Skip to main content

Learn About the Shared Responsibility Model

Learning Objectives

After completing this unit, you’ll be able to:

  • Define Amazon Web Services (AWS)’s responsibilities in the Shared Responsibility Model.
  • Define the customer’s responsibility in the Shared Responsibility Model.
Note

Note

This module was produced in collaboration with Amazon Web Services, which owns, supports, and maintains the Amazon Web Services products, services, and features described here. Use of Amazon Web Services products, services, and features is governed by privacy policies and service agreements maintained by Amazon Web Services.

Know the Shared Responsibility Model

When you use AWS services, you and AWS share the responsibility of maintaining security and compliance. Let’s take a look at the shared responsibility model and review where the responsibility lies for different aspects of security.

AWS’s Responsibility: Security of the Cloud

AWS’s responsibilities in foundation services and the global infrastructure

AWS is responsible for security of the cloud. This includes the foundation services of compute, storage, database, and network.

This also includes the global infrastructure. AWS operates, manages, and controls the components that include everything from the host operating system and virtualization layer down to the physical security of the facilities in which the services operate.

The AWS global infrastructure includes:

  • AWS regions
  • Availability Zones and edge locations
  • The facilities, networks, hardware components, and operational software (like the host operating system, virtualization software, and so on) that support the provisioning and use of these resources

The number one priority of AWS is to protect this global infrastructure.

Customer Responsibility: Security in the Cloud

A graphic that lists the customer’s responsibilities: customer data, platform, applications, identity and access management, operating system, network and firewall configuration client-side data encryption and data integrity authentication, server-side encryption (file system and/or data), and network traffic protection (encryption/integrity/identity)

While AWS secures and maintains the cloud infrastructure, you are responsible for securing everything that you put in the cloud. This includes your data, the applications that you build, your configurations, and so on.

When using AWS services, you maintain complete control over your content and are responsible for managing the security relating to your content, including:

  • The content that you choose to store on AWS.
  • The country in which your content is stored.
  • The format and structure of your content, along with whether it is masked, anonymized, or encrypted.
  • Who has access to your content and how those access rights are managed.

Wrap-Up

The shared responsibility model helps establish which aspects of security AWS ensures and which aspects are the customers responsibility.

In the next unit, you learn about AWS Identity and Access Management (IAM).

Resources

Share your Trailhead feedback over on Salesforce Help.

We'd love to hear about your experience with Trailhead - you can now access the new feedback form anytime from the Salesforce Help site.

Learn More Continue to Share Feedback