With the shared responsibility model, AWS controls the security of the cloud and customers control security in the cloud.  AWS controls the data centers, the security of their services, and all the layers in this section.

The next part are the workloads that AWS customers run in the cloud and those are the customer’s responsibility to secure. It’s something AWS shares with customers to ensure security in the cloud. 

Who is ultimately responsible for the security?

• Is it A: You, the customer?
• or B: AWS?

And the correct answer is: yes. Both.

Both are ultimately responsible for making sure that you are secure. 

AWS doesn’t look at your environment as a single object. Instead, they see it as a collection of parts that build on each other. AWS is responsible for the security of some of the objects. Responsible 100% for those. For the others, you are responsible 100% for their security. This is what’s known as the shared responsibility model. 

What are the components of aws shared responsibility model?

The responsibility for security and compliance is shared between AWS and you. This shared model relieves some of your operational burden because AWS operates, manages, and controls the components from the host operating system and virtualization layer, down to the physical security of the facilities in which the service operates.

Figure 1: Shared Responsibility Model