Security in AWS

Loading...

From the course by Amazon Web Services

AWS Fundamentals: Going Cloud-Native

955 ratings

Amazon Web Services

AWS Fundamentals: Going Cloud-Native

955 ratings

This course will introduce you to Amazon Web Services (AWS) core services and infrastructure. Through demonstrations you'll learn how to use and configure AWS services to deploy and host a cloud-native application. Early in the course, your AWS instructors will discuss how the AWS cloud infrastructure is built, walk you through Amazon Elastic Compute Cloud (Amazon EC2) and Amazon Lightsail compute services. They'll also introduce you to networking on AWS, including how to set up Amazon Virtual Public Cloud (VPC) and different cloud storage options, including Amazon Elastic Block Storage (EBS), Amazon Simple Storage Service (S3) and Amazon Elastic File Service (EFS). Later in the course you'll learn about AWS Database services, such as Amazon Relational Database Service (RDS) and Amazon DynomoDB. Your instructors will also walk you through how to monitor and scale you application on AWS using Amazon CloudWatch and Amazon EC2 Elastic Load Balancing (ELB) and Auto Scaling. Lastly, you'll learn about security on AWS, as well as how to manage costs when using the AWS cloud platform. In this course, you won't be required to complete hands-on exercises, but we strongly suggest you take advantage of the AWS Free Tier to follow along as the instructors demonstrate the AWS services. Class forums will also allow you to ask questions and interact with AWS training instructors. After completing this course, you'll have the basic fundamentals to get started on AWS. This course has been developed by AWS, and is delivered by AWS technical instructors who teach cloud computing courses around the globe.

From the lesson

Security, Cost Management, and Course Conclusion

In this module, we will look at security and cost management on AWS.

Security in AWS4:34

Meet the Instructors

Allen Goldberg
Senior Technical Program Manager
AWS Training and Certification
Morgan Willis
Senior Technical Trainer
AWS Training and Certification
Blaine Sundrud
Senior Technical Trainer
AWS Training and Certification

Welcome back, Blaine here.

We want to talk about security.

Anytime you talk about security at AWS,

you need to talk about the shared responsibility model.

The idea is, at AWS,

we talk about security as a partnership.

There are things AWS is responsible for and things you are responsible to do,

in order to keep your application safe and secure in the cloud.

An easy way to understand that,

is to take a look at your application not as a single object,

but as a collection of pieces that together make up the parts of your app.

We start at the beginning,

right at the bottom with the physical data centers.

This is the concrete and iron,

the barbed wire fence and the security guards.

Someone's got to maintain control over ingress and egress over that physical facility,

and that's 100 percent AWS.

Even when it comes to protecting against our fine lizard friends,

we take care of that, and you don't have to worry about that part.

On top of the physical infrastructure,

we have the AWS network.

We run our hypervisors for EC2 and other applications,

and all of these pieces we take care of.

Now, do we disclose information under NDA,

or other elements, to help you understand what's happening?

Where we need to.

But we take care of this,

and we provide the security elements to you and your auditors where compliance is needed.

When you're running EC2 on AWS, and

you launch EC2 when you choose an AMI with an operating system,

that guest operating system is a 100 percent in your control.

This becomes the dividing line.

AWS takes care of everything below the line and with EC2,

everything from the operating system,

whatever applications you run on EC2, and especially,

all of your user data, is controlled by you.

This means, it's your responsibility to think about things like,

do you want encryption?

AWS offers a wide range of encryption tools,

whether it's simply a bring-your-own-encryption to

automatic server-side encryption on S3 and EBS.

Or perhaps, you'd like a more robust managed keys,

using AWS CloudHSM or KMS,

the Key Management Service.

That allows you to retain high level controls even

when you've got security like a FIPS 140-2 compliance,

we can take care of that and give you the validations needed,

so you can prove your certifications.

Every service at AWS has a dividing line.

Below the line, we are responsible for security, and above the line,

it's your job to make sure you protect your data,

you take your user management,

that your application is free from whatever vulnerabilities might exist.

But in some cases,

you don't have to worry about the application.

Think about RDS, the Relational Database Service we talked about before.

In that case, there's still an application,

there's still an Oracle application,

or Postgres application, or even the new Amazon Aurora application.

But in those cases,

AWS is responsible for installing and maintaining,

and keeping all the patches up to date.

You or your DBA,

doesn't have to worry about the operating system or the application.

In fact, there's a different dividing line for RDS.

You though, still maintain 100 percent control over the data itself,

over the schema, over user access.

Am I encrypted or not?

Who has access to read it?

Just because you're running on AWS servers,

does not give us any visibility at all into your data.

If you don't trust that,

don't worry about trust,

that's what encryption's all about.

With enough encryption, you don't have to worry about who else is

running inside the cloud or anywhere else in the world.

With the shared responsibility model, and understanding

where the line exists between the different services,

this is going to give you the information you

need to know the parts that you need to be responsible for,

to stay secure in the cloud.

Explore our Catalog

Join for free and get personalized recommendations, updates and offers.

Coursera provides universal access to the world’s best education, partnering with top universities and organizations to offer courses online.

© 2019 Coursera Inc. All rights reserved.

Download on the App Store

Get it on Google Play