📖 What is Shared Responsibility Model?
The AWS Shared Responsibility Model defines the security obligations between AWS and its customers. AWS secures the 'security of the cloud' – the underlying infrastructure. Customers are responsible for 'security in the cloud' – protecting their data, applications, operating systems, and identities.
"This is a foundational concept for the CLF-C02 exam. Be prepared to identify which security aspects fall under AWS’s responsibility versus the customer’s. Pay attention to service-specific responsibilities, as they can vary."
📚 Certification: AWS Certified Cloud Practitioner (CLF-C02)
🔑 What are the Key Concepts of Shared Responsibility Model?
- ▸ AWS is responsible for the security *of* the cloud: physical infrastructure, virtualization, and foundational services like EC2 and S3.
- ▸ Customers are responsible for security *in* the cloud: OS patching, application code, identity management, and data encryption.
- ▸ The model isn’t 50/50; the division of responsibility varies based on the AWS services used and configuration choices.
- ▸ Understanding this model is crucial for cost optimization, as incorrectly assuming AWS handles a customer responsibility can lead to vulnerabilities.
- ▸ Service-specific responsibility: AWS manages some aspects of services like RDS, but customers still control database access and data.
🎯 How does Shared Responsibility Model appear on the CLF-C02 Exam?
You may be asked to identify which security tasks are the customer’s responsibility when using AWS EC2 instances, such as patching the operating system and configuring firewalls.
A scenario might describe a data breach and ask you to determine whether the root cause falls under AWS’s or the customer’s responsibility based on the services involved.
Expect questions about how the Shared Responsibility Model impacts compliance requirements, like HIPAA or PCI DSS, and who is accountable for specific controls.
❓ Frequently Asked Questions
If AWS secures the infrastructure, why do I need to worry about security at all?
While AWS secures the foundation, you’re still responsible for protecting *your* data and applications running on that foundation. Misconfigured security groups or unpatched OSs are customer issues.
How does the Shared Responsibility Model change when using PaaS services like AWS Lambda?
With PaaS, AWS takes on more responsibility, like OS patching and server management. However, you still control application code, data, and access permissions.
What happens if a vulnerability is found in the underlying AWS infrastructure?
AWS is responsible for remediating vulnerabilities in their infrastructure. Customers are generally not directly involved, but should still maintain strong security practices in their own environments.