Shared Responsibility Model Flashcards
What is AWS responsible for?
Security OF the cloud:
AWS Global Infrastructure
Building Security (Data centers)
Networking Components
Software
What are YOU responsible for?
Security IN the cloud:
Application Data
Security Configuration
Patching
IAM
Network Traffic
Installed Software
What are the AWS Global Infrastructure elements for which AWS is responsible?
Regions
edge Locations
Availability Zones
What are the AWS networking components for which AWS is responsible?
Generators
Uninterruptible power supply (UPS)
Computer room air conditioning (CRAC) units
Fire suppression systems
etc
What software is AWS responsible for?
Any managed service, like RDS, S3, Lambda,E CS
Patching of host operating systems
Data Access Endpoints
Who is responsible for Encryption options? Provide an example
YOU
Encryption of EBS volumes
What are YOU responsible for as far as security?
Securing your account and API calls
Rotating credentials
Restricting Internet access from your VPC’s
etc
Who is responsible for updating and applying patches to the Guest operating system? Provide an example
YOU
Patching the guest OS for EC2
How are you responsible for Network traffic?
You are responsible for network traffic protection, which includes security group firewall configuration
Who is responsible for taking DB backups in RDS?
YOU
Describe EC2 shared responsibility for YOU
Installed Apps
Patching guest OS
Security Controls
Describe EC2 shared responsibility for AWS
EC2 service
Patching host OS
Security of the physical server
Describe Lambda shared responsibility for YOU
Security of code
Storage of sensitive data
IAM for permissions
Describe Lambda shared responsibility for AWS
Lambda service
upgrading Lambda languages
Lambda endpoints
OS
Underlying infrastructure
Software dependencies
What responsibilities are shared?
Patching: AWS-> infrastructure; YOU-> guest OS and apps
Config Mgmt: AWS-> config infra devices; YOU-> config DB’s and
apps
Awareness & training of employees