Shared Responsibility Model
💡 Definition
The AWS Shared Responsibility Model defines what AWS is responsible for (security of the cloud) and what the customer is responsible for (security in the cloud).
🔑 Key Concepts
- AWS Responsibility (Security OF the Cloud):
- Protecting the infrastructure that runs all of the services offered in the AWS Cloud.
- This includes the physical facilities, networking, hardware, and software that power AWS services.
- Managing global infrastructure (Regions, AZs, Edge Locations).
- Customer Responsibility (Security IN the Cloud):
- How you configure and manage your data in the cloud.
- This includes data encryption, network security (e.g., Security Groups, NACLs), operating system patches on EC2 instances, IAM configuration, and customer application security.
- The degree of customer responsibility varies depending on the service model (IaaS, PaaS, SaaS).
⚙️ How it Works
It's a framework that clarifies the security duties of both parties when using AWS services. For example, for an EC2 instance (IaaS), AWS manages the underlying virtualization, but you are responsible for the guest OS, applications, and Security Group rules. For S3 (SaaS/PaaS-like), AWS manages the storage infrastructure, but you configure bucket policies and data encryption.
🎯 Use Cases
- Security Planning: Helps organizations understand where their security focus should be.
- Compliance: Critical for meeting regulatory and industry compliance requirements.
💰 Pricing Model
- Free concept, applies to all AWS services.
📝 Exam Tips (CLF-C02)
- Key distinction: "Security OF the Cloud" (AWS) vs. "Security IN the Cloud" (Customer).
- Customer responsibility varies by service (e.g., more for EC2, less for Lambda).
- Important for understanding Compliance and audit requirements.
See Also: * IAM * Compliance * Security Group * NACL