AWS Security and Compliance Overview

Shared Responsibility Model

The Shared Responsibility Model is a fundamental concept in AWS, delineating the security and compliance obligations of AWS and its customers. Understanding this model is crucial for effectively managing and securing applications and data on AWS.

AWS's Responsibilities - "Security of the Cloud"

• Infrastructure Security: AWS is responsible for protecting the infrastructure that runs all the services offered in the AWS Cloud. This includes hardware, software, networking, and facilities.
• Managed Services Security: AWS manages and secures its managed services, such as Amazon S3, DynamoDB, and RDS. This covers aspects like database patching, operating system maintenance, and physical security of data centers.

Customer's Responsibilities - "Security in the Cloud"

• Customer Data: Customers manage their data, including encryption, integrity, and access controls.
• Platform, Applications, Identity: Customers manage and secure their own applications, control access management (IAM), and maintain their guest operating systems and networks.
  • This involves patching and updating operating systems, configuring firewalls (e.g., network ACLs and security groups), and setting IAM roles and policies.
• Client-side Data Encryption and Data Integrity Authentication: Customers are responsible for encrypting data on the client side, ensuring data integrity during transit, and implementing authentication mechanisms.

Shared Controls

• Patch Management: Both AWS and customers share responsibilities depending on the service (e.g., AWS patches RDS, but customers must patch their EC2 instances).
• Configuration Management: Both parties must ensure secure and compliant configurations.
• Awareness and Training: AWS trains its employees on security guidelines, while customers should train their users on cloud security best practices.

Detailed Responsibilities for RDS and Amazon S3

Amazon RDS

• AWS Responsibilities: Managing the underlying EC2 instances, automating database and OS patching, and ensuring the infrastructure's reliability.
• Customer Responsibilities: Configuring database access and security settings, managing in-database user permissions, and enabling encryption as required.

Amazon S3

• AWS Responsibilities: Provide unlimited storage and data encryption options and ensure data separation and security at the infrastructure level.