Skip to content

Latest commit

 

History

History
34 lines (29 loc) · 1.33 KB

File metadata and controls

34 lines (29 loc) · 1.33 KB

AWS Shared Responsibility Model

  • AWS responsibility - Security of the Cloud
    • Protecting infrastructure (hardware, software, facilities and networking) that runs all of the AWS services
    • Managed services like S3, DynamoDB, RDS etc
  • Customer responsibility - Security in the Cloud
    • For EC2 instance, customer is responsible for management of the guest OS (including security patches), firewall and network configuration, IAM etc.

Example for RDS:

  • AWS responsibility:
    • Manage the underlying EC2 instance, disable SSH access
    • Automate DB patching
    • Automate OS patching
    • Audit the underlying instance and disk. Guarantee it function
  • Customer responsibility:
    • Check the ports/IP/SG inbound rules in DB's SG
    • In-database user creation and permissions
    • Creating a database with or without public access
    • Ensure parameter groups or DB is configured to only allow SSL connections
    • Database encryption settings

Example for S3:

  • AWS responsibility:
    • Guarantee we get unlimited storage
    • Guarantee we get encryption
    • Ensure separation of the data between different customers
    • Ensure AWS employees can't access customer's data
  • Customer responsibility:
    • Bucket configuration
    • Bucket policy / public settings
    • IAM user and roles
    • Enable encryption