Explanation
According to the AWS Shared Responsibility Model:
AWS is responsible for "Security OF the Cloud":
- A. Securing the virtualization layer - AWS manages the security of the underlying infrastructure including the hypervisor, physical hosts, and network infrastructure.
- D. Patching the operating system on Amazon RDS instances - For managed services like Amazon RDS, AWS is responsible for patching the operating system and database software.
Customer is responsible for "Security IN the Cloud":
- B. Patching the operating system on Amazon EC2 instances - For EC2 instances (IaaS), customers are responsible for patching the guest operating system.
- C. Enforcing a strict password policy for IAM users - Customers manage IAM policies and user access controls.
- E. Configuring security groups and network ACLs - Customers configure network security controls for their resources.
Key Points:
- AWS Responsibility: Physical security, infrastructure security, managed service maintenance
- Customer Responsibility: Data security, application security, IAM management, EC2 instance management
- Managed Services (like RDS): AWS handles more of the operational responsibilities including OS patching
- Infrastructure Services (like EC2): Customer handles more of the operational responsibilities
