CLF-C02 Recap
Shared Responsibility Model

Shared Responsibility Model

The AWS Shared Responsibility Model

There is a variety of resources that you can create in the AWS Cloud. These resources include Amazon EC2 instances, Amazon S3 buckets, and Amazon RDS databases. Who is responsible for keeping these resources secure: we (the customer) or AWS?

The answer is both. The reason is that we do not treat our AWS environment as a single object. Rather, we treat the environment as a collection of parts that build upon each other. AWS is responsible for some parts of our environment and we (the customer) are responsible for other parts. This concept is known as the shared responsibility model.

The shared responsibility model divides into customer responsibilities (commonly referred to as “security in the cloud”) and AWS responsibilities (commonly referred to as “security of the cloud”)

O6M4BSJJQEWjOAUiSUBFsA_eba05e82263847828f72e132048f2d9c_Shared-Responsibility-1.png

Image source: Amazon Web Services (Coursera)

You can think of this model as being similar to the division of responsibilities between a homeowner and a homebuilder. The builder (AWS) is responsible for constructing our house and ensuring that it is solidly built. As the homeowner (the customer), it is our responsibility to secure everything in the house by ensuring that the doors are closed and locked.

Customers: Security in the Cloud

We are responsible for the security of everything that we create and put in the AWS Cloud.

When using AWS services, we, the customer, maintain complete control over our content. We are responsible for managing security requirements for our content, including which content we choose to store on AWS, which AWS services we use, and who has access to that content. We also control how access rights are granted, managed, and revoked.

The security steps that we take will depend on factors such as the services that we use, the complexity of your systems, and our company’s specific operational and security needs. Steps include selecting, configuring, and patching the operating systems that will run on Amazon EC2 instances, configuring security groups, and managing user accounts.

AWS: Security of the cloud

AWS is responsible for security of the cloud.

AWS operates, manages, and controls the components at all layers of infrastructure. This includes areas such as the host operating system, the virtualization layer, and even the physical security of data centers from which services operate.

AWS is responsible for protecting the global infrastructure that runs all of the services offered in the AWS Cloud. This infrastructure includes AWS Regions, Availability Zones, and edge locations.

AWS manages the security of the cloud, specifically the physical infrastructure that hosts your resources, which include:

  • Physical security of data centers
  • Hardware and software infrastructure
  • Network infrastructure
  • Virtualization infrastructure

Although you cannot visit AWS data centers to see this protection firsthand, AWS provides several reports from third-party auditors. These auditors have verified its compliance with a variety of computer security standards and regulations.

Additional Database ServicesUser Permission and Access