What is Shared Responsibility Model in AWS?

What is Shared Responsibility Model in AWS?

August 14, 2020 / Eternal Team

Do you want to know What are your responsibilities while you host your application with AWS? Getting started with AWS doesn’t take more than a minute via sign-up, but what about security? To get a clear understanding of who does what in the AWS ecosystem to follow along.

So what is the shared responsibility model?

A shared responsibility model is the one in which both the provider and the client share and agree to certain responsibilities and take care security very very seriously. Well, AWS manages security of the cloud, security in the cloud is the responsibility of the customer. So it’s your responsibility to make your account and everything associated with your account secure in the cloud.

So what is AWS’s security responsibilities in a broad sense of global infrastructure? AWS is responsible for its data centers. They’re also responsible for the hardware like networking, storage arrays, all the physical servers, etc. They are also responsible for the software that they install depending on the service. So for the hypervisors definitely they are responsible for, some operating systems they’ll be responsible for, things like RDS.

They’re obviously responsible for all the facilities inside the data center. And then they’re also responsible for some managed services. So these are things like S3, things like DynamoDB, etc.

Now, what is customer responsibility?

  • Secure configuration and management of Infrastructure as a service (like EC2 etc.)
  • Including update and security patches
  • Configuration of the AWS provided Firewall


The AWS shared responsibility model is divided into three basic parts

1. Infrastructure

So this category includes computing services such as EC2, EBS, Auto Scaling and VPC. With these services, you can architect and build a cloud infrastructure using technologies similar and largely compatible with on-premise solutions. You control the operating systems and you configure and operate any identity management system that provides access to the user layer of the virtualization stack like EC2, EBS, auto-scaling, VPC and security groups within your VPC.

2. Container

These are the services that you’ve got running on an EC2 instance or some form of other infrastructure instance, but you don’t manage the operating system. That’s the responsibility of Amazon. And Amazon calls this container services. So you’ll be responsible for setting up and managing network controls such as firewall rules, and for managing platform level identity and access management separately from IAM.

Examples of container services include things like RDS, Elastic MapReduce and Elastic Beanstalk.

3. Abstracted

Abstracted services include high-level storage databases, messaging services and services like S3 or Glacier or DynamoDB or SQS or SES. And these services basically abstract the platform or management layer, which you can use to build and operate your cloud applications. You can still access the endpoints of these abstract services using the APIs that AWS provides. Here AWS manages the underlying service components or the operating systems on which they reside.

So you don’t have to worry about patching the OS or patching the actual application that runs S3. Amazon is going to take care of all that for you. In terms of S3, what you do need to worry about is your bucket policies.

To know more please visit link.


Talk to AWS Certified Consultant

Want to start a project?

It’s simple.

Contact us