On the cloud, security is the shared responsibility of AWS and the customers. In a nutshell:
- Customer is responsible for security “in” the cloud
- AWS is responsible for security “of” the cloud
The customer is responsible for security of:
- customer data
- platform
- applications
- identity and access management
- operating system
- network and firewall configuration
- client-side data encryption and data integrity authentication
- server-side encryption (file system and/or data)
- networking traffic protection (encryption, integrity, identity)
AWS is responsible for security of:
- Software (compute, storage, database, networking)
- Hardware and infrastructure (Regions, AZs, edge locations)