AWS Shared Responsibility Model

Before I delve into the deeper technical aspects of AWS security in this book, it is essential that you gain an understanding of the AWS shared responsibility model. All security-related principles and concepts are derived from having a full comprehension of this model, and so you must be aware of why it is used.

From its very name—shared responsibility model—it's clear from the outset that there is more than just one party involved. The concept of this model defines where your responsibility as a customer for implementing, controlling, and managing security within AWS starts and ends, compared to that of the cloud service provider—in this case, AWS.

The roles and responsibilities of managing security require a shared awareness between the two parties. The model itself doesn't actually form a legal agreement in any way; it's simply down to you to be aware of the model and understand the importance surrounding it in order to allow you to architect and protect your resources effectively.

AWS has three different shared responsibility models—infrastructure, container, and abstract—all of which have varied levels of responsibility between the cloud customers and AWS. In this chapter, I will explore each model to help you understand their differences and how this affects security in and of the cloud.

The following topics will be covered in this chapter:

• Shared responsibility model for infrastructure services
• Shared responsibility model for container services
• Shared responsibility model for abstract services