15 minutes
Shared Responsiblity Model for EC2
- Protecting Infrastructure (Hardware/Software Facilities & Networking)
- Managed services like S3, DynamoDB, RDS, etc
Customer Responsiblity
- For EC2 instance, customer is responsible for management of GuestOS including Security Patches, & Updates Firewall & Network Configuration
- IAM rules & Encrypting Application Data
Shared Control
- Patch Management, Config Management
- Awareness & Training
Shared Responsiblity Model for RDS
- Manage the underlaying EC2 instance, disable SSH Access
- Automated DB Patching
- OS Patching
- Audit the underlaying instance & disk & gurantee its function
Customer Responsiblity
- Check the ports/IP/Security group inbound rules in DB’s Security Group,
- In-database user creation & Permission.
- Create DB without/with Public database.
- Ensure parameter groups/DB is configured only to allow SSL Connection.
Shared Responsiblity Model for S3
- Gurantee you get unlimited storage
- Gurantee you get encryption
- Ensure seperation of data between different customers.
- Ensure AWS employee cannot access your data.
Customer Responsiblity
- Bucket Config
- Bucket Policy/Public Setting
- IAM User/Roles
- Enable versioning/Encryption