πŸ”’

Security and Compliance in AWS

Shared responsibility model, IAM and security services

⏱️ Estimated reading time: 20 minutes

Shared Responsibility Model

AWS operates under a shared responsibility model where security AND compliance are a shared responsibility between AWS and the customer.

AWS is responsible for:
- Security OF the cloud (physical infrastructure, hardware, software, facilities)
- Protection of global infrastructure
- Regions, availability zones, and edge locations

Customer is responsible for:
- Security IN the cloud (customer data, platforms, applications)
- Identity and access management
- Data encryption
- Security group and firewall configuration

🎯 Key Points

  • βœ“ AWS protects physical infrastructure
  • βœ“ Customer protects their data and applications
  • βœ“ Responsibility varies by service type (IaaS, PaaS, SaaS)
  • βœ“ Both parties must fulfill their responsibilities

IAM Basics

Identity and Access Management (IAM) allows you to securely manage access to AWS services and resources.

Main components:
- Users: Identities for people or applications
- Groups: Collections of users with similar permissions
- Roles: Temporary identities for services or applications
- Policies: JSON documents that define permissions

🎯 Key Points

  • βœ“ IAM is a global and free service
  • βœ“ Follow the principle of least privilege
  • βœ“ Enable MFA for enhanced security
  • βœ“ Use roles instead of sharing credentials
← Back to AWS-CLF-C02