AWS Shared Responsibility Model Flashcards

1
Q

What is the AWS Shared Responsibility Model?

A

The AWS shared responsibility model defines what you (as an AWS account holder/user) and AWS are responsible for when it comes to security and compliance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the benefits of the shared responsibility model?

A

This shared model can help relieve customer’s operational burdens as AWS operates, manages, and controls the components from the host operating system and virtualization layer down to the physical security of the facilities in which the service operates

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is AWS responsible for?

A

AWS are responsible for “Security of the Cloud” .

AWS is responsible for protecting the infrastructure that runs all the services offered in the AWS Cloud.
This infrastructure is composed of the hardware, software, networking, and facilities that run AWS Cloud services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are customers responsible for?

A

Customers are responsible for “Security in the Cloud”.

The customer assumes responsibility and management of the guest operating system (including updates and security patches), other associated application software as well as the configuration of the AWS provided security group firewall.

For EC2 this includes network level security (NACLs, security groups), operating system patches and updates, IAM user access management, and client and server-side data encryption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Shared Responsibility Model Diagram

A

Customer Responsible for:

  • Customer data
  • Platform, applications, IAM
  • OS, network, firewall configuration
  • Client side data encryption, data integrity authentication, server side encryption, network traffic protection

AWS responsible for:

  • Software: Compute, Storage, Database, Networking
  • Hardware: Regions, Availability Zones, Edge locations
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is Inherited Controls in Shared Responsibility Model?

A

Inherited Controls – Controls which a customer fully inherits from AWS.

Physical and Environmental controls.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is Shared Controls in Shared Responsibility Model?

A

Shared Controls – Controls which apply to both the infrastructure layer and customer layers, but in separate contexts or perspectives.

In the AWS shared security model, a shared control, AWS provides the requirements for the infrastructure and the customer must provide their own control implementation within their use of AWS services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are some examples of Shared Controls?

A

Patch Management – AWS is responsible for patching and fixing flaws within the infrastructure, but customers are responsible for patching their guest OS and applications.

Configuration Management – AWS maintains the configuration of its infrastructure devices, but a customer is responsible for configuring their own guest operating systems, databases, and applications.

Awareness & Training – AWS trains AWS employees, but a customer must train their own employees.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are customer specific controls?

A

Customer Specific – Controls which are solely the responsibility of the customer based on the application they are deploying within AWS services. .

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are some examples of customer specific controls?

A

Service and Communications Protection or Zone Security which may require a customer to route or zone data within specific security environments.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly