Sunday, December 10, 2017

AWS Shared Responsibility

While AWS is great for quickly provisioning servers and networks without worrying about the back end hardware, there are a few caveats to be aware of. A big one is who's responsible for what in Amazon's Cloud environment? Not really meant to be loaded question, it's important to understand that Amazon can not be held liable for your everything in your custom cloud architecture.

Below are some items you are responsible for within their infrastructure:


  • Network access to and from your AWS instances
  • Logging
  • Patching
  • Backups
  • Virus Protection of instances

Amazon is responsible for items such as:

  • Physical security
  • Physical servers, storage, and networking components
  • Disk destruction
  • Security audites
  • DDOS protection (Free Kindle AWS White Paper Below


Neither list above is comprehensive but does give you an idea on what you the customer will need to protect on your own. Even something such as login access to your instances is your responsibility. If you happen to loose your private key to an instance, there's not much Amazon can do for you as an example (easy to resolve that problem I know). For the most part if it's anything that's physical or layer 2, you can probably bet that Amazon handles that portion of the cloud.

Hopes this helps, anything else I should add to the list above? Let me know in the comment section below!

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.