AWS Shared Responsibility Model
Shared Responsibility Model
AWS secures infrastructure; customers secure applications/data.
Complete Responsibility Matrix
AWS Responsibilities: - Physical security of data centers - Hardware maintenance/replacement - Host OS virtualization layer - Global network infrastructure - Hardware firewalls/redundant power Customer Responsibilities: - OS configuration & patching - Network configuration (VPC/SGs) - IAM policies & user management - Application-level security - Data encryption (at rest/in transit) - OS/application patching
Service Model Differences
- IaaS (EC2): Customer manages most layers
- PaaS (RDS): AWS manages OS/DB software
- SaaS (WorkMail): AWS manages everything