Who is responsible for configuration management under the AWS shared responsibility model?

1. Home
3. AWS Cloud Practitioner (CLF-C01)
5. Define the AWS Shared Responsibility Model

In this, we will learn about AWS Shared Responsibility Model.

Amazon safeguards the AWS infrastructure from

• Vulnerabilities
• Intrusions
• Fraud
• Abuse

 so as to offer the customers with security capabilities as per their needs.

Multiple and varied AWS cloud services, emphasizes, demarcating responsibility between customer and AWS.

• AWS is responsible for the physical security of the facilities as well as the infrastructure that includes compute, database, storage and networking resources.
• The customer is responsible for software, data and access that sits on top of the infrastructure layer.

AWS Security Responsibilities

In general, AWS considers itself responsible for the security of the cloud as a whole, while customers should maintain responsibility for the security of their specific instances.

• AWS Hardware/Global Infrastructure: this includes regional, available, and edge zones of Amazon’s cloud infrastructure. This is done through physical security protections, and constant IT maintenance.
• AWS Software (Computation, Storage, Database, Networking): Amazon guarantees a secure software platform across all of its services. This aspect of Amazon’s responsibility also refers to AWS security services built by Amazon for use by customers. This can include encryption keys, network monitoring tools, database protection, and more.

Customer Security Responsibilities

In general, AWS considers itself responsible for the security of the cloud as a whole, while customers should maintain responsibility for the security of their specific instances.

• AWS Hardware/Global Infrastructure: this includes regional, available, and edge zones of Amazon’s cloud infrastructure. This is done through physical security protections, and constant IT maintenance.
• AWS Software (Computation, Storage, Database, Networking): Amazon guarantees a secure software platform across all of its services. This aspect of Amazon’s responsibility also refers to AWS security services built by Amazon for use by customers. This can include encryption keys, network monitoring tools, database protection, and more.

Shared Security Responsibilities

AWS provides the requirements for the infrastructure and the customer must provide their own control implementation within their use of AWS services:

• IT Controls: Not only are IT operations shared between AWS and its customers, so are the management and operations of said controls. AWS can help with moderating the customer burden of security methods like firewall maintenance, network level encryption, while also overseeing IT controls deployment to ensure proper adherence to AWS security regulations.
• Patch Management: AWS is responsible for patching and fixing flaws within the infrastructure, but customers are responsible for patching their guest OS and applications.
• Configuration Management: AWS maintains the configuration of its infrastructure devices, but a customer is responsible for configuring their own guest operating systems, databases, and applications.
• Awareness & Training: AWS trains AWS employees, but a customer must train their own employees.
• Customer Specific: Controls which are solely the responsibility of the customer based on the application they are deploying within AWS services.
• Service and Communications Protection: or Zone Security which may require a customer to route or zone data within specific security environments.

Customers should

• implement access control policies using AWS IAM
• configuring AWS Security Groups (firewall) to prevent inappropriate access to ports
• enabling AWS CloudTrail

Customers are also responsible for

• enforcing appropriate data loss prevention policies for compliance with internal and external policies,
• Detecting and remediating threats arising from stolen account credentials or malicious/accidental misuse of AWS.

Amazon is focused on securing its software, hardware, and the facilities where AWS services are located. Amazon’s responsibilities include securing its

• Computing
• Storage
• Networking
• database services
• security configuration of AWS managed services like DynamoDB, RDS, Redshift, Elastic MapReduce, Workspaces, etc.

AWS Shared Responsibility Model Summary

Link for free practice test – https://www.testpreptraining.com/aws-certified-cloud-practitioner-free-practice-test

Which of the following is the responsibility of AWS under the AWS shared responsibility model?

Which control are shared under the AWS shared responsibility model?

Which of these responsibilities are cloud service provider responsibilities in the shared responsibility model?

What is a responsibility of AWS in the shared responsibility model Examtopics?