Ends in

SITEWIDE SALE! $3 OFF All Reviewers!

AWS Shared Responsibility Model

Home » Others » AWS Shared Responsibility Model

AWS Shared Responsibility Model

Cloud computing is changing the way businesses operate by providing scalable, pay-as-you-go infrastructure and services. The shared pool of configurable computing resources is made up of thousands of powerful physical servers located in data centers around the world and equipped with enterprise-grade processors capable of creating hundreds or even thousands of virtual machines for multiple customers.

However, one of the primary concerns when migrating a private infrastructure to a public cloud service provider is how the customer will manage their resources and ensure the integrity of the system and data. In AWS, security and compliance are shared responsibilities between the customer and AWS. This approach reduces the customer’s operational burden while giving them the flexibility and control to focus more on deploying solutions that meet specific requirements.

AWS Shared Responsibility Model

When using cloud services, it is important to understand the responsibilities of both the provider and the customer for the various components of the solution. The Shared Responsibility Model in Amazon Web Services outlines these responsibilities, specifying what AWS is responsible for and what the customer is responsible for. Additionally, it includes IT controls that are managed by either party or jointly, ensuring security and compliance throughout the cloud infrastructure.

AWS is responsible for the security “of” the cloud, while the customer is responsible for the security “in” the cloud. The distinction between “of” and “in” is significant because it defines the scope of responsibility for both AWS and the customer. The table below shows how AWS is in charge of securing the cloud infrastructure, while the customer is in charge of securing their usage and data within the cloud.

aws shared responsibility model
  • Security “of” the Cloud – AWS manages, operates, and controls the host operating system, virtualization layer, as well as the physical security of its data centers. These data centers are physical facilities that house all the resources, and they require security measures to protect the IT assets inside, as customer data is stored in the storage volumes within the data center or across multiple availability zones. Additionally, AWS is responsible for maintaining the physical servers, including tasks such as applying OS patches, installing firmware updates, and implementing physical and environmental controls for its data centers to guarantee the availability, reliability, and scalability of its cloud service.

  • Security “in” the Cloud – the customer is responsible for configuring the AWS-provided security group and virtual firewall, as well as managing the guest OS and related applications. Take note that the level of responsibility for cloud security and maintenance varies depending on the type of service used by the customer, such as Infrastructure as a Service (IaaS) or abstracted services. For example, Amazon EC2 is classified as IaaS, which means you must perform all the necessary security configuration and management tasks. However, for abstracted services such as Amazon S3 and DynamoDB, AWS handles almost everything from the infrastructure layer, and you are only responsible for managing the data, classifying their assets, and applying the fine-grained permissions using IAM tools to meet the compliance requirements.

Tutorials dojo strip

Furthermore, the AWS-customer shared responsibility applies to IT controls as well, with both managing, operating, and verifying them. Examples of controls managed by AWS, customers, and both include:

  • Inherited Controls – the customer fully inherits certain items from AWS, such as the physical and environmental controls of the data centers and their related assets.

  • Shared Controls – applies to both the AWS infrastructure and the customer layers. AWS provides the core infrastructure, and customers can add their own set of controls to AWS services. The following are examples of shared controls:

    • Patch Management – AWS is responsible for patching the host OS and resolving issues within the AWS infrastructure, while the customer is responsible for patching the guest OS and their applications.

    • Configuration Management – AWS manages the configuration of its infrastructure devices and servers, while the customer is responsible for configuring their guest OS, databases, and custom applications.

    • Awareness & Training – AWS trains its employees, while customers are responsible for training their own employees.

  • Customer Specific – the customer is responsible for securing the deployed application in the AWS cloud, including zone security, where they can modify routes to resources or filter traffic to control access to cloud resources and data.

Final Remarks

In a nutshell, AWS is responsible for securing the physical infrastructure that runs all of the services in the AWS Cloud, while the customer is responsible for the security of their own data processed and stored within the AWS infrastructure. Once you understand the AWS Shared Responsibility Model and how it applies to cloud operations in general, you can easily determine responsibility distribution based on your organization’s specific use case. If you’re not sure where to begin, there is a lot of AWS documentation available to help you implement best practices for security, reliability, and performance.

Tutorials Dojo portal

Enroll Now – Our AWS Certification Exam Reviewers

AWS Practice Exams Tutorials Dojo

FREE AWS Exam Readiness Digital Courses

Enroll Now – Our Azure Certification Exam Reviewers

azure reviewers tutorials dojo

Enroll Now – Our Google Cloud Certification Exam Reviewers

Tutorials Dojo Exam Study Guide eBooks

tutorials dojo study guide eBook

Subscribe to our YouTube Channel

Tutorials Dojo YouTube Channel

FREE Intro to Cloud Computing for Beginners

FREE AWS, Azure, GCP Practice Test Samplers

Recent Posts

Written by: Gerome Pagatpatan

Gerome is a Software Engineer with 5 cloud certifications from Amazon Web Services, Microsoft Azure, and Oracle. He co-authored high-quality educational materials in the cloud computing space, which have been used by over a quarter-million people worldwide. He is also part of the AWS Community Builders program, which aims to help fellow IT professionals advance their careers in the cloud. He is passionate about education, and now it's his turn to share his knowledge, experiences, and passion for cloud computing.

AWS, Azure, and GCP Certifications are consistently among the top-paying IT certifications in the world, considering that most companies have now shifted to the cloud. Earn over $150,000 per year with an AWS, Azure, or GCP certification!

Follow us on LinkedIn, YouTube, Facebook, or join our Slack study group. More importantly, answer as many practice exams as you can to help increase your chances of passing your certification exams on your first try!

View Our AWS, Azure, and GCP Exam Reviewers Check out our FREE courses

Our Community

passing rate
Around 95-98% of our students pass the AWS Certification exams after training with our courses.
Over 200k enrollees choose Tutorials Dojo in preparing for their AWS Certification exams.
Our courses are highly rated by our enrollees from all over the world.

What our students say about us?