In all of the previous examples, we have been using access keys that have root-level access to our AWS accounts. This means they can perform any action—including actions that potentially cost thousands of dollars in resource fees—through a few simple API calls. The thought of your AWS keys leaking should be a scary one indeed, so now is a good time to look at some of the tools Amazon provides to securely deploy and manage your applications.1
AWS infrastructure services rely on a shared responsibility model for security. Unlike in the traditional datacenter, where the full responsibility for the environment’s security falls squarely on the IT team, EC2 customers share this burden with the AWS team in significant ways (Figure 3-1).
In this shared responsibility model, the user owns the operating system’s login credentials but AWS bootstraps initial access to that same operating system. The end user may or may not have administrative control of the provisioning process and a separate administrator may be in charge of configuring and operating the identity management system that provides access to the user layer of the virtualization stack. The separation between AWS’s sphere of security oversight and the customer’s is clearly defined, but it is entirely up to the customer to delineate the level of access end users and administrators are granted, and whether there is any distinction between the two.