Shared Responsibility Model
Difficulty: easy
Overview
The AWS Shared Responsibility Model defines what AWS is responsible for versus what the customer is responsible for.
AWS Responsibility — "Security OF the Cloud":
- Physical data center security (buildings, hardware, power, cooling)
- Network infrastructure (global network, routers, switches)
- Hypervisor and virtualization layer
- Hardware lifecycle management
- Patching and maintaining managed services (e.g., RDS engine patches, Lambda runtime)
Customer Responsibility — "Security IN the Cloud":
- Data stored in AWS (encryption at rest/in transit)
- OS patching and updates on EC2 instances
- Application security and code
- Identity and access management (IAM users, roles, policies)
- Security group and firewall configuration
- Network traffic protection
Responsibility Shifts by Service Type:
| Service Type | AWS Manages | Customer Manages |
|---|---|---|
| EC2 (IaaS) | Hardware, hypervisor | OS, middleware, app, data |
| RDS (PaaS/Managed) | Hardware, OS, DB engine patches | DB configuration, user data, encryption settings |
| Lambda (Serverless) | Hardware, OS, runtime, scaling | Function code, IAM permissions, event triggers |
| S3 (Object Storage) | Durability, infrastructure | Bucket policies, encryption, access controls |
Shared Responsibilities (both AWS and customer have a role):
- Patch management — AWS patches hypervisor and managed services; customer patches EC2 guest OS.
- Configuration management — AWS configures infrastructure; customer configures their resources.
- Awareness & training — AWS trains its employees; customer trains their team.
Practice Linked Questions
Q1. Under the AWS Shared Responsibility Model, which of the following is AWS SOLELY responsible for?
Select one answer before revealing.
Q2. A company runs its application on Amazon EC2 instances. Under the Shared Responsibility Model, which of the following is the CUSTOMER's responsibility?
Select one answer before revealing.
Q3. A company recently migrated their database from EC2 (self-managed) to Amazon RDS. How does the Shared Responsibility Model change with this move?
Select one answer before revealing.
Q4. Which of the following BEST describes a SHARED responsibility between AWS and the customer for Amazon EC2?
Select one answer before revealing.
Q5. A company uses AWS Lambda for their entire backend. How does the Shared Responsibility Model differ from using Amazon EC2?
Select one answer before revealing.
Q6. Under the AWS Shared Responsibility Model, which of the following does NOT fall under AWS's responsibility?
Select one answer before revealing.