The AWS Shared Responsibility Model

The AWS Shared Responsibility Model outlines the division of security and compliance responsibilities between AWS and its customers. It establishes a clear understanding of which aspects AWS manages and what the customer must take care of when utilizing AWS services.

This model ensures that both AWS and its customers work collaboratively to maintain a secure and compliant cloud environment.

AWS's Responsibility: Security 'OF' the Cloud

AWS is responsible for the security of the cloud, which includes safeguarding the infrastructure and foundational services that support their ecosystem. This responsibility encompasses the following areas:

• Software: Core services such as compute, storage, databases, and networking.
• Hardware and Global Infrastructure: Physical security and operation of the infrastructure, including:
  • Regions
  • Availability Zones
  • Edge Locations

AWS ensures that these components are secure, highly available, and compliant with global standards. This allows customers to focus on building and securing their specific workloads without worrying about the underlying infrastructure.

Customer's Responsibility: Security 'IN' the Cloud

While AWS secures the foundational infrastructure, customers are responsible for protecting their resources within the cloud environment. This includes the following areas:

• Customer Data: Ensuring data confidentiality, integrity, and availability.
• Platform, Applications, and Identity & Access Management (IAM): Managing user permissions and access controls to protect cloud-based resources.
• Operating System, Network, and Firewall Configuration: Configuring systems and networks to prevent unauthorized access.
• Client-Side Data Encryption & Data Integrity Authentication: Encrypting sensitive data before sending it to the cloud.
• Server-Side Encryption: Configuring encryption for stored data, wheth…