AWS Security Basics

AWS Shared Security Model:

https://d1.awsstatic.com/security-center/Shared_Responsibility_Model_V2.59d1eccec334b366627e9295b304202faf7b899b.jpg

AWS is responsible for security of the cloud. This means AWS is required to protect and secure the infrastructure that runs all the services offered in the AWS Cloud. AWS is responsible for:

  • Protecting and securing AWS Regions, Availability Zones, and data centers, down to the physical security of the buildings
  • Managing the hardware, software, and networking components that run AWS services, such as the physical server, host operating systems, virtualization layers, and AWS networking components

The level of responsibility AWS has depends on the service.

You’re responsible for security in the cloud. When using any AWS service, you’re responsible for properly configuring the service and your applications, as well as ensuring your data is secure. The level of responsibility you have depends on the AWS service. It’s important to note that you maintain complete control of your data and are responsible for managing the security related to your content. Here are some examples of your responsibilities in context.

  • Choosing a Region for AWS resources in accordance with data sovereignty regulations
  • Implementing data protection mechanisms, such as encryption and managing backups
  • Using access control to limit who has access to your data and AWS resources
CategoryAWS ResponsibilityCustomer Responsibility
Infrastructure servicesAWS manages the infrastructure and foundation services.You control the operating system and application platform, as well as encrypting, protecting, and managing customer data.
Container servicesAWS manages the infrastructure and foundation services, operating system, and application platform.You are responsible for customer data, encrypting that data, and protecting it through network firewalls and backups.
Abstracted servicesAWS operates the infrastructure layer, operating system, and platforms, as well as server-side encryption and data protection.You are responsible for managing customer data and protecting it through client-side encryption.
Customer level of responsibility for each AWS service

Leave a comment

Your email address will not be published. Required fields are marked *