This series is intended to be a personal study guide. Information may not be comprehensive or accurate. I am sharing it in case others find it useful. Please feel free to comment if any information is inaccurate.
2.1 Define the AWS Shared Responsibility Model
AWS Shared Responsibility Model
Recognize the elements of the shared responsibility model
-
Customer responsibility - security “in” the cloud
- customer is responsible for securing their own cloud resources and data
-
AWS responsibility - security “of” the cloud
- AWS is responsible for securing the supporting infrastructure
- Inherited controls - customer fully inherits from AWS
- Shared controls - AWS provides infrastructure, customers provide control implementation for services
-
Patch management
- AWS - patching infrastructure
- Customer - patching guest OS and apps
-
Configuration management
- AWS - configures infrastructure devices
- Customer - configures guest OS, databases, and apps
-
Awareness and training
- AWS - trains its employees
- Customers - trains their employees
- Customer-specific - controls which are solely the responsibility of the customer
Describe the customer’s responsibility on AWS
- Describe how the customer’s responsibilities may shift depending on the service used (for example with RDS, Lambda, or EC2)
- Service determines the amount of configuration work a customer must do
- IaaS such as EC2 requires the customer to perform all of the necessary security configuration and management tasks
- management of guest operating system
- security patches and updates
- application software or utilities
- configuration of firewall on each instance
- Abstracted services such as storage customers
- manage the data
- classify assets
- apply appropriate permissions
Describe AWS responsibilities
- Configure, maintain, and secure physical devices and infrastructure
Top comments (0)