1 00:00:00,000 --> 00:00:02,750 ‫Throughout the CCP exam, you are going 2 00:00:02,750 --> 00:00:04,660 ‫to get a lot of questions on something called 3 00:00:04,660 --> 00:00:05,754 ‫Shared Responsibility Model. 4 00:00:05,754 --> 00:00:08,290 ‫And this is to ensure that you know 5 00:00:08,290 --> 00:00:10,800 ‫what AWS is responsible for, 6 00:00:10,800 --> 00:00:13,060 ‫and what you are responsible for. 7 00:00:13,060 --> 00:00:16,130 ‫Now, I want to include some bits of information 8 00:00:16,130 --> 00:00:18,750 ‫within some sections to give you an idea of how 9 00:00:18,750 --> 00:00:22,010 ‫the shared responsibility model works for AWs. 10 00:00:22,010 --> 00:00:25,610 ‫So AWS is responsible for everything 11 00:00:25,610 --> 00:00:28,660 ‫that they do, for example, their infrastructure 12 00:00:28,660 --> 00:00:30,610 ‫and their global network security, 13 00:00:30,610 --> 00:00:33,700 ‫the configuration and vulnerabilty analysis 14 00:00:33,700 --> 00:00:35,732 ‫of the services they offer, 15 00:00:35,732 --> 00:00:36,565 ‫and any sign of compliance 16 00:00:36,565 --> 00:00:38,210 ‫that they are responsible for. 17 00:00:38,210 --> 00:00:40,980 ‫But regarding IAM, you are responsible for a lot 18 00:00:40,980 --> 00:00:42,875 ‫of things that AWS will not do for you. 19 00:00:42,875 --> 00:00:46,310 ‫You are responsible for creating your own users, 20 00:00:46,310 --> 00:00:48,215 ‫your groups, your roles, your policies, 21 00:00:48,215 --> 00:00:50,500 ‫the management of these policies, 22 00:00:50,500 --> 00:00:52,310 ‫and the monitoring of that. 23 00:00:52,310 --> 00:00:55,280 ‫You are responsible for enabling MFA 24 00:00:55,280 --> 00:00:59,100 ‫on all accounts and enforcing this, not AWS. 25 00:00:59,100 --> 00:01:01,150 ‫You are also responsible to make sure 26 00:01:01,150 --> 00:01:03,270 ‫that the keys are rotated often. 27 00:01:03,270 --> 00:01:05,850 ‫You need to make sure that you use the IAM tools 28 00:01:05,850 --> 00:01:07,440 ‫to apply the appropriate permissions, 29 00:01:07,440 --> 00:01:09,410 ‫and again, you are responsible 30 00:01:09,410 --> 00:01:11,250 ‫for analyzing the access patterns 31 00:01:11,250 --> 00:01:13,470 ‫and review the permissions in your accounts, 32 00:01:13,470 --> 00:01:14,880 ‫not AWS. 33 00:01:14,880 --> 00:01:16,610 ‫So this is a very simple example, 34 00:01:16,610 --> 00:01:18,709 ‫but an obvious one. But AWS is responsible 35 00:01:18,709 --> 00:01:21,320 ‫for all the infrastructure, 36 00:01:21,320 --> 00:01:23,331 ‫and you are responsible for how you use 37 00:01:23,331 --> 00:01:25,000 ‫that infrastructure. 38 00:01:25,000 --> 00:01:27,190 ‫This is just one of these lectures 39 00:01:27,190 --> 00:01:28,640 ‫on shared responsibility. 40 00:01:28,640 --> 00:01:29,610 ‫I hope you liked it, 41 00:01:29,610 --> 00:01:31,560 ‫and I will see you in the next lecture.