Shared Responsibility Model and Trusted Advisor
Shared Responsibility Model and Trusted Advisor
The Shared Responsibility Model describes what Amazon Web Service is responsible for and what YOU, the USER or CUSTOMER, is responsible for when it related to SECURITY.
AWS Infrastructure Service
Includes like Amazon Virtual Private Cloud (VPC) , Amazon Elastic Compute Cloud (Amazon EC2), Amazon Elastic Block Store (Amazon EBS) Auto Scaling |
|
Amazon is responsible for
|
Customer is responsible for |
Regions, AZs, Edge Location
|
Customer Data |
Compute, Storage, Database, Networking | Platforms and Applications |
OS and Network Configuration | |
Ø Patching,
Ø Security Groups, Ø Network Access Control |
|
IAM for Customer
Ø Password Ø Access Keys, Ø Permissions |
|
Additional Concerns:
Data in Motion, Data AT Rest, Data In Use Data Encryption Data Integrity |
AWS Container Service
Service like Amazon Relational Database Service (Amazon RDS), Amazon Elastic MapReduce (Amazon EMR), Amazon EC2 Container Service (Amazon ECS),
|
|
Amazon is responsible for | The customer is responsible for |
Regions, AZs, Edge Location | Customer Data |
Compute, Storage, Database, Networking | Data Integrity |
Platforms and Applications | Additional Concerns:
Data Encryption Data Integrity |
OS and network configuration |
AWS Abstracted Services | |
Amazon is responsible for | The customer is responsible for |
Regions, AZs, Edge Location | Customer IAM |
Compute, Storage, Database, Networking | Data in transit and Client-side |
Platforms and Applications | |
OS and network configuration | |
Network traffic protection |