Security and the Shared Responsibility Model

Security in the cloud is a partnership. AWS follows the Shared Responsibility Model.

• AWS is responsible for Security ‘of’ the Cloud: This includes the physical security of data centers, the hardware, and the virtualization layer.
• The Customer is responsible for Security ‘in’ the Cloud: This includes patching your guest OS, encrypting your data, and managing access via IAM (Identity and Access Management).

IAM and the Principle of Least Privilege

IAM is the most critical service in AWS. It controls who can do what. As an architect, you must enforce the Principle of Least Privilege: grant only the minimum permissions required to perform a task. Never use your “Root” account for daily tasks; instead, create specific users or roles with scoped-down policies.

Security Groups vs. NACLs

• Security Groups: Act as a virtual firewall for your EC2 instances (Stateful).
• Network ACLs (NACLs): Act as a firewall for the entire subnet (Stateless). In production, Security Groups are your first line of defense, allowing you to permit traffic based on specific protocols and ports.

In this section, I learned:

0 of 4 completed

The boundaries of the Shared Responsibility ModelThe significance of the Principle of Least PrivilegeHow IAM Roles differ from UsersThe difference between stateful Security Groups and stateless NACLs