1.3.1. Shared Responsibility: AWS's Role
First Principle: AWS is responsible for "security of the cloud," protecting the underlying infrastructure: hardware, software, networking, and facilities.
In the AWS Shared Responsibility Model, AWS's responsibility is to protect the global infrastructure that runs all of the services offered in the AWS Cloud. This "security of the cloud" means AWS manages and controls the components from the host operating system and virtualization layer down to the physical security of the facilities in which the service operates.
Key AWS Responsibilities ("Security of the Cloud"):
- Physical Security: Data centers, hardware, networking components.
- Global Infrastructure: Regions, Availability Zones, Edge Locations.
- Managed Services: Underlying infrastructure for Amazon RDS, Amazon DynamoDB, Amazon S3, AWS Lambda, AWS Fargate, etc. (e.g., patching, security configuration of underlying hosts).
Scenario: You are developing a serverless application using AWS Lambda and Amazon DynamoDB. You're concerned about the security of the physical servers running these services.
ā ļø Exam Trap: AWS manages the security of the cloud (hardware, hypervisor, managed service infrastructure), but NOT the security of Lambda function code, IAM policies, or data encryption settings ā those are your responsibility.
