Shared responsibility model
- Customer – responsibility for security IN the cloud.
- AWS – responsibility for security OF the the cloud.
Compliance
Organizations in specific industries must adhere to certain rules and guidelines specific
to that industry (Finance, Health, Federal Government).
Compliance and regulatory frameworks are sets of guidelines and best practices.
Organizations follow these guidelines to meet regulatory requirements, improve
processes, strengthen security, and achieve other business goals.
- Healthcare industry – HIPAA/HITECH
- Payment card industry – PCI DSS
Compliance is a shared responsibility between customers and AWS.
AWS undergoes certifications, reviews, and audits by various governing bodies.
AWS Acceptable Use Policy (AUP)
- No illegal harmful or offensive content.
- No security violations.
- No network abuse.
- No email or other message abuse.