What is the AWS shared responsibility model?

Cloud security is the shared responsibility of both the cloud service provider like AWS and the customer. If we talk about security within the cloud, then that is the responsibility of AWS, while the responsibility of the cloud is that of the customer. These responsibilities are mentioned under the cloud security structure called the AWS shared responsibility model.

AWS’s shared responsibility model ensures that any operational burden is removed from the customer’s shoulders. Instead, AWS is held accountable for the security and updates of the underlying hardware and host operating system. However, the customer is still held accountable for managing the guest operating system, any apps running on their cloud, and the configuration of security group firewalls provided by AWS. Because of this, customers should wisely select cloud resources since their responsibility will vary according to the services they use, their level of abstraction, the integration of those services, and the laws applied to them.

The AWS shared responsibility model

AWS takes full responsibility for the security of the cloud, while ensuring security inside the cloud is the customer’s responsibility.

  • AWS responsibility: AWS is held accountable for securing the cloud hardware in all edge locations, availability zones, and regions. From management and control of the host operating system, management of the virtualization layer upon which the operating systems are hosted, to physically securing infrastructure upon which the cloud services are hosted is the job of AWS.

  • Customer responsibility: On the other hand, the customer can be held accountable for managing the guest operating system. This includes managing security patches and updates and handling application software. They must also configure the AWS-provided firewalls, security groups, and IAM.

The following diagrams summarize the responsibility for both AWS and the customer.

AWS shared responsibility model
AWS shared responsibility model

Responsibility for IT controls

Managing, operating, and verifying IT controls is also shared.

Inherited controls: Physical and environmental controls are passed down to the customer from AWS.

Shared controls: These contain infrastructure and customer layer controls, where the customer gives their control implementation, and AWS provides requirements for infrastructure, which includes patch management, configuration management, and training.

Customer-specific controls: Customer-specific controls are the customer’s sole responsibility and are determined by the type of application deployed using the AWS services.

Example

We’ll look at the example of an EC2 instance placed inside a VPC.

EC2 instance (IaaS)

AWS: Responsible for the infrastructure and the services used with the EC2 instance.

Customer: Responsible for security patches, data encryption, updates, configuring the firewall, and management of guest OS.

Free Resources

Copyright ©2024 Educative, Inc. All rights reserved

Learn in-demand tech skills in half the time

PRODUCTS

Mock Interview

New

Courses

Skill Paths

Projects

Assessments

TRENDING TOPICS

Learn to Code

Tech Interview Prep

Generative AI

Data Science

Machine Learning

GitHub Students Scholarship

Early Access Courses

Blind 75

Layoffs

Pricing

For Individuals

Try for Free

Gift a Subscription

CONTRIBUTE

Become an Author

Become an Affiliate

Earn Referral Credits

RESOURCES

Blog

Cheatsheets

Webinars

Answers

ABOUT US

Our Team

Careers

Hiring

Frequently Asked Questions

Contact Us

Press

LEGAL

Privacy Policy

Cookie Policy

Terms of Service

Business Terms of Service

Data Processing Agreement

INTERVIEW PREP COURSES

Grokking the Modern System Design Interview

Grokking the Product Architecture Design Interview

Grokking the Coding Interview Patterns

Machine Learning System Design

Tiktok Streamline Icon: https://streamlinehq.com

Copyright ©2024 Educative, Inc. All rights reserved.

soc2