Copyright (c) 2025 MindMesh Academy. All rights reserved. This content is proprietary and may not be reproduced or distributed without permission.
5.2.3. Key Concepts Review: Security & Compliance
š” First Principle: Cloud security is a shared responsibility, with AWS securing the cloud and the customer securing their data and configurations in the cloud, ensuring layered protection and compliance.
This review consolidates basic security and compliance concepts in AWS.
Core Security & Compliance Concepts:
- AWS Shared Responsibility Model:
- AWS's Responsibility: "Security of the cloud" (physical infrastructure, hardware, global network).
- Customer's Responsibility: "Security in the cloud" (data, application code, OS patching, network configuration).
- Network Security:
- Security Groups: Instance-level virtual firewall, stateful, allow-only.
- Network ACLs: Subnet-level firewall, stateless, allow/deny, rule order matters.
- Data Encryption:
- At Rest: Data stored (e.g., S3, EBS, RDS) is encrypted using services like AWS KMS.
- In Transit: Data moving across networks is encrypted using TLS/SSL (e.g., HTTPS with ELB and CloudFront).
- Access Control:
- AWS IAM: Manages users, groups, roles, policies.
- Principle of Least Privilege: Grant minimum necessary permissions.
- Multi-Factor Authentication (MFA): Adds extra security layer.
- Compliance & Governance:
- AWS Artifact: Access to AWS compliance reports.
- AWS Config: Monitors resource configurations for compliance.
Scenario: You need to explain how security is managed in AWS, distinguishing between AWS's and your responsibilities, and how data is protected.
Reflection Question: How does the Shared Responsibility Model, along with concepts like data encryption (at rest and in transit) and access control (IAM), fundamentally ensure layered protection and compliance for your data and resources in the cloud?