Sunday, January 12, 2020

AWS Security Model

AWS identifies a shared responsibility model for their cloud services.  AWS operates, manages and controls the cloud and is responsible for security of this infrastructure. AWS is also responsible for the security of the managed services e.g. OS database and patching, firewall config etc.  

Customers are responsible for everything they place into the Cloud: what to store, in which service, in what location, access rights to that data etc

As a generalisation AWS is responsible for ‘Security Of the Cloud’ whereas customers are responsible for ‘Security In the Cloud’.

The shared responsibility model changes dependent on what AWS service is used. E.g. for EC2 instances the Customer is responsible for any updates and security patches, however for a managed service such as Amazon RDS, Redshift AWS will handle patching.

https://aws.amazon.com/security/security-resources/