AWS Certified Solutions Architect - Associate (SAA-C02)

Sign Up Free or Log In to participate!

Encryption is a shared responsibility?

According to the video, Ryan says that Encryption is a shared responsibility because the user has to select the encryption option and then AWS has to deliver on it. However, the aws documentation contradicts this, see below.

"Customers are responsible for managing their data (including encryption options), classifying their assets, and using IAM tools to apply the appropriate permissions."

Please could you provide more guidance on this.

Vijay Gubbala

To simply put, Encryption at rest is Customer’s responsibility and Encryption in transfer is AWS’s responsibility

1 Answers

I understand it this way:
AWS offers encryption options like SSE (S3) and KMS encryption for your data. Just like any other service offered by AWS, the correct functioning and availability of these encryption services is AWS’s responsibility.
The document you refer to talks about your responsibility to ensure sensitive data is encrypted, as AWS would not choose to encrypt everything by default.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?