AWS 4.1 shared responsibility

Question 1

What is the AWS Shared Responsibility Model?

Answer 1

A security model where responsibility is shared between: • AWS → security OF the cloud • Customer → security IN the cloud 👉 Defines who is responsible for protecting different parts of the system

Question 2

What is AWS responsible for securing (“security of the cloud”)?

Answer 2

AWS is responsible for: • Physical data centres • Hardware infrastructure • Global network infrastructure • Storage systems • Virtualisation layer (isolation between customers) • Facilities security and environmental controls 👉 Ensures the cloud infrastructure itself is secure

Question 3

What are customers responsible for securing (“security in the cloud”)?

Answer 3

Customers are responsible for: • Data (including classification and protection) • Applications • Operating system (e.g., EC2 patching) • IAM (users, roles, credentials) • Network configuration (security groups, firewalls) • Encryption (data at rest and in transit) 👉 Responsibility depends on services used

Question 4

How does responsibility change across IaaS, PaaS, and SaaS?

Answer 4

• IaaS (e.g., EC2): Customer controls OS, apps, security Highest responsibility • PaaS (e.g., RDS): AWS manages infrastructure + OS Customer manages data + access • SaaS: AWS manages almost everything Customer mainly manages data and usage 👉 Responsibility decreases as abstraction increases

Question 5

What security responsibilities do customers have when using EC2?

Answer 5

• OS patching and updates • Application security • Security group configuration • Firewall rules • Network settings • Access control (IAM) 👉 EC2 = full control → full responsibility

Question 6

How does AWS ensure security at the infrastructure level?

Answer 6

• Isolation between customers via virtualisation • Intrusion detection systems • Secure data centre design • Redundant infrastructure • Continuous monitoring and protection 👉 Prevents cross-customer access and infrastructure compromise