{"id":2525,"date":"2019-03-05T19:07:42","date_gmt":"2019-03-05T18:07:42","guid":{"rendered":"http:\/\/miro.borodziuk.eu\/?p=2525"},"modified":"2019-08-24T19:19:52","modified_gmt":"2019-08-24T17:19:52","slug":"shared-responsibility-model","status":"publish","type":"post","link":"http:\/\/miro.borodziuk.eu\/index.php\/2019\/03\/05\/shared-responsibility-model\/","title":{"rendered":"Shared responsibility model"},"content":{"rendered":"<p><span style=\"color: #3366ff;\">Customer<\/span><\/p>\n<p>Responsible for security IN the cloud<\/p>\n<p><!--more--><\/p>\n<p>\u2022 Customer Data<\/p>\n<p>\u2022 Platform, Application, and IAM<\/p>\n<p>\u2022 OS Patching on EC2<\/p>\n<p>\u2022 Antivirus<\/p>\n<p>\u2022 Network, and Firewall Configuration<\/p>\n<p>\u2022 Multi-Factor Authentication<\/p>\n<p>\u2022 Password and Key Rotation<\/p>\n<p>\u2022 Security Groups<\/p>\n<p>\u2022 Resource-Based Policies<\/p>\n<p>\u2022 Access Control Lists<\/p>\n<p>\u2022 VPC<\/p>\n<p>\u2022 Operating-system-level patches<\/p>\n<p>\u2022 Data in transit and at rest<\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"color: #3366ff;\">AWS <\/span><\/p>\n<p>Responsible for security OF the cloud<\/p>\n<p>\u2022 Regions, Availability Zones, and Edge Locations<\/p>\n<p>\u2022 Physical server level and below<\/p>\n<p>\u2022 Fire\/power\/climate management<\/p>\n<p>\u2022 Storage device decommissioning according to industry standards<\/p>\n<p>\u2022 Personnel Security<\/p>\n<p>\u2022 Network Device Security and ACLs<\/p>\n<p>\u2022 API access endpoints use SSL for secure communication<\/p>\n<p>\u2022 DDoS protection<\/p>\n<p>\u2022 EC2 instances and spoofing protection (ingress\/egress filtering)<\/p>\n<p>\u2022 Port scanning against rules even if it&#8217;s your own environment<\/p>\n<p>\u2022 EC2 instance hypervisor isolation Instances on the same physical device are separated at the hypervisor level; they are independent of each other Underlying OS patching on Lambda, RDS, DynamoDB, and other managed services; customer focuses on security<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Customer Responsible for security IN the cloud<\/p>\n","protected":false},"author":1,"featured_media":2530,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[74],"tags":[],"_links":{"self":[{"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/posts\/2525"}],"collection":[{"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/comments?post=2525"}],"version-history":[{"count":4,"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/posts\/2525\/revisions"}],"predecessor-version":[{"id":2529,"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/posts\/2525\/revisions\/2529"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/media\/2530"}],"wp:attachment":[{"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/media?parent=2525"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/categories?post=2525"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/tags?post=2525"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}