Shared Responsibility Model

Question 1

What controls within the shared responsibility model are AWS responsible for?

Answer 1

Inherited controls: physical and environmental

Question 2

What controls do customer and AWS share within the shared responsibility model assuming a non managed service?

Answer 2

Patch management:
AWS within infrastructure
Customer OS’ and Apps
Config management:
Customer OS’, DBs and Apps
AWS within infrastructure
Awareness and training:
AWS of it’s employees
Costumer their employees

Question 3

What security is AWS responsible for as part of a IaaS?

Answer 3

The service foundation:
compute, storage, database, networking
Global infrastructure:
regions, AZs and edge locations

Question 4

What security is the customer responsible for as part of an IaaS?

Answer 4

Customer data
Platform, Apps, IAM
OS, Network config and Firewall config
Encryption - even with KMS still manage keys

Question 5

What controls are the responsibility of the customer only?

Answer 5

Service and Communications Protection or Zone Security

Question 6

Managed services reduce both patch and config management responsibilities for the customer what are the managed services within AWS?

Answer 6

EFS, FSx, RDS, Aurora, ElastiCache, DynamoDB, DocumentDB, QLDB, Managed Blockchain, Glue, Batch, Lambda, Elastic Beanstalk, Code services, Route 53, Outpost, SQS, Kinesis, MQ

Question 7

What responsibilities become AWS’ responsibility as part of a PaaS?

Answer 7

Platform and OS

Question 8

What responsibilities become AWS’ responsibility as part of a SaaS?

Answer 8

Platform, OS and Apps