diff --git a/week1.md b/week1.md
index 5034e78..0f5ebf5 100644
--- a/week1.md
+++ b/week1.md
@@ -25,7 +25,8 @@ This project will migrate the Spring PetClinic Microservices demo from its local
 
 - Run full PetClinic microservices on AWS with CI/CD.
 - Observability: logs, metrics, traces for 100% of services.
-- Cost target: keep monthly infra cost under a defined limit (set by Project Sponsor).
+- Cost target: keep monthly infra cost under a defined limit
+.
 - Security: secrets encrypted, least-privilege IAM, HTTPS for all endpoints.
 
 ### Deadlines
@@ -162,42 +163,28 @@ This project will migrate the Spring PetClinic Microservices demo from its local
 
 ### Jobs and environments
 
-- Each microservices has his own Jenkins pipeline
+- Each microservices has his own Jenkins pipeline per environment.
 
-| Environment | Purpose | Infrastructure | Notes |
-|----|----|----|----|
-| **Development (Local)** | Local testing, feature validation | Docker Compose | Developer workstations |
-| **Staging (AWS)** | Integration and pre-prod testing | ECS/EKS (staging cluster), RDS (test DB) | Mirrors production |
-| **Production (AWS)** | Live system | ECS/EKS (prod cluster), RDS (prod DB) | Monitored|
+| Environment | Purpose | Infrastructure |
+|----|----|----|
+| **Development (Local)** | Local testing, feature validation | Docker Compose |
+| **Staging (AWS)** | Integration and pre-prod testing | ECS/EKS (staging cluster), RDS (test DB) |
+| **Production (AWS)** | Live system | ECS/EKS (prod cluster), RDS (prod DB) |
 
  ## Storage
 
- ### 1. Database (RDBMS)
+| **Type** | **Service** | **Use / Description** | **IOPS / Performance** | **Volume / Size** | **Backup Strategy** |
+|-----|-----|-----|-----|-----|-----|
+| **1. Database (RDBMS)** | Amazon RDS (MySQL) | Structured data for each microservice schema | 3,000–6,000 (gp3 default) or provisioned as needed | 20 GB per schema  | Automated daily snapshots (14-day retention) |
+| **2. Block Storage** | Amazon EBS (gp3) | EC2-hosted Jenkins, logs, or stateful containers | 3,000 baseline | / | Not necessary |
+| **3. Object Storage**   | Amazon S3 | Logs, backups, images | Standard or Infrequent Access tiers | / | Cross-region replication or versioning enabled |
 
-- Service: Amazon RDS (MySQL)
-- IOPS: 3,000–6,000 (gp3 default) or provisioned as needed
-- Volume: 20 GB per microservice schema
-- Backup: Automated daily snapshots (14 day retention)
-
-### 2. Block Storage
-
-- Service: Amazon EBS (gp3)
-- Use: EC2-hosted Jenkins, logs, or stateful containers
-- IOPS: 3,000 baseline
-- Backup: Not necessary
-
-### 3. Object Storage
-
-- Service: Amazon S3
-- Use: Logs, backups, images
-- Performance: Standard or Infrequent Access tiers
-- Backup: Cross-region replication or versioning enabled
 
 ## Data
 
 ### 1. Location
 - Eu-central-1 region
-- Place database (RDS) and services in the same region and AZs for low latency.
+- Place database (RDS) and services in the same region and AZs.
 
 ### 2. Replication / Distribution
 | Data Type | Replication / Distribution Strategy |
@@ -243,7 +230,7 @@ This project will migrate the Spring PetClinic Microservices demo from its local
 
 | Environment | Nodes | Notes |
 |----|----|----|
-| **Staging** | 3 ECS container instances (EC2) | Handles staging microservices, mirrors production setup                                |
+| **Staging** | 3 ECS container instances (EC2) | Handles staging microservices, mirrors production setup |
 | **Production / Live** | 3 ECS container instances (EC2) | Fixed-size cluster, no autoscaling to reduce costs |
 | **Scalability** | N/A for autoscaling | Fixed node count to reduce cost but still allow horizontal scaling via ECS task count or manual node addition. |
 
@@ -272,4 +259,43 @@ This project will migrate the Spring PetClinic Microservices demo from its local
 
 #### Service Definitions:
 - Each microservice has an ECS service with a desired task count.
-- Service linked to ALB .
\ No newline at end of file
+- Service linked to ALB .
+
+## Security
+
+| **Area** | **Focus** | **Implementation / Notes** |
+|----|----|----|
+| **1. Authentication, Authorization, Auditing (AAA)** | - User & service identity <br> - Access control <br> - Activity tracking | - Spring Security with JWT or OAuth2 <br> - IAM roles restrict AWS access per service <br> - Auditing: Not relevant since we don't handle sensitive data <br> - CloudWatch for app/service logs |
+| **2. Code Security** | - Application code <br> - Secrets <br> - Dependencies | - Static analysis via SonarQube or CodeQL <br> - No hardcoded credentials <br> - Secrets in AWS Secrets Manager or Parameter Store <br> - Dependency scanning (OWASP, GitHub Dependabot) |
+| **3. Traffic Security** | - Encryption <br> - Routing <br> - Network boundaries | - HTTPS enforced via ALB <br> - Internal TLS optional for microservices <br> - Security groups restrict inbound/outbound ports <br> - Private subnets for internal services and databases |
+| **4. Instance / Container Security** | - Node hardening <br> - Container runtime <br> - Secrets handling | - Use minimal and updated AMIs <br> - Regular patching, no direct SSH (bastion-only) <br> - Containers run as non-root users <br> - Vulnerability scanning before deploy <br> - Secrets passed via IAM roles or ECS environment vars |
+
+## Observability
+| **Aspect**  | **Tools** | **Notes** |
+|----|----|----|
+| **Metrics** | **Prometheus** | Collect CPU, memory, and ECS task metrics from node exporters |
+| | | If microservices expose `/prometheus`, integrate directly. |
+| | **Grafana** | Dashboards for system and service health |
+| **Logs** | **AWS CloudWatch Logs** | ECS task logs streamed to CloudWatch via Log Drivers. |
+| | |Structured JSON logging for easy filtering and search.|
+| | |Optional integration into Grafana Loki later. |
+| **Traces**  | **AWS X-Ray** | Trace API calls across microservices. |
+| **Alerts**  | **CloudWatch Alarms** | CloudWatch for infrastructure-level alerts (CPU, memory, ECS health)
+| | **Grafana Alerts** | Grafana alert rules for application metrics from Prometheus. |
+| | | Alerts via email or Slack webhook.|
+
+## Continuity & Recovery
+
+| **Aspect** | **Approach / Tooling** | **Notes** |
+|----|----|----|
+| **Redundancy** | Multi-AZ deployment | RDS and ECS nodes deployed across multiple Availability Zones for high availability.|
+| | | Load balancer automatically routes traffic to healthy tasks. |
+| **Failover** | AWS-managed failover | RDS Multi-AZ provides automatic database failover.
+| |  |ECS services automatically restart failed tasks on healthy nodes.|
+| | | Manual intervention only needed for regional failures. |
+| **Backup** | AWS Backup / RDS Snapshots| Automated RDS daily backups with retention policy.
+| | S3 Versioning | S3 bucket versioning for uploaded images and configs.|
+| **Business Continuity Plan** | Operate from secondary region if needed | Documented procedure to restore environment in another AWS region using IaC templates (Terraform). |
+| | | Prioritize restoring RDS, Config Server, and API Gateway. |
+| **Disaster Recovery Plan** | Cold standby in alternate region | No live duplication to save cost.|
+| | | Periodic replication of backups and images to secondary region. |