2. Shared responsibility

Key Concepts

• Shared Responsibility Model:
  • AWS and customers both play a role in cloud security.
  • AWS's Role: Responsible for the security of the cloud infrastructure.
  • Customer's Role: Responsible for security in the cloud (their data, apps, settings, etc.).

AWS Responsibilities (Security OF the Cloud)

• Physical Security:
  • Secures data centers (guards, surveillance, access control).
• Infrastructure Security:
  • Hardware (servers, storage) & Software Infrastructure.
  • Network (routers, switches, firewalls).
  • Virtualization layer (instance isolation).
• Compliance:
  • AWS handles compliance certifications and audits for infrastructure.

Customer Responsibilities (Security IN the Cloud)

• Data and Content Management:
  • Data storage choices, encryption, and access permissions.
• Application and OS Security:
  • Patching, updates, and configuration of applications using correct os flavous if using their own OS.
• Network Security:
  • Security groups, firewalls, and network configurations.
• Account and Access Management:
  • User permissions, IAM roles, and multi-factor authentication (MFA).

Service Models & Responsibilities

1. Infrastructure as a Service (IaaS):
   • Examples: Amazon EC2, Amazon VPC.
   • Customer Responsibility: Full control over guest OS, security groups, network settings, storage.
   • AWS Responsibility: Physical infrastructure and virtualization layer.
2. Platform as a Service (PaaS):
   • Examples: AWS Lambda, Amazon RDS.
   • Customer Responsibility: Focus on data, permissions, and applications.
   • AWS Responsibility: Underlying OS, patching, security configurations, disaster recovery.
3. Software as a Service (SaaS):
   • Examples: AWS Trusted Advisor, AWS Shield, Amazon Chime.
   • Customer Responsibility: Minimal, mainly access control.
   • AWS Responsibility: Full stack management (hardware, software, and application).

**Activity Scenarios (Responsibility Examples) MCQ **

• EC2 Instance OS Patching: Customer's responsibility.
• Physical Data Center Security: AWS's responsibility.
• Virtualization Infrastructure: AWS's responsibility.
• Security Group Configuration on EC2: Customer's responsibility.
• Application Configuration on EC2: Customer's responsibility.
• S3 Bucket Access: Customer’s responsibility.