AWS Shared Responsibility Model: What It Is and How It Works
AWS Shared Responsibility Model is a security framework where AWS manages the security of the cloud infrastructure, while customers manage security in the cloud, such as their data and applications. This clear division helps both sides know their roles in keeping systems safe.How It Works
Think of the AWS Shared Responsibility Model like renting an apartment. AWS is the landlord who takes care of the building's structure, plumbing, and security systems. You, as the tenant, are responsible for locking your doors, keeping your belongings safe, and managing your apartment's interior.
In cloud terms, AWS handles the physical data centers, servers, networking, and hardware security. You handle your data, user access, operating systems, and applications. This way, AWS ensures the cloud is secure, and you ensure your use of the cloud is secure.
Example
This example shows how you can use AWS Identity and Access Management (IAM) to control who can access your AWS resources, which is your responsibility under the model.
import boto3 # Create IAM client iam = boto3.client('iam') # Create a new IAM user response = iam.create_user(UserName='newuser') print('Created user:', response['User']['UserName'])
When to Use
Use the AWS Shared Responsibility Model whenever you deploy resources on AWS. It guides you to understand which security tasks AWS handles and which you must do.
For example, if you launch a virtual server, AWS secures the hardware and network, but you must secure the operating system, applications, and data on that server. This model is essential for compliance, risk management, and building secure cloud applications.
Key Points
- AWS secures the cloud infrastructure like hardware and networking.
- Customers secure their data, applications, and access controls.
- This model clarifies security roles to avoid gaps.
- Understanding it helps prevent security mistakes in the cloud.