BStillion
Doesn’t the choice of service change responsibilities? Infrastructure as a Services places the patching of the O/S on the user but Platform as a Service makes patching the O/S an AWS responsibility. Software as a Service puts all Infrastructure and platform responsibilities on AWS. Shouldn’t the services in use be specified on any question about "Shared Responsibility"?
1 Answers
Mourad Ben
Yes absolutely, shared responsibility changes based on the type of platform you choose. I don’t remember seeing a question about it in the exam, however the questions are very specific, either the service will specified or you find a hint in the question about which platform it belongs to
Ok. Great. Thanks for the response! seems I had a question that was vague in its description but it may have been one of the free practice exams (no possible way it was an aCloudGuru practice test question!! :))
I see this in the AWS documentation now…https://aws.amazon.com/compliance/shared-responsibility-model/ "Customer responsibility “Security in the Cloud” – Customer responsibility will be determined by the AWS Cloud services that a customer selects. This determines the amount of configuration work the customer must perform as part of their security responsibilities. For example, a service such as Amazon Elastic Compute Cloud (Amazon EC2) is categorized as Infrastructure as a Service (IaaS) and, as such, requires the customer to perform all of the necessary security configuration and management tasks. Customers that deploy an Amazon EC2 instance are responsible for management of the guest operating system (including updates and security patches), any application software or utilities installed by the customer on the instances, and the configuration of the AWS-provided firewall (called a security group) on each instance. For abstracted services, such as Amazon S3 and Amazon DynamoDB, AWS operates the infrastructure layer, the operating system, and platforms, and customers access the endpoints to store and retrieve data. Customers are responsible for managing their data (including encryption options), classifying their assets, and using IAM tools to apply the appropriate permissions."