Shared Responsibility Model and Trusted Advisor

Shared Responsibility Model and Trusted Advisor

The Shared Responsibility Model describes what Amazon Web Service is responsible for and what YOU, the USER or CUSTOMER, is responsible for when it related to SECURITY.

AWS Infrastructure  Service

Includes like   Amazon Virtual Private Cloud (VPC) , Amazon Elastic Compute Cloud (Amazon EC2),  Amazon Elastic Block Store (Amazon EBS) Auto Scaling

Amazon is responsible for

 

Customer is responsible for
 Regions, AZs, Edge Location

 

Customer Data
Compute, Storage, Database, Networking Platforms and Applications
OS and Network Configuration
Ø  Patching,

Ø  Security Groups,

Ø  Network Access Control

IAM for Customer

Ø  Password

Ø  Access Keys,

Ø  Permissions

Additional Concerns:

Data in Motion, Data AT Rest, Data In Use

Data Encryption

Data Integrity

AWS Container Service

Service like Amazon Relational Database Service (Amazon RDS), Amazon Elastic MapReduce (Amazon EMR),  Amazon EC2 Container Service (Amazon ECS),

 

Amazon is responsible for The customer is responsible for
 Regions, AZs, Edge Location Customer Data
Compute, Storage, Database, Networking Data Integrity
Platforms and Applications Additional Concerns:

Data Encryption

Data Integrity

OS and network configuration

 

AWS Abstracted Services
Amazon is responsible for The customer is responsible for
Regions, AZs, Edge Location Customer IAM
Compute, Storage, Database, Networking Data in transit and Client-side
Platforms and Applications
OS and network configuration
Network traffic protection