AWS Glossary
AWS Shared Responsibility Model
Framework defining what security and compliance tasks AWS manages versus what customers must manage.
AI & assistant-friendly summary
This section provides structured content for AI assistants and search engines. You can cite or summarize it when referencing this page.
Summary
Framework defining what security and compliance tasks AWS manages versus what customers must manage.
Key Facts
- • Framework defining what security and compliance tasks AWS manages versus what customers must manage
- • ## Definition The AWS Shared Responsibility Model defines the division of security and compliance responsibilities between AWS and the customer
- • AWS is responsible for "security of the cloud" (infrastructure), while customers are responsible for "security in the cloud" (application, data, access controls)
- • Understanding this model is critical for building secure, compliant systems on AWS
- • You must explicitly enable RDS encryption, S3 encryption, and EBS encryption
Entity Definitions
- S3
- S3 is an AWS service relevant to aws shared responsibility model.
- RDS
- RDS is an AWS service relevant to aws shared responsibility model.
- IAM
- IAM is an AWS service relevant to aws shared responsibility model.
- VPC
- VPC is an AWS service relevant to aws shared responsibility model.
- compliance
- compliance is a cloud computing concept relevant to aws shared responsibility model.
- HIPAA
- HIPAA is a cloud computing concept relevant to aws shared responsibility model.
- SOC 2
- SOC 2 is a cloud computing concept relevant to aws shared responsibility model.
Related Content
- CLOUD COMPLIANCE SERVICES — Related service
- AWS CLOUD SECURITY — Related service
Definition
The AWS Shared Responsibility Model defines the division of security and compliance responsibilities between AWS and the customer. AWS is responsible for “security of the cloud” (infrastructure), while customers are responsible for “security in the cloud” (application, data, access controls). Understanding this model is critical for building secure, compliant systems on AWS.
How It Works
AWS Manages (Security of the Cloud):
- Physical security of data centers (locks, guards, CCTV)
- Network infrastructure and DDoS protection
- Hypervisor security and host isolation
- Hardware maintenance and patching
- AWS service availability and backups
You Manage (Security in the Cloud):
- Identity and Access Management (IAM policies)
- Encryption of data at rest (S3 encryption, RDS encryption) and in transit (TLS)
- Network configuration (VPC, security groups, NACLs)
- Application security and patching
- Data classification and retention
- Monitoring and audit logging
Shared Responsibility:
- Compliance certification depends on both parties: AWS manages infrastructure compliance, you implement controls on top of that infrastructure
Example: RDS Database
- AWS handles: Hypervisor security, storage hardware, automated backups, multi-AZ replication
- You handle: Database user passwords, encryption at rest (enable RDS encryption), network access (security groups), backup retention, parameter group hardening
Common Mistakes
Mistake 1: Assuming AWS handles encryption by default. You must explicitly enable RDS encryption, S3 encryption, and EBS encryption.
Mistake 2: Relying on AWS infrastructure security without implementing application-level controls (IAM, encryption). Infrastructure is secure, but your application layer might not be.
Mistake 3: Not understanding compliance implications. HIPAA/SOC 2 compliance means both AWS and your application must follow controls.
Related AWS Services
- All AWS services operate under the Shared Responsibility Model
Related FactualMinds Content
Related Services
Need Help with This Topic?
Our AWS experts can help you implement and optimize these concepts for your organization.