AWS responsibility “Security of the Cloud” - AWS is responsible for protecting the infrastructure that runs all of the services offered in the AWS Cloud. This infrastructure is composed of the hardware, software, networking, and facilities that run AWS Cloud services.
Customer responsibility “Security in the Cloud” – Customer responsibility will be determined by the AWS Cloud services that a customer selects. This determines the amount of configuration work the customer must perform as part of their security responsibilities.
The Shared Responsibility Model in AWS defines the terms between AWS and all customers, regarding security and compliance. The shared responsability model make emphasizes that AWS is responsible for the security of the cloud, meanwhile customers are responsible for the security in the cloud.
AWS Responsibility (Security of the Cloud)
AWS is responsible for the physical security of the infrastructure and the core services provided:
Data centers and hardware: Security of the physical servers, storage devices, networking equipment, and the overall infrastructure.
Hypervisor: Protecting the virtualization layer (for instance, the software that manages EC2 instances).
Networking: Ensuring the security of the network infrastructure.
Global infrastructure: Managing data centers, availability zones, and regions, as well as performing patching, monitoring, and other foundational tasks.
Compliance certifications: AWS undergoes audits and certifications to meet various industry compliance standards (e.g., ISO 27001, SOC 1/2/3, HIPAA, etc.).
Customer Responsibility (Security in the Cloud)
Customers are responsible for managing and securing the resources they deploy in AWS:
Operating system (OS): Maintaining and patching your operating system.
Applications: Securing your applications and services running on EC2 instances.
Data: Encrypting and managing your data both at rest and in transit.
Network security: Configuring firewalls (e.g., security groups, network ACLs) and Virtual Private Cloud (VPC) to control traffic to your EC2 instances.
Access management: Configuring identity and access management (IAM) to control who can access your EC2 instances and other AWS resources.
Backup and recovery: Implementing backup and disaster recovery strategies for your data and systems.
In Summary
AWS: Manages the security of the infrastructure and ensures the availability, scalability, and durability of the cloud platform.
Customer: Responsible for securing the data, applications, and operating systems that run on EC2 instances, as well as configuring access control and network security.
Understanding this model helps clarify your role in securing your AWS resources and the boundaries of responsibility between you and AWS.
