AWS and the customer share responsibility for security in the AWS cloud environment based on the Shared Responsibility Model. AWS is responsible for security of the cloud infrastructure, including physical data centers, hardware, servers, and network devices. The customer is responsible for security in the cloud, such as managing access controls, encrypting data, patching operating systems, and configuring firewalls on their virtual servers and resources. Together, AWS securing the lower levels and the customer securing access and configurations provide a secure environment to build and run solutions in the AWS cloud.
AWS and the customer share responsibility for security in the AWS cloud environment based on the Shared Responsibility Model. AWS is responsible for security of the cloud infrastructure, including physical data centers, hardware, servers, and network devices. The customer is responsible for security in the cloud, such as managing access controls, encrypting data, patching operating systems, and configuring firewalls on their virtual servers and resources. Together, AWS securing the lower levels and the customer securing access and configurations provide a secure environment to build and run solutions in the AWS cloud.
AWS and the customer share responsibility for security in the AWS cloud environment based on the Shared Responsibility Model. AWS is responsible for security of the cloud infrastructure, including physical data centers, hardware, servers, and network devices. The customer is responsible for security in the cloud, such as managing access controls, encrypting data, patching operating systems, and configuring firewalls on their virtual servers and resources. Together, AWS securing the lower levels and the customer securing access and configurations provide a secure environment to build and run solutions in the AWS cloud.
begin using AWS effectively, it's important to understand
how security works in the cloud. You already know that by using AWS, you won't be managing every single aspect of hosting your solutions. You'll rely on AWS to manage portions of your workload for you, taking care of that undifferentiated heavy lifting, like running the day-to-day of the operations of the data center and managing the various virtualization techniques employed to keep your AWS account isolated from say, my AWS account. So, the question is, who is ultimately responsible for security in AWS? Is it, A, you the customer or B, AWS? The answer? Well, the correct answer is "yes". Both you and AWS are responsible for securing your AWS environment. Let's explore this concept a little bit more. AWS follows something called the Shared Responsibility Model. We don't view solutions built on AWS as one singular thing to be secured. We see it as a collection of parts that build on each other. AWS is responsible for the security of some aspects and the others, you are responsible for their security. Together with both you and AWS following best practices, you have an environment that you can trust. Let's take a look at the Shared Responsibility Model diagram. You can see, we have the responsibility of security broken into two groupings, you and AWS, each being responsible for different components. We describe AWS as being responsible for security of the cloud. For example, one piece of the puzzle AWS is responsible for, is the AWS Global Infrastructure. And when I say global infrastructure, I mean the physical infrastructure that the cloud is running on. This is iron and concrete, buildings with fences protected by security guards and various other security measures. It also includes the AWS global backbone or the private fiber cables that connect each AWS region to each other. Managing the security of these pieces is all on AWS. You don't need to worry about that as far as security goes. Then there is the infrastructure and various software components that run AWS services. This includes compute databases, storage and networking. AWS is also responsible for securing these services from the host operating system up through the virtualization layer. For example, let's say you want to host some virtual machines or VMs on the cloud. We primarily use the service Amazon EC2 for this use case. When you create a VM using EC2, AWS manages the physical host that the VM is placed on as well as everything up through the hypervisor level. If the host operating system or the hypervisor needed to be patched or updated, that is the responsibility of AWS. This is good news for you as the customer, as it greatly reduces the operational overhead and running a scalable and elastic solution, leveraging virtualization. We will talk more about EC2 and elastic solutions in upcoming lessons. For now, let's get back to the security aspect. So, if AWS manages the underlying hardware up through the virtualization layer, what are you responsible for? Well, you are responsible for security in the cloud, similar to how a construction company builds a building and it's on them to make sure that the building itself is stable and secure. Then, you can rent an apartment in that building. It's up to you lock the door to your apartment. Security of the building and security in the building are two different elements. For security in the cloud, the base layer is secured by AWS. It's up to you to lock the door. So for our EC2 example, you are responsible for tasks like patching the operating systems of your VMs, encrypting the data in transit and at rest, configuring firewalls and controlling who has access to these resources as well as controlling how much access they have. The main thing to understand is that you own your data in AWS. You are ultimately responsible for ensuring that your data is encrypted, secure and has proper access controls in place. In many cases, AWS services offer native features that you can enable to achieve a secure solution. It's up to you to actually use them. In other cases, you may devise your own solutions to meet compliance and security standards for your own specific industry or use case. So, that's the Shared Responsibility Model at a high level. I do want you to keep something in mind though. There is some amount of nuance that you should understand as we move through this course regarding the Shared Responsibility Model. Each AWS service is different and serves a different purpose and a different use case. Therefore, the Shared Responsibility Model can vary from service to service as well. This is a good thing as you get to decide how to build your solutions on AWS.