Scribd
Upload
68 views

Shared Responsibility Model

The AWS Shared Responsibility Model outlines how security responsibilities are shared between AWS and their customers. AWS is responsible for security of the cloud, managing the underlying cloud infrastructure including the physical security of data centers and hardware, as well as operating systems and virtualization layer. Customers are responsible for security in the cloud, including control and management of guest operating systems, applications, identity access management, encryption of data, and security configuration. This shared model aims to relieve customers' operational burden while ensuring responsibilities are clearly defined.

Uploaded by

Intissar Salhi
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
68 views

Shared Responsibility Model

The AWS Shared Responsibility Model outlines how security responsibilities are shared between AWS and their customers. AWS is responsible for security of the cloud, managing the underlying cloud infrastructure including the physical security of data centers and hardware, as well as operating systems and virtualization layer. Customers are responsible for security in the cloud, including control and management of guest operating systems, applications, identity access management, encryption of data, and security configuration. This shared model aims to relieve customers' operational burden while ensuring responsibilities are clearly defined.

Uploaded by

Intissar Salhi
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

AWS Shared Responsibility Model

Welcome to this lecture about AWS Shared Responsibility Model and this is a super important
lecture for your exam so you need to understand this model if you want to pass the exam.

Security and Compliance is a shared responsibility between AWS and the customer. This
shared model can help relieve the customer’s operational burden as AWS operates, manages
and controls the components from the host operating system and virtualization layer down to the
physical security of the facilities in which the service operates. The customer assumes
responsibility and management of the guest operating system (including updates and security
patches), other associated application software as well as the configuration of the AWS
provided security group firewall.

This is a good diagram so let’s start with:


AWS responsibility - AWS is responsible for regions, availability zones and edge locations,
Amazon protect the infrastructure that runs all of the services offered in the AWS Cloud.
It is responsible also for compute, storage, database that stores your information and
networking.We got software so AWS are responsible for things like high proviser in most cases
this will go to the operating system, you can’t access RDS operating system so amazon are
responsible for patching RDS ( for example if you run mysql server in Windows, Amazon is
responsible for patching that ).
Now we move to the:
Customer responsibility – Customer responsibility will be determined by the AWS Cloud
services that a customer selects. This determines the amount of configuration work the
customer must perform as part of their security responsibilities.
You are going to be responsible for Client-side Data encryption, Server-side encryption and
networking traffic protection you will communicate with https or over VPN, you will be
responsible for your operating systems (EC2) Amazon will be responsible for the operating
systems of RDS. you are responsible for platform, applications and Identity Access
Management.
You need to go to this URL https://aws.amazon.com/ar/compliance/shared-responsibility-model/
and you really need to read everything before your exam.
So try to remember that AWS responsibility is “Security of the Cloud” and Customer
responsibility is “Security in the Cloud”.
So Amazon is responsible for the security of the operating systems where the RDS runs but the
the security of the data you put there is your responsibility and when you transmit that data out
to other applications you should do that through https which is encrypted.
There is actually an amusing song about the Shared Responsibility Model sung by Kate
Turchin.

The Shared Responsibility Model will come across in your exam 4 or 5 times so you can get
some easy marks if you learn this inside out.

You should visualize what the question is asking you. Can you do this or that by yourself in
AWS console
- If yes then you are responsible (for example Security Groups, patching EC2 OS,
patching databases running on EC2 etc)
- If not then AWS is responsible (for example security cameras, cabling, patching RDS OS
etc)
- Encryption is a shared responsibility

You might also like