Skip to content

Security Models#

When using a public Cloud provider, it's important to know how security is handled. You need to know what AWS considers their responsibility and what you're responsible for.

Responsibility Model

AWS is responsible for the Cloud; you, the customer, are responsible in the Cloud. AWS' responsibilities include the hardware, physical buildings, their software that enables their APIs, etc., and you're responsible for things like your customer data, operating system security/patching, and more.

Review the AWS Shared Responsibility Model for the definitive facts no the matter.

When you build out certain resources, such as EC2 Instances, you're reponsible for the operating system itself and everyting you install and execute on top of it. With databases, even RDS Instances, you're responsible for the data you place inside of the engine - if AWS RDS provides you with a MySQL engine, you're responsible for the table schemas, data, everything.

When it comes to things like S3, you're not responsible for the redudancy of the data - you're paying AWS for that - but you are responsible for certain aspects of the security, such as access control (using IAM controls) and whether or not encryption is enabled.

Ultimately what is your responsiblity and what is AWS' depends how you're consuming their services. S3 is a very different service to EC2; and RDS is different again to DynamoDB. You have to take the time to investigate this concept based on how you're using AWS' services.