Home > Glossary > AWS Certified Cloud Practitioner > AWS Shared Responsibility Model

📖 What is AWS Shared Responsibility Model?

AWS Shared Responsibility Model is a security framework that delineates the obligations of AWS and the customer. AWS is responsible for the security 'of' the cloud, including hardware and global infrastructure, while the customer is responsible for security 'in' the cloud, such as data and IAM.

🥋 Sensei Says:

"Student, remember this simple rule for the exam: if it is physical or the hypervisor, AWS handles it; if it is a setting, a patch, or data, you handle it."

📚 Certification: AWS Certified Cloud Practitioner (CLF-C02)

🔑 What are the Key Concepts of AWS Shared Responsibility Model?

▸ Security 'of' the Cloud: AWS manages the physical infrastructure, including data centers, hardware, and the virtualization layer that powers all cloud services.
▸ Security 'in' the Cloud: Customers are responsible for managing their data, configuring IAM users, and securing the guest operating system on EC2 instances.
▸ Data Protection: The customer is solely responsible for encrypting their data at rest and in transit, as well as managing their own encryption keys.
▸ Service Model Shifts: Responsibility varies by service; for serverless options like Lambda, AWS manages more of the stack compared to IaaS options like EC2.

🎯 How does AWS Shared Responsibility Model appear on the CLF-C02 Exam?

You may be asked to identify who is responsible for patching the guest operating system on an Amazon EC2 instance. Remember that for IaaS, the customer handles OS updates.

A scenario might describe a need to secure data stored in an S3 bucket. You must identify that configuring bucket policies, access control lists, and encryption is the customer's responsibility.

Expect questions asking you to distinguish between AWS's responsibility for the physical security of the data center and the customer's responsibility for network traffic filtering via Security Groups.

❓ Frequently Asked Questions

How does the responsibility shift when using a managed service like Amazon RDS?

AWS manages the underlying OS and patching for RDS, reducing the customer's burden. However, the customer is still responsible for managing database users and configuring security group rules.

Who is responsible for the security of the hypervisor?

AWS is responsible for the hypervisor. Because the hypervisor is part of the infrastructure that runs the cloud, it falls under the 'Security of the Cloud' category.

Related Terms from AWS Certified Cloud Practitioner

Content Delivery Network (CDN) Hybrid Cloud AWS IAM AWS Professional Services AWS Resource Groups Shared Responsibility Model

📝 Related Study Guides

Study Guide 8 min read

AWS Cloud Practitioner (CLF-C02): Complete 2026 Study Guide

The AWS Cloud Practitioner CLF-C02 certification validates foundational cloud knowledge across four domains: Cloud Concepts, Security and Compliance, Cloud Technology and Services, and Billing and Pricing. Prepare with a 4-week study plan focusing on core AWS services like EC2, S3, IAM, and Lambda, combined with scenario-based practice questions to build exam confidence.

Study Guide 10 min read

AWS Cloud Practitioner (CLF-C02) Study Guide for 2026

The AWS Cloud Practitioner (CLF-C02) exam validates overall understanding of the AWS Cloud platform. To pass, you must master four domains: Cloud Concepts, Security and Compliance, Technology, and Billing and Pricing. A successful strategy combines official AWS documentation with rigorous practice exams to benchmark your knowledge across all service categories.

Deep Dive 8 min read

AWS Support Plans & Pricing: CLF-C02 Exam Guide

AWS offers four support plans—Basic, Developer, Business, and Enterprise—differing by response time, access to engineers, and the inclusion of a Technical Account Manager (TAM). For the CLF-C02 exam, you must distinguish these tiers and understand pricing models like On-Demand, Reserved, Spot, and Savings Plans to optimize cloud costs.