Understanding the AWS Shared Responsibility Model

The AWS Shared Responsibility Model is a fundamental concept you must understand for the AWS Certified Cloud Practitioner (CCP) exam. It clarifies who is responsible for different aspects of security and compliance—AWS or the customer.

What AWS Is Responsible For

AWS manages the security of the cloud by maintaining and securing its infrastructure. This includes:

• Global network security – Protecting AWS data centers and infrastructure.
• Service configuration and vulnerability analysis – Ensuring AWS services are configured securely by default.
• Compliance requirements – Maintaining industry standards and certifications.

What You Are Responsible For

As an AWS user, you are responsible for security in the cloud, meaning how you configure and use AWS services. Key responsibilities include:

Identity and Access Management (IAM)

• Creating and managing IAM users, groups, roles, and policies.
• Applying least privilege access – Only granting necessary permissions.
• Enabling Multi-Factor Authentication (MFA) for all accounts.
• Regularly rotating IAM access keys to prevent security breaches.
• Monitoring access patterns and reviewing permissions regularly.

Data and Application Security

• Encrypting sensitive data and managing encryption keys.
• Configuring security groups and network access controls.