🛡 Day 26: Shared Responsibility Model – Who Secures What?
Category: Security
Goal: Learn how AWS and you share the responsibility of cloud security.
🧠 What You’ll Learn Today:
- What is the Shared Responsibility Model?
- What AWS handles vs what you handle
- Why this model matters in cloud security
🏗️ What is the Shared Responsibility Model?
The Shared Responsibility Model is AWS’s way of saying:
“We’ll secure the cloud, but you need to secure your stuff in the cloud.”
☁️ AWS’s Responsibility – Security of the Cloud
AWS takes care of everything that supports the cloud infrastructure:
- Physical data centers
- Networking hardware
- Server maintenance
- Disk storage and facilities
- Hypervisors and infrastructure software
✅ You don’t have to worry about hardware or the base infrastructure.
👨💻 Your Responsibility – Security in the Cloud
You’re responsible for how you use AWS services:
- User access (IAM roles, MFA, passwords)
- Data protection (encryption, backups)
- OS and app patching (if using EC2)
- Security group rules and firewalls
- Configuring S3 buckets (to avoid public access!)
📌 Example:
If you store sensitive data in S3 and make the bucket public—it’s your fault, not AWS’s.
🔒 Example Breakdown by Service
| AWS Service | Your Responsibility |
|---|---|
| EC2 | OS updates, firewalls, IAM access |
| S3 | Bucket permissions, encryption |
| Lambda | Code security, environment variables |
| RDS | DB-level access, encryption |
🤝 Why It Matters?
Understanding who is responsible helps you:
- Avoid security mistakes
- Stay compliant with laws (like GDPR, HIPAA)
- Know what AWS won’t fix for you
🧠 End of the Day Notes:
📌 Security is a team game:
AWS secures the foundation, you secure what you build on it.
Knowing your part prevents data leaks, breaches, and bad surprises.
🔁 Navigate the Series:
⬅️ Day 25: CLI vs Console vs SDKs – How to Access AWS
➡️ Day 27: Tagging Best Practices – Stay Organized in the Cloud
