AWS is responsible for securing the global infrastructure that includes regions, availability zones and edge locations running on the AWS cloud. These availability zones host multiple data centers that house hardware, software, networking, and other resources that run AWS services. Securing this infrastructure is AWS’s number one priority and AWS is regularly audited by reputed agencies all over the world to meet necessary security and compliance standard requirements. These audit reports are available to customers from AWS as customers can't visit AWS data centers in person.

The following figure depicts the broader areas of security that fall under AWS' responsibility:

Customer data and workloads are stored in AWS data centers, these data centers are spread across geographical regions all over world. These data centers are owned, operated and controlled by AWS. This control includes physical access and entry to these data centers and all networking components and hardware, and all other additional data centers that are part of AWS global infrastructure.

Let us take a closer look at other responsibilities that AWS owns for securing its global infrastructure:

So, the very first thought that would strike anybody considering moving their workload to cloud is where is my data actually stored? Where are those physical servers and hard drives located that I provisioned using AWS cloud? And how are those hardware resources secured and who secures them? After all cloud simply virtualizes all resources available in a data center but those resources are present somewhere physically. So, the good news is AWS is completely responsible for physical and environmental security of all hardware resources located in its data centers across the globe.

AWS has years of experience in building, managing, and securing large data centers across the globe through its parent company Amazon. AWS ensures that all of its data centers are secured using the best technology and processes such as housing them in nondescript facilities, following least privilege policy, video surveillance, two-factor authentication for entering data centers and floors.

Personnel are not allowed on data center floors unless they have a requirement to access a physical data storage device in person. Moreover, AWS firmly implements segregation of responsibilities principle, so any personnel having access to the physical device won't have the root user access for that device so he can't access data on that physical device.

This is a very critical part of a shared security responsibility model where AWS does all the heavy lifting instead of you worrying about the physical and environmental security of your data centers. You do not have to worry about monitoring, theft, intrusion, fire, natural calamities, power failure, and so on for your data centers. These things are taken care of by AWS on your behalf and they constantly upgrade their security procedures to keep up with increasing threats.

AWS will initiate a decommissioning process when a storage device has reached the end of its useful life. This process ensures that customer data is not exposed to unauthorized individuals. This hardware device will be physically destroyed or degaussed if it fails decommissioning using the standard process followed by AWS.

AWS keeps your data and other resources in the data centers in various geographical locations across the globe; these locations are known as regions. Each region has two or more availability zones for high availability and fault tolerance. These availability zones are made up of one or more data centers. All of these data centers are in use and none are kept offline; that is, there aren't any cold data centers. These data centers house all the physical hardware resources such as servers, storage, and networking devices, and so on, that are required to keep all the AWS services up and running as per the service level agreement provided by AWS. All AWS core applications such as compute, storage, databases, networking are deployed in an N+1 configuration, so that, in the event of a data center failure due to natural calamity, human error or any other unforeseen circumstance, there is sufficient capacity to load-balance traffic to the remaining sites.

Each availability zone is designed as an independent failure zone so that the impact of failure is minimum and failure can be contained by other availability zone(s) in that region. They are physically separated within a geographical location and are situated in the lower risk flood plains.

Depending on the nature of your business, regulatory compliance, performance requirements, disaster recovery, fault tolerance, and so on, you might decide to design your applications to be distributed across multiple regions so that they are available even if a region is unavailable.

The following figure demonstrates typical regions with their availability zones:

AWS employs multiple methods of external and internal communication to keep their customers and global AWS communities updated about all the necessary security events that might impact any AWS service. There are several processes in place to notify the customer support team about operational issues impacting customer experience globally, regionally or for a particular AWS service. AWS provides a Service Health Dashboard at https://status.aws.amazon.com that provides updates about all AWS services.

It also has an option to notify AWS about any issue customers are facing with any AWS service. The AWS Security center is available to provide you with security and compliance details about AWS. There are 4 support plans available at AWS:

• Basic
• Developer
• Business
• Enterprise

These support plans give you various levels of interaction capabilities with AWS support teams such as AWS technical support, health status and notifications, and so on. However, 24/7 access to customer service and communities is available to all AWS customers irrespective of the support plan subscription.

The following figure shows the AWS Service Health Dashboard for all North America, you can also get information for service health in other geographies such as Asia Pacific, Europe, and so on:

The AWS network has been architected to allow you to configure the appropriate levels of security for your business, your workload, and your regulatory compliance requirements. It enables you to build geographically dispersed, highly available, and fault-tolerant web architectures with a host of cloud resources that are managed and monitored by AWS.

AWS has network devices such as a firewall to monitor and control communications at the external and key internal boundaries of the network. These network devices use configurations, access control lists (ACL) and rule sets to enforce the flow of information to specific information system services. Traffic flow policies or ACLs are established on each managed interface that enforces and manage traffic flow. These policies are approved by Amazon information security. An ACL management tool is used to automatically push these policies, to help ensure these managed interfaces enforce the most up-to-date ACLs.

AWS monitors network traffic and inbound and outbound communications through strategically placed access points in the cloud; these access points are also known as API endpoints. They allow secure HTTP access (HTTPS) through API signing process in AWS, allowing you to establish a secure communication session with your compute instances or storage resources within AWS.

You can connect to an AWS access point through HTTP or HTTPS using Secure Sockets Layer (SSL). AWS provides customers with VPC, their own virtual network in cloud dedicated to the customer's AWS account. VPC is helpful for customers who require additional layers of network security. VPC allows communication with customer data centers through an encrypted tunnel using an IPsec Virtual Private Network (VPN) device.

AWS ensures a high level of service performance and availability by employing multiple automated monitoring systems. These tools monitor unauthorized intrusion attempts, server and network usage, application usage, and port scanning activities. AWS monitoring tools watch over ingress and egress communication points to detect conditions and unusual or unauthorized activities. Alarms go off automatically when thresholds are breached on key operational metrics to notify operations and management personnel. To handle any operational issues, AWS has trained call leaders to facilitate communication and progress during such events collaboratively. AWS convenes post operational issues that are significant in nature, irrespective of external impact, and Cause of Error (COE) documents are created so that preventive actions are taken in future, based on the root cause of the issue.

The AWS production network is logically segregated from the Amazon corporate network and requires a separate set of credentials. It uses a complex set of network segregation and security devices for isolating these two networks. All AWS developers and administrators who need to access AWS cloud components for maintenance are required to raise a ticket for accessing AWS production network. In order to access the production network, Kerberos, user IDs, and passwords are required by Amazon corporate network. The AWS production network uses a different protocol; this network mandates the usage of SSH public-key authentication through a computer in a public domain often known as bastion host or jump box for AWS developers and administrators.

AWS Security has established a credentials policy with the required configurations and expiration intervals. Passwords are regularly rotated once every 90 days and they are required to be complex.