Security and Compliance is a shared responsibility between AWS and the customer.
AWS is responsible for securing the underlying infrastructure that runs all of the services offered in the AWS Cloud.
The customer is responsible for anything that you on the cloud or connects to the cloud.
AWS is responsible for Security of the Cloud :
- Protecting the global infrastructure.
- Protection from external attacks of the physical AWS services and resources.
- Security configurations of managed services like Amazon DynamoDB, RDS, RedShift, EMR, and other services.
- Operating, managing and controlling the components from the host operating system and virtualization layer.
The customer is responsible for Security in the Cloud :
- Authentication, authorization, integrity, and encryption of the client-side data
- The encryption of server-side information via file system or directly into the data storage
- Securing the configuration related to the network and networking devices configuration like firewall, using securing controls like NACLs (network access control lists) and security groups.
- Deploying, configuring and deploying security baselines within their AWS available services.