Cloud Diary

AWS Compute (Part : 2)

Nayan Tank's photo
Nayan Tank
·

2 min read

AWS Compute (Part : 2)

When you work with the AWS Cloud, managing security and compliance is a shared responsibility between AWS and you. To depict this shared responsibility, AWS created the shared responsibility model. The distinction of responsibility is commonly referred to as security of the cloud as compared to security in the cloud.

The AWS shared responsibility model shows the division of customer responsibilities and AWS responsibilities.

AWS responsibility

AWS is responsible for the security of the cloud. This means that AWS protects and secures the infrastructure that runs the services offered in the AWS Cloud. AWS is responsible for the following:

  • Protecting and securing AWS Regions, Availability Zones, and data centers, down to the physical security of the buildings

  • Managing the hardware, software, and networking components that run AWS services, such as the physical servers, host operating systems, virtualization layers, and AWS networking components

The level of responsibility that AWS has depends on the service. AWS classifies services into two categories. The following table provides information about each, including the AWS responsibility.

Customer responsibility

Customers are responsible for security in the cloud. When using any AWS service, the customer is responsible for properly configuring the service and their applications, in addition to ensuring that their data is secure.

The customers' level of responsibility depends on the AWS service. Some services require the customer to perform all the necessary security configuration and management tasks. Other more abstracted services require customers to only manage the data and control access to their resources. Using the two categories of AWS services, customers can determine their level of responsibility for each AWS service that they use.

Due to the varying levels of effort, customers must consider which AWS services they use and review the level of responsibility required to secure each service. They must also review how the AWS shared responsibility model aligns with the security standards in their IT environment in addition to any applicable laws and regulations.

A key concept is that customers maintain complete control of their data and are responsible for managing the security related to their content. For example, you are responsible for the following:

  • Choosing a Region for AWS resources in accordance with data sovereignty regulations

  • Implementing data-protection mechanisms, such as encryption and scheduled backups

  • Using access control to limit who can access your data and AWS resources

AWSShared Responsability ModelDevopsCloudSecurity