and server-side encryption
+ Skill 2.2.4: Use encryption keys to encrypt or decrypt data
+ Skill 2.2.5: Generate certificates and SSH keys for development purposes
+ Skill 2.2.6: Use encryption across account boundaries
+ Skill 2.2.7: Enable and disable key rotation

## Task 3: Manage sensitive data in application code

+ Skill 2.3.1: Describe data classification (for example, personally identifiable information [PII], protected health information [PHI])
+ Skill 2.3.2: Encrypt environment variables that contain sensitive data
+ Skill 2.3.3: Use secret management services to secure sensitive data
+ Skill 2.3.4: Sanitize sensitive data
+ Skill 2.3.5: Implement application-level data masking and sanitization
+ Skill 2.3.6: Implement data access patterns for multi-tenant applications