Before you start your journey into security with AWS, you first need to grasp a few fundamental concepts. This book begins with the AWS shared responsibility model, explaining the differences between security “in” the cloud and security “of” the cloud. The book also breaks down the responsibilities that you, the customer, hold regarding security compared with those AWS has as the cloud provider.
Next, the book dives into a quick review of AWS’s essential services and discusses how they relate to security. The exam asks questions on many of these services. Having an understanding of the purpose and abilities of these is vital for your successful dissection of the question and the basis of its query.
This should be combined with a consideration of some of the pertinent reasons as to why security should be at the forefront when building your AWS environments. Finally, as we wrap up the section, we look at some of the top attacks our cloud environments can fall vulnerable to, and some ways to mitigate those risks.
This section comprises the following chapters:
Now that you are ready to begin your journey, the first step is to understand who is responsible for what when it comes to cloud computing. Security for both workloads and data stored in the cloud is separated into functions performed by both the customer and the cloud service provider (in this case, AWS). The shared responsibility model describes which duty belongs to whom.
From its very name, the Shared Responsibility Model, it is clear from the outset that more than one party is involved. This model defines where the customer’s responsibility for implementing, controlling, and managing security within AWS starts and ends, compared to that of the cloud service provider – in this case, AWS.
The roles and responsibilities of managing security require a shared awareness between the two parties. The model itself is not a legal agreement in any way; it is simply down to you to be aware of the model and understand its importance so you can architect and protect your resources effectively.
AWS has three different shared responsibility models: infrastructure, container, and managed services. All these have varied levels of responsibility between the cloud customers and AWS. In this chapter, you will explore each model to help you understand their differences and how this affects security in and of the cloud.
The following main topics will be covered in this chapter: