AWS Shared Responsibility Flashcards
What is the AWS shared responsibility model?
It indicates which parts of security will be handled by AWS and which parts customers are responsible for.
What is AWS responsible for in terms of security according to the shared responsibility model?
AWS is responsible for the physical implementation, including physical facilities, systems, infrastructure, hardware, software, networking, global infrastructure, and protecting the data centers
What is the customer’s responsibility in the AWS shared responsibility model?
Customers are responsible for securing their applications and data sets in the cloud, including encryption of data at rest and in transit, network security, managing credentials and logins safely, firewall configurations, and security of operating systems and applications.
What are some security responsibilities of AWS in the shared responsibility model?
AWS is responsible for protecting the physical security of data centers, global infrastructure, infrastructure including hardware, software, networking, facilities, redundancy, and intrusion detection.
What does AWS ensure in terms of virtualization infrastructure?
AWS ensures isolation between customer workloads, such as EC2 instances, to keep them separate from other customer environments.
What are some security responsibilities of customers in the shared responsibility model?
Customers are responsible for securing their AWS data, encrypting data at rest and in transit, managing network security, credentials, logins, firewall configurations, and security of operating systems and applications.
What is Infrastructure as a Service (IaaS) in cloud computing?
IaaS refers to services where customers maintain control and management of most of the system, including virtual servers like Amazon EC2, where they manage the operating system and software giving them more responsibility for security.
What is Platform as a Service (PaaS) in cloud computing?
PaaS refers to services where infrastructure is largely hidden, allowing customers to focus on code and application implementation. AWS services like Amazon Relational Database Service (RDS) fall under this category.
What is Software as a Service (SaaS) in cloud computing?
SaaS refers to complete software solutions hosted centrally, where customers do not manage the underlying infrastructure. Examples include AWS Trusted Advisor and AWS Shield.
What are some responsibilities of customers using IaaS?
They are responsible for securing operating systems, applications, security groups, and network settings of their EC2 instances, and managing the security of their AWS data.
What are some advantages of PaaS compared to IaaS?
PaaS removes the need for customers to manage infrastructure, focusing instead on coding and application deployment, while still benefiting from managed services like automated backups and server updates.
What are the licensing models commonly associated with SaaS offerings?
Subscription-based or pay-as-you-go models are typical for SaaS offerings like AWS Trusted Advisor and AWS Shield.
How does IAM handle permissions in resource-based policies?
IAM follows the principle of least privilege, granting only the minimum permissions necessary based on explicit allow or deny statements in policies.
What is multi-factor authentication (MFA) in IAM?
MFA adds an extra layer of security by requiring users to provide an additional piece of information, such as a code from a mobile app, along with their username and password.
What is the role of IAM groups in managing permissions?
IAM groups are used to apply permissions efficiently by defining access policies for a collection of users with similar responsibilities.
