AWS Security and Compliance Services: Shared Responsibility Model for Cloud and DevOps Engineers

AWS Security and Compliance Services: Shared Responsibility Model for Cloud and DevOps Engineers

Learning path for the AWS Cloud Practitioner exam

Francisco Souza's photo
Francisco Souza
·

2 min read

Table of contents

📝Introduction

This post will cover the main Technologies from AWS Security and Compliance Services, focused on Shared Responsibility Model.

📝AWS Shared Responsibility Model

  • Shared Responsibility Model -> It is a cloud security framework that dictates the security obligations of a cloud computing provider and its users to ensure accountability.

    • It also provides the flexibility and customer control that permits the deployment.

    • There is a shared security responsibility between the customer and AWS, which is classified in:

      • AWS Security "OF" the Cloud

        • AWS is responsible for protecting and securing its infrastructure.

          • AWS Global Infrastructure

            • AWS is responsible for its global infrastructure elements: Regions, edge locations, and Availability Zones.

          • AWS Networking Components

            • AWS maintains networking components: generators, uninterruptible power supply (UPS) systems, computer room air conditioning (CRAC) units, fire suppression systems, and more.

          • Building Security

            • AWS controls access to its data centres where your data resides.

          • Software

            • AWS is responsible for any managed service like RDS, S3, ECS, or Lambda, patching of host operating systems, and data access endpoints.

  • Customer Security "IN" the Cloud

    • The customer is responsible for how the services are implemented and for managing your application data.

      • Application Data

        • Responsible for managing your application data, which includes encryption options.

      • Patching

        • Responsible for the guest operating system (OS), which includes updates and security patches.

      • Network Traffic

        • Responsible for network traffic protection, which includes security group firewall configuration.

      • Security Configuration

        • Responsible for securing your account and API calls, rotating credentials, restricting internet access from your VPCs, and more.

      • Identity and Access Management

        • Responsible for application security and identity and access management.

      • Installed Software

        • Responsible for your application code, installed software,

          and more. You should frequently scan for and patch vulnerabilities in your code.

  • AWS EC2 Lambda Shared Responsibility Model

    • In the serverless model, customers are free to focus on the security of application code, the storage and accessibility of sensitive data, observing the behaviour of their applications through monitoring and logging, and identity and access management (IAM) to the respective service.

      In the serverless model, customers are free to focus on the security of application code, the storage and accessibility of sensitive data, observing the behavior of their applications through monitoring and logging, and identity and access management (IAM) to the respective service.

  • AWS EC2 Shared Responsibility Model

Thank you for reading. I hope you were able to understand and learn something helpful from my blog.

Please follow me on Hashnode and on LinkedIn franciscojblsouza

DevopsDevops articlesCloudCloud ComputingAWS