You are viewing a free preview of this lesson.
Subscribe to unlock all 10 lessons in this course and every other course on LearningBro.
Security and compliance on AWS are a shared responsibility between AWS and the customer. This model clearly defines what AWS is responsible for (security of the cloud) and what you are responsible for (security in the cloud). Misunderstanding this boundary is one of the most common causes of security incidents.
┌─────────────────────────────────────────────────────────┐
│ CUSTOMER │
│ Security "IN" the Cloud │
│ │
│ Customer data │
│ Platform, applications, identity & access management │
│ Operating system, network & firewall configuration │
│ Client-side data encryption │
│ Server-side encryption (file system and/or data) │
│ Networking traffic protection (encryption, integrity) │
├─────────────────────────────────────────────────────────┤
│ AWS │
│ Security "OF" the Cloud │
│ │
│ Hardware / AWS Global Infrastructure │
│ Regions, Availability Zones, Edge Locations │
│ Compute, storage, database, networking (hardware) │
│ Software: virtualisation layer, host OS, patching │
│ Physical security of data centres │
└─────────────────────────────────────────────────────────┘
AWS is responsible for the infrastructure that runs all AWS services. This includes:
Subscribe to continue reading
Get full access to this lesson and all 10 lessons in this course.