AWS Shared Responsibility
AWS Tutorial: The Shared Responsibility Model
Welcome to the Shared Responsibility Model lesson. This is perhaps the most heavily tested concept on the AWS Cloud Practitioner exam.
Why Learn the Shared Responsibility Model?
Many beginners wrongly assume that because they use AWS, AWS handles all of their security. If your company gets hacked because a developer left a password publicly visible on GitHub, AWS is not at fault. Understanding where the line is drawn protects you legally and structurally.
Tutorial Overview
In this tutorial, you will learn:
- Security OF the Cloud (AWS Responsibility)
- Security IN the Cloud (Customer Responsibility)
Security OF the Cloud (AWS)
AWS is responsible for protecting the global infrastructure that runs all of the services offered in the AWS Cloud. This includes the physical security of the data centers (guards, fences), the hardware (servers, cables), and the host operating systems of the foundational services (like EC2 hypervisors).
Security IN the Cloud (You)
The customer assumes responsibility and management of the guest operating system (including security patches), application software, firewall rules, and Identity and Access Management (IAM). Most importantly, Customer Data is always your responsibility to encrypt and secure.
Exercise
?According to the Shared Responsibility Model, who is responsible for physically securing the data center hardware?