02 - Shared Responsibility Model Flashcards
1
Q
Shared Responsibility Model - Overview
A
- Have a strong understanding of the shared responsibility model
- You are responsible for things like EC2 OS patching, antivirus, security groups, etc…
- You are not responsible for things like RDS OS updates, RDS database updates, PHP updates with Elastic Beanstalk, etc…
- Encryption is a shared responsibility (both yours and Amazon)
2
Q
What is Shared Responsibility Model?
A
What is Shared Responsibility Model?
- Security and Compliance is a shared responsibility between AWS and the customer.
- The customer retains control of what security they choose to implement to protect their content, platform, applications, systems, and networks
- AWS is Responsible
- For the security of the cloud (e.g. the infrastructure that runs all of the services offered in the AWS Cloud)
- Global Infrastructure
- Is composed of the hardware, software (Xen, RDS, etc…), networking, and facilities that run AWS Cloud services.
- Managed Services
- S3, DynamoDB, etc…
- Customer is Responsible
- For the security of what is put into the cloud
- Infrastructure as a Service (IaaS)
- Including updates and security patches
- Configuration of AWS provided firewalls
3
Q
Breakdown of responsibility model
A
Infrastructure Services
- This category includes compute services (EC2, EBS, AutoScaling, & VPC)
- With these services you can architect and build a cloud infrastructure using techniques similar to and largely compatible with on premise solutions
- You control the operating system, and configure and operate any identity management system that provides access to the user layer of the virtualized stack
- Customer responsible for
- Amazon Machine Images (AMIs)
- Operating Systems
- Applications
- Data in Transit
- Data at Rest
- Data Stores
- Credentials
- Policies and Configuration
4
Q
Security Model: Infrastructure Services
A
See Image
