1.3.1. Shared Responsibility: AWS's Role

First Principle: AWS is responsible for "security of the cloud," protecting the underlying infrastructure: hardware, software, networking, and facilities.

In the AWS Shared Responsibility Model, AWS's responsibility is to protect the global infrastructure that runs all of the services offered in the AWS Cloud. This "security of the cloud" means AWS manages and controls the components from the host operating system and virtualization layer down to the physical security of the facilities in which the service operates.

Key AWS Responsibilities ("Security of the Cloud"):

• Physical Security: Data centers, hardware, networking components.
• Global Infrastructure: Regions, Availability Zones, Edge Locations.
• Managed Services: Underlying infrastructure for Amazon RDS, Amazon DynamoDB, Amazon S3, AWS Lambda, AWS Fargate, etc. (e.g., patching, security configuration of underlying hosts).

Scenario: You are developing a serverless application using AWS Lambda and Amazon DynamoDB. You're concerned about the security of the physical servers running these services.

Reflection Question: How does AWS's "security of the cloud" responsibility, by managing the underlying infrastructure for managed services like Lambda and DynamoDB, enable you, as a developer, to focus on your application code rather than the physical environment?