Learn About the Shared Responsibility Model
After completing this unit, you’ll be able to:
- Define Amazon Web Services (AWS)’s responsibilities in the Shared Responsibility Model.
- Define the customer’s responsibility in the Shared Responsibility Model.
Know the Shared Responsibility Model
When you use AWS services, you and AWS share the responsibility of maintaining security and compliance. Let’s take a look at the shared responsibility model and review where the responsibility lies for different aspects of security.
AWS’s Responsibility: Security of the Cloud
AWS is responsible for security of the cloud. This includes the foundation services of compute, storage, database, and network.
This also includes the global infrastructure. AWS operates, manages, and controls the components that include everything from the host operating system and virtualization layer down to the physical security of the facilities in which the services operate.
The AWS global infrastructure includes:
- AWS regions
- Availability Zones and edge locations
- The facilities, networks, hardware components, and operational software (like the host operating system, virtualization software, and so on) that support the provisioning and use of these resources
The number one priority of AWS is to protect this global infrastructure.
Customer Responsibility: Security in the Cloud
While AWS secures and maintains the cloud infrastructure, you are responsible for securing everything that you put in the cloud. This includes your data, the applications that you build, your configurations, and so on.
When using AWS services, you maintain complete control over your content and are responsible for managing the security relating to your content, including:
- The content that you choose to store on AWS.
- The country in which your content is stored.
- The format and structure of your content, along with whether it is masked, anonymized, or encrypted.
- Who has access to your content and how those access rights are managed.
The shared responsibility model helps establish which aspects of security AWS ensures and which aspects are the customers responsibility.
In the next unit, you learn about AWS Identity and Access Management (IAM).