The AWS Shared Responsibility Model is a key security and compliance framework that defines who is responsible for what when using AWS cloud services and it splits responsibilities between AWS (the provider) and the customer (you).
- AWS Responsibilities (Security of the Cloud) AWS is responsible for protecting the infrastructure that runs all the services offered in the AWS Cloud. This includes:
Physical security of data centers
-Hardware
-Networking
Global infrastructure (regions, availability zones, edge locations)
Managed services’ infrastructure (like RDS, DynamoDB, Lambda infrastructure, etc.)
- Customer Responsibilities (Security in the Cloud) You are responsible for the security in the cloud, depending on the service used:
IaaS (EC2, S3, etc.):
Data encryption (at rest and in transit)
OS and application patching
Security groups, firewall rules
IAM policies and user permissions
Configuring logging (CloudTrail, CloudWatch)
Secure data management
PaaS/SaaS (like RDS, Lambda, etc.):
Managing access
Data security
Configuring application-level security
Key takeaway:
AWS secures the cloud infrastructure. You secure what you put into the cloud and how you configure it.
