AWS Shared Responsibility Model

Learn how security and compliance responsibilities are divided between AWS and customers.

responsibility-model.json

{

"AWSResponsibility": "Security OF the Cloud",

"CustomerResponsibility": "Security IN the Cloud"

}

responsibility-model.json

1 / 9

🛡️

Tutor:The Shared Responsibility Model is a fundamental concept in AWS that divides security and compliance responsibilities between AWS and the customer. Understanding this model is crucial for cloud security.

⭐ 0 EXP

Responsibility Mastery

Unlock nodes by learning responsibility concepts.

Concept 1: Shared Responsibility Model

The Shared Responsibility Model divides security and compliance responsibilities between AWS and the customer. AWS is responsible for security OF the cloud (infrastructure), while customers are responsible for security IN the cloud (data and applications).

System Check

Who is responsible for patching the guest operating system on EC2?

AWSCustomerBoth equallyNeither

Community Holo-Net

Share Your Security Architecture

Implemented security based on the Shared Responsibility Model? Share your configurations.

Support Us

The Shared Responsibility Model

Pascual Vila

Cloud Instructor.

The Shared Responsibility Model is a fundamental concept in AWS that divides security and compliance responsibilities between AWS and the customer. Understanding this model is crucial for cloud security and compliance.

AWS Responsibilities (Security OF the Cloud)

AWS is responsible for security OF the cloud: the infrastructure, hardware, software, networking, and facilities that run AWS services. This includes physical security of data centers, host operating systems, virtualization layers, and the service foundation. AWS manages the underlying infrastructure that powers all AWS services.

Customer Responsibilities (Security IN the Cloud)

The customer is responsible for security IN the cloud: customer data, platform and application management, identity and access management (IAM), operating system configuration, network and firewall configuration, and encryption. Customers must secure their applications, data, and access controls.

Service Type Variations

The model varies by service type. For Infrastructure as a Service (IaaS) like EC2, customers have more responsibility, including guest OS patching. For Platform as a Service (PaaS) and Software as a Service (SaaS), AWS manages more of the stack, reducing customer responsibilities.

Shared Responsibility Model Glossary

Shared Responsibility Model: A security and compliance model that divides responsibilities between AWS (security OF the cloud) and customers (security IN the cloud). The division varies by service type.
Security OF the Cloud: AWS's responsibility for the infrastructure, hardware, software, networking, and facilities that run AWS services. Includes physical security, host OS, and virtualization layers.
Security IN the Cloud: Customer's responsibility for customer data, IAM, OS configuration, network and firewall configuration, and encryption. Customers secure their applications and data.
IaaS (Infrastructure as a Service): Service model where customers have more responsibility, including guest OS patching. Examples include EC2, EBS, and VPC.
PaaS (Platform as a Service): Service model where AWS manages more of the stack, reducing customer responsibilities. Examples include RDS, Elastic Beanstalk, and Lambda.