The AWS Shared Responsibility Model divides security duties between AWS and the customer.
AWS is responsible for securing the infrastructure of the cloud, while you, the customer, are responsible for securing what you put in the cloud, such as data, applications, and configurations.
AWS is responsible for securing the cloud, managing all layers of the underlying infrastructure. These layers include:
Customers are responsible for securing everything they create in the AWS Cloud.
As a customer, you have full control over your content and manage the AWS services you use, along with the software and access to your data.
AWS |
Customer (you) |
Edge locations |
Networking traffic protection |
Availability zones |
Server-side encryption |
Regions |
Client-side data encryption |
AWS global infrastructure |
Operating systems configuration |
Hardware |
Network configuration |
Networking |
Firewall configuration |
Database |
Platform management |
Storage |
Applications management |
Compute |
Identity management |
Software |
Access management |
Customer data |