1. Compute Services

These are like the “brains” that run your applications.
Amazon EC2
Virtual servers in the cloud.
Use when: You need full control over the OS, networking, and scaling.
AWS Lambda
Serverless functions (run code without managing servers).
Use when: You want to run small tasks or event-driven code without worrying about servers.
AWS Fargate (with ECS/EKS)
Run containers without managing servers.
Use when: You have Docker containers and want zero infrastructure management.

✅ 2. Storage Services

Think of these as “places to keep your stuff.”
Amazon S3
Object storage for files, images, backups.
Use when: You need scalable, durable storage for any type of data.
Amazon EBS
Block storage for EC2 (like a hard drive).
Use when: You need storage attached to a virtual machine.
Amazon EFS
Shared file system for multiple servers.
Use when: You need a network file system accessible by many EC2 instances.

✅ 3. Database Services

Your “data brain.”
Amazon RDS
Managed relational database (MySQL, PostgreSQL, etc.).
Use when: You need a traditional SQL database without managing servers.
Amazon DynamoDB
NoSQL database, super fast and scalable.
Use when: You need high-speed key-value storage.

✅ 4. Networking

How everything talks to each other.
Amazon VPC
Your private network in AWS.
Use when: You want to control IP ranges, subnets, and security.
Elastic Load Balancer (ELB)
Distributes traffic across servers.
Use when: You need high availability and fault tolerance.

✅ 5. Security

Keep things safe.
IAM (Identity and Access Management)
Controls who can do what.
Use when: You need fine-grained permissions for users and services.

✅ 6. Monitoring

Keep an eye on things.
Amazon CloudWatch
Monitors performance and logs.
Use when: You want alerts and dashboards for your AWS resources.

1. Amazon S3 (Simple Storage Service)

Think of S3 as a giant online locker for files like photos, videos, backups, and documents.

Types of S3 Storage Classes

S3 Standard → For files you access often.
S3 Intelligent-Tiering → For files with unpredictable access (AWS moves them to cheaper tiers automatically).
S3 Standard-IA (Infrequent Access) → For files you rarely use but need quickly when required.
S3 One Zone-IA → Same as above but stored in one location (cheaper, less resilient).
S3 Glacier → For archives you almost never need (retrieval takes minutes to hours).
S3 Glacier Deep Archive → For long-term storage (retrieval takes hours, cheapest option).
Use S3 when: You need scalable, durable storage for any type of file.

✅ 2. Amazon EBS (Elastic Block Store)

Think of EBS as a hard drive attached to your EC2 virtual machine.

Types of EBS Volumes

gp3 (General Purpose SSD) → Balanced performance and cost (most common).
io1/io2 (Provisioned IOPS SSD) → For high-performance databases.
st1 (Throughput Optimized HDD) → For big data and streaming workloads.
sc1 (Cold HDD) → For rarely accessed data (cheapest).
Use EBS when: You need storage that acts like a disk for your EC2 instance.

✅ 3. Amazon EFS (Elastic File System)

Think of EFS as a shared network drive that multiple servers can access at the same time.

Types of EFS

EFS Standard → For regular workloads.
EFS One Zone → Cheaper, stored in one Availability Zone.
EFS Infrequent Access → For files you rarely use (cost-saving).
Use EFS when: You need a shared file system for multiple EC2 instances.

✅ AWS Snowball

Think of Snowball as a big, secure hard drive that AWS ships to you.
You copy your huge data (like 20 TB) onto it.
Then you send it back to AWS.
AWS uploads your data to the cloud for you.
Why use it?
If you try to upload 20 TB over the internet, it could take weeks or months. Snowball makes it fast and avoids network issues.

✅ AWS Database Migration Service (DMS)

Think of DMS as a data mover that keeps your old and new databases in sync.
It copies your database from on-premises to AWS.
While copying, it keeps updating changes so your data stays current.
When ready, you switch over with minimal downtime.
Why use it?
If your app is still running during migration, DMS ensures you don’t lose any updates.

AWS Global Accelerator

What it does: Speeds up global application traffic by routing users through the AWS global network instead of the public internet.
How: Uses static IPs and optimizes routing to the nearest AWS edge location.
Best for: Applications that need low latency and high availability globally (e.g., gaming, VoIP, APIs).
Key point: Improves network performance, not content caching.

✅ Amazon CloudFront

What it does: A Content Delivery Network (CDN) that caches static and dynamic content (images, videos, files) at edge locations worldwide.
How: Reduces load on origin (like S3) and speeds up delivery to users.
Best for: Websites, media streaming, software downloads.
Key point: Improves content delivery speed and reduces origin cost.

✅ Amazon ElastiCache

What it does: A caching service for databases (Redis or Memcached).
How: Stores frequently accessed data in memory for fast retrieval.
Best for: Applications with heavy database reads (gaming leaderboards, session storage).
Key point: Improves application/database performance, not global traffic or content delivery.

Quick Analogy

Global Accelerator = Fast highway for your app traffic.
CloudFront = Local warehouses for your files (so users don’t wait for shipping from the main store).
ElastiCache = A quick-access drawer for your most-used data.

OSI Model Layers (Simple Explanation)

Physical Layer
What it is: The actual wires, cables, Wi-Fi signals.
Job: Moves bits (0s and 1s) physically from one device to another.
Analogy: The road where cars (data) travel.
Data Link Layer
What it is: Deals with MAC addresses and error detection.
Job: Makes sure data frames are delivered correctly on the same network.
Analogy: Traffic lights and rules on the road.
Network Layer
What it is: Handles IP addresses and routing.
Job: Decides the best path for data to travel across networks.
Analogy: GPS that finds the best route.
Transport Layer
What it is: TCP/UDP protocols.
Job: Ensures data arrives correctly and in order (TCP) or fast without checks (UDP).
Analogy: Delivery service that guarantees packages arrive safely (TCP) or quickly without checking (UDP).
Session Layer
What it is: Manages sessions between applications.
Job: Keeps track of conversations (like login sessions).
Analogy: A phone call that stays connected until you hang up.
Presentation Layer
What it is: Translates data formats (encryption, compression).
Job: Makes sure data is readable for the application.
Analogy: A translator converting languages.
Application Layer
What it is: Where apps like browsers, email, and games live.
Job: Provides the interface for users to interact with the network.
Analogy: The restaurant menu you use to order food.

TCP (Transmission Control Protocol)

What it does: Makes sure data arrives correctly and in order.
How:
Checks for errors.
Resends missing packets.
Keeps a connection open until all data is delivered.

UDP (User Datagram Protocol)

What it does: Sends data fast, but doesn’t check if it arrives.
How:
- No error checking.
- No guarantee of order.
- No connection—just fire and forget.

AWS Lambda (compute)

Runs your code on demand (Python, Node.js, Java, etc.).
No servers to manage.
Scales automatically.
Configure memory (e.g., 1 GB) and /tmp storage (up to 10 GB).

Amazon API Gateway (API layer)

Exposes REST/HTTP endpoints (e.g., POST /cashback).
Invokes Lambda (Lambda proxy integration).
Handles auth (IAM, Cognito, JWT), rate limiting, and request validation.

Amazon RDS / Aurora (relational database)

Managed MySQL/PostgreSQL (relational schema, SQL).
Automated backups, patching, and scaling options.
Use RDS Proxy for efficient connections from Lambda.

How they work together (request flow)

Client calls API Gateway (/cashback).
API Gateway triggers Lambda with the request payload (JSON).
Lambda executes business logic, queries RDS/Aurora (SQL).
Lambda returns an HTTP response to API Gateway, which returns it to the client.

Key settings (keep it simple)

Lambda: 1 GB memory, short timeouts (< 29s), environment variables for config.
API Gateway: HTTP API (cheaper) or REST API (more features), JWT/Cognito for auth.
RDS/Aurora: Private subnets; access via RDS Proxy; credentials in Secrets Manager.

What is a VPC?

Amazon VPC (Virtual Private Cloud) is a private network inside AWS where you can launch your resources (like EC2, RDS, Lambda with VPC access) securely.

✅ Key Points in Simple Technical Terms:

Virtual Network: Like your own private section of AWS cloud.
Isolation: Your resources are isolated from others.
Customizable: You choose IP ranges, subnets, routing, and security.
Secure: Use Security Groups and Network ACLs to control traffic.
Connectivity: Can connect to the internet (via Internet Gateway), other VPCs (via VPC Peering), or on-premises (via VPN or Direct Connect).

✅ Components of a VPC:

Subnets: Divide your VPC into smaller networks (public or private).
Route Tables: Define how traffic flows.
Internet Gateway: Allows public internet access.
NAT Gateway: Lets private subnets access the internet securely.
Security Groups: Firewall for instances.
Network ACLs: Firewall for subnets.

✅ Why use VPC?

To securely run applications in a controlled environment.
To connect AWS resources to your on-premises network.
To control traffic flow and IP addressing.

What’s happening?

The company has two VPCs:
- Cache VPC → Contains the Amazon ElastiCache cluster.
- App VPC → Contains the EC2 instances running the application.
Both VPCs are in the same AWS Region (us-east-1).
The EC2 instances need to connect to ElastiCache, but they are in different VPCs.

✅ The Problem

By default, resources in different VPCs cannot talk to each other unless you set up a connection.

✅ The Solution

Use VPC Peering or AWS Transit Gateway to connect the two VPCs.

VPC Peering:
- Creates a direct network link between the two VPCs.
- After peering, you update route tables so EC2 in App VPC can reach ElastiCache in Cache VPC.
- Works well for simple two-VPC setups.
AWS Transit Gateway:
- Best for complex architectures with multiple VPCs.
- Acts like a hub to connect many VPCs together.

✅ Steps in Simple Terms

Create VPC Peering connection between App VPC and Cache VPC.
Update route tables in both VPCs to allow traffic.
Ensure security groups and network ACLs allow access on ElastiCache ports (e.g., Redis = 6379).

IP Address :

CIDR notation.
10.100.100.0/24 means:
The network starts at 10.100.100.0.
The first three parts (`10.100.100`) stay the same.
The last part (the fourth number) can go from 0 to 255.

So the range is:

10.100.100.0 → 10.100.100.255
That’s 256 IP addresses in tota

CIDR Fixed Parts IP Range Size
/32 All 4 numbers 1 IP
/24 First 3 numbers 256 IPs
/16 First 2 numbers 65,536 IPs
/8 First 1 number 16.7 million IPs

CIDR	Fixed Parts	IP Range Size
/32	All 4 numbers	1 IP
/24	First 3 numbers	256 IPs
/16	First 2 numbers	65,536 IPs
/8	First 1 number	16.7 million IPs

Feature	S3 Transfer Acceleration	CloudFront	Standard S3 Transfer
Goal	Faster uploads/downloads	Global content cache	Direct S3 access
Optimized Network	Yes	Yes	No
Use Case	Large files, remote users	Web/app content	Simple transfers

IPv6 Address Basics

Format: 128-bit address (much bigger than IPv4’s 32-bit).
Looks like:
2001:0db8:85a3:0000:0000:8a2e:0370:7334
(Eight groups of four hexadecimal digits, separated by colons).
Why so long?
Because IPv6 provides trillions of unique addresses, enough for every device on Earth.

Key Features

No need for NAT (Network Address Translation).
Built-in security (IPSec).
Better support for mobile devices.
Simplifies routing.

Problem

EC2 instances have IPv6 addresses.
They need to initiate outbound connections to the internet.
External services must NOT initiate inbound connections (security policy).

Solution

Use an Egress-Only Internet Gateway.

Why?

For IPv4, we use NAT Gateway for outbound-only traffic.
For IPv6, NAT is not needed because IPv6 addresses are globally unique.
Instead, AWS provides Egress-Only Internet Gateway, which:
- Allows outbound IPv6 traffic to the internet.
- Blocks inbound traffic initiated from the internet.
- Meets the security requirement (no external service can start a connection).

AI

AI is a field of computer science dedicated to solving problems that we commonly associate with human intelligence

1. Image creation -

2.Image recognition - car deduct obstacle

3. Speech to text

4. Learning

How does AI work?

This will have training Data set . here we got fruits. Data Scientist train a model. this means some code that has ability to train a model. this model group the fruits based on category.

there are tones of algorithm like this.

History of AI

Deep Blue - chess game and computer beat the human

Deep Learning Revolution. Google AlphaGo 2016 - Defeating Go champion Lee sedol. this is a game.

2020s Ai in everyday

AI Use cases

Transcribe and translate spoke language
playing humans in gmae
Driving cars, flying aorplanes
speech recognitions and generation
sugestion code for developers
dotors use ai for finding brain tumor
automating business process
fraud detection

What is cloud computing section

How websites work

client (Client IP Address) -> network --> server(Server IP Address)

client send request to server using the ip address

same as mail -> post box- > postman ->send to address

server are just like mail

server contains cpu - computation- calc - results

- memory -store and retrieve info

- cpu +memory = brain

-storage - file/ db

- network - routers , switch, dns server

IT Terminlogy

1. Network : cables routers & servers connected with each other

2. Router: A networking device that forwards data packets between computer networks, They know where to send your packets on the internet

3. Switch: takes a packet and send it to the correct server / cleint on your network

Traditionally how to build infrastructure

home or garage : website grows need more server. move the website to a office --> moved to data center when the webiste grows, datacener got more servers

problems:

rents, power, cooling and maintenance

replace server takes long time

scaling is limited - 10 times bigger server if we need it. 24/7 server maintainence require.

externalise all this is cloud

What is cloud computing

1. cloud computing is the on-demand delivery of compute powerm db, applications other it services

2. pay-as-you-go

you can provision exactly the right type and size of ccomputing resourcers you need

you can access as many resources as you need almost instantly

simple way to access serversm storage, db and set of applicaiton services

aws owns and maintians the network connected hardware required for these application services while you provison and use what you need via a web application

private cloud - rackspace- single org not exposed. more security for app.

public cloud - azure, google cloud, aws, cloud resources owned and operated by 3rd party clod service provider delivered over the internet

six advantage of cloud computing

hybrid cloud: on premises and cloud.

5 characteristics of cloud computing

1. on-demand self services

2. broad network access

3. multi tenancy and resource pooling

4. rapid elasticity and sacalability

5. measured service.

6 advantages

1. trade captial expense. for operational expense

2. benefit from massive economies of scale

3. stop guessing capacity

4. Increase speed and agility

5. stop spending money running and maintianing data centers

6. go global in minutes

Problem solved by the cloud

flexible

cost effective

scalable

elasticity

high available & fault tolerance

agility

Type of cloud computing

iaas - infrastructure as a service

- provide building blocks for cloud it

- provides networking computers data storage space

- flexibility

Platform as service - just focus on deployment

Saas - software as a service

- complete product that is run and managed by the service provider

Onpremises we need to maange all

applicaitons
data
runtime
middleware
os
virtualization
servers
storages
networking

IAAS - managed by us

applicaitons
data
runtime
middleware
os

Aws manage this

virtualization
servers
storages
networking

PAAS

managed by us

applicaiton
data

managed by aws

runtime
middleware
os
virtualization
servers
storages
networking

SAAS

everything is managed by aws

applicaitons
data
runtime
middleware
os
virtualization
servers
storages
networking

IAAS

AWS EC2
GCP, Azure, rackspace, digital ocena linode

PAAS

1. Elastic beanstalk

2. Heroku, GCP, Azure

SAAS

1. Rekognition for mL

2, gmail dropbox

3. zoom

Pricing:

3 fundamentals

compute - pay for compute time

storage - pay for data stored in the cloud

Data transfer OUT of the cloud:

data transfer IN is free

solves the expensive issue of gtraditioanl IT

AWS global infrastructures

aws regions
az
dc
edge locations/points of presence

each region is connected throw network and its aws private network

each region for avalaibiltiy zone.

aws region:

1. us east1

2. useast2

all around the world

region- cluster of datacenters

most aws services are region-scoped

how to choose a aws region

1. dependence

compliance - gov wanted to be in a spec region
proximity to customer: reduce latency. close to users
available services with in a region
pricing - varies region to region

Availability zone - region - got az. usually - 3 dc min, max are 6 dc.

AZ - separate from each others. isolated from disasters

- connected with high bandwidth, ultra low latency network

Edge Locations:

aws = 400 edge locations in 10 regions caches a in 90+ cities across 40+ countries

- content is delivered to end users with lower latency

What GENAI

used to generate new data that is similar to the data it was trained on

text, image, audio, code, video

Foundation Model:

To generate data, we must rely on a Foundation Model
Foundation Models are trained on a wide variety of input data
The models may cost tens of millions of dollars to train
Big companies using their own foundation model
ex: GPT 4-0 - foundation model behinf chatgpt
there is a wide selection of foundation models from companies:

OpenAI - chatgpt
Meta (facebook)
Amazon
Google
Anthropic

they are spending money to build it
Meta, Google BERT is using opensource model
Some are commercial license(openAI, anthropic etc)

Large Language Modles (LLM)

Type of AI designed to generate coherent human-like test
One Notable example: GPT-4 (chatgpt)
Trained on large of text fata
usually very big models

billions of parameters
trained on books, articles, websites , other textual data

Can perform language-related tasks

Translation, Summarization
Question creation
content creation

Genertive Language Model

We usually interact with the LLM by giving a prompt
Then the model will leverage all the exisitng ocntent it has learned from to generate new content
Non-deterministic: the generated text may be different for every user that uses the same prompt

image = diffusion model

Amazon Bedrock

1. build GENAI application, powerful, fully-mamaged service, no servers for you to manage

keep control of your data used to train the model

pay-per-use pricing model

unified apis

leverage a wide array of foundation models

out of box features: RAG, LLM Agents

Security, Privacy, governance and responsible ai features

Amazon Bedrock - Foundation Models

Amazon Bedrock - Base Foundation Model

How to choose?

Model types, performance rewuirements, capabilities, constraints, compliance
Level of customization, model size, inference options, licensing agreements, context windowsm latency
multimodal models
Amazon Titan

high performing foundation models from aws
image, text, multimodel model choices via a fully-managed apis
can be customised with your own data

Smaller models are more cost effective

Amazon Bedrock - Evaluation a Model

Automatic Evalution

1. Evaluation a model for quality control

Build in task types

Text Summarization
question & answer
text classification
open-ended text generation..
Bring your own prompt dataset or use built in curated prompt dataset
scores are calculated automatically
model scores are calculated using various statistical methods (BERT score, FI)

Note on Benchmark datasets

Curated collections of data designed specifically at evaluationg the performance of language models
wide range of topics, complexities, linguistic phenomena
Helpful to measure: accuracy, speed & efficiency, scalability
some benchmarks datasets allow you to very quickly detect any kind of bias and potential discrimination against a group of poeple

EXAM:

Cloud concepts (15%)

IaaS, PaaS, SaaS, elasticity, scalability, fault tolerance

2️⃣ AWS core services (40%)

High-level understanding only:

EC2

Lambda

DynamoDB

RDS

CloudFront

VPC basics

3️⃣ Security (30%)

IAM roles

Shared responsibility model

MFA

KMS basics

4️⃣ Billing & Support (15%)

Pricing calculator

Cost Explorer

Support plans

That’s it.

🟦 A Simple Study Plan (perfect for you)

Day 1 → Cloud concepts + Global infra

Day 2 → EC2, S3, IAM

Day 3 → Serverless (Lambda, API Gateway, DynamoDB)

Day 4 → Databases + VPC basics

Day 5 → Billing, pricing, support plans

Day 6 → 2–3 practice tests

Day 7 → Final practice + schedule exam

You’ll be 100% ready.

What is cloud computing?

you rent compute, storage and database

pay per usage

you dont buy a server

Benefits

1. Scalability = automatically increase the capacity based on high load

2. Elascity = scale up and scale down based on high demand

3. agility = launch server with in mins and dont wait for weeks

4. high avalability = system is online if something goes wrong

5. fault tolerance = system is running if something breaks

6. cost optimization = pay only what you used

Cloud Model

IaaS = Infrastructure as service = you manage the OS and apps ex: EC2

PaaS = Platforma as service = aws manage Os and runtime ex: Beanstak

Saas = Software as service = aws manages apps = gmail, salesforce

Deployment Model

Public cloud = aws resources shared securely among customers

private cloud = you own dc

Hybrid cloud = mix of aws + your dc

AWS Infrastructure = global network gives high speed and low latency

Regions - physical locaiton. eu-west-2 (london) us-east-1 (norht virgina). you choose region based on altency, cost and complainece

Az = one region contains one or more seperate AZ. dC isolated from each ( fire and flood safe )

Each AZ contians one or more seperate datacenters

they are connected with high speed low latency fibers. this gives high avaliability

Edge location - cloudfront cdn, used by netflix, cache hte content. deliver data faster to users

Local zone / wavelength

The AWS Cloud spans 123 Availability Zones within 39 Geographic Regions, with announced plans for 7 more Availability Zones and 2 more AWS Regions in the Kingdom of Saudi Arabia, and Chile.

AWS Infrastructure Components – Simple Summary

1. Regions (AWS Regions)

A Region is a physical area in the world where AWS has its data centers.
Each Region contains multiple Availability Zones (AZs) – always at least three, and each one is isolated from the others.
Unlike other cloud providers that may use one data center = one region, AWS regions have multiple AZs for better reliability.
Each AZ has its own power, cooling, and security.
AZs are connected with fast, low‑latency, redundant networks, making it easy to build highly available systems.
Regions follow strong security and compliance standards.
AWS has Regions worldwide: North America, South America, Europe, China, Asia Pacific, South Africa, and the Middle East.
AWS continues to launch new Regions quickly to serve global customers.

2. Availability Zones (AZs)

An AZ is one or more separate data centers inside a Region.
AZs have redundant power, networking, and connectivity.
All AZs in a Region are interconnected with high‑bandwidth, low‑latency fiber networks.
Traffic between AZs is fully encrypted.
Network performance is good enough for synchronous data replication.
AZs are separated by many kilometers (but within 100 km) for protection against natural disasters.
Running applications across multiple AZs increases fault tolerance and high availability.

3. Local Zones

Local Zones bring AWS compute and storage closer to end users.
Useful for applications that require very low latency (single‑digit milliseconds), such as:
- media creation
- online gaming
- simulations
- machine learning
Local Zones extend an AWS Region and allow you to run services like:
- EC2
- VPC
- EBS
- File storage
- Load Balancing
They connect securely and with high bandwidth back to the main Region.

4. AWS Outposts

Outposts bring AWS infrastructure to your own data center.
You get AWS servers and services installed on‑premises.
You use the same AWS APIs and tools, creating a consistent hybrid cloud experience.
Useful when workloads must stay on‑premises due to:
- low latency needs
- local data processing requirements
- regulatory compliance

5. AWS Services Overview

AWS provides a huge range of cloud services:
- compute
- storage
- databases
- analytics
- networking
- machine learning
- IoT
- security
- developer tools
- mobile
- enterprise apps
- and more

6. Core Services Available in Every New Region

These are launched immediately when a new Region opens (examples include):

EC2, VPC, S3, EBS, ELB
RDS, DynamoDB, Redshift
IAM, KMS, Lambda, CloudWatch
CloudTrail, CloudFormation
SQS, SNS, API Gateway
EKS, ECS, Fargate
Trusted Advisor, SSM, X-Ray
And many more foundational services

(Full list was provided in your text.)

7. Services That Usually Launch Within 12 Months

Some services come a little later after a new Region opens (examples include):

Athena, CloudFront, Cognito
AWS Backup, Control Tower
EFS, FSx
Glue, GuardDuty
Lake Formation
SageMaker, Security Hub
WAF, Shield Advanced
Transit Gateway, DataSync
Backup and directory services

(Again, full list was given in your text.)

8. Customer Requests

Customers can talk to AWS sales to:
- express interest in bringing a Region near them
- request roadmap details (under NDA)
- understand service dependencies

Shared Responsibility Model

AWS Shared Responsibility Model (Simple, Clear Points)

1. Security & Compliance Are Shared

AWS and the customer both have roles in keeping systems secure.
AWS secures the cloud itself.
Customers secure what they put in the cloud.

✅ AWS Responsibility: “Security of the Cloud”

AWS is responsible for protecting the infrastructure that runs AWS services, including:

Physical data centers (buildings, power, cooling)
Hardware (servers, storage, networking equipment)
Global infrastructure (Regions, AZs, Edge Locations)
Virtualization layer and hypervisor
Core AWS-managed software

AWS ensures the cloud platform is secure.

✅ Customer Responsibility: “Security in the Cloud”

Customers are responsible for what they build or store in AWS.

Examples of customer tasks:

Managing the guest operating system (updates, patches)
Installing and securing applications
Configuring security groups/firewalls
Protecting and encrypting their own data
Setting IAM permissions and access control
Classifying data (public, private, confidential)

Examples

Amazon EC2 (IaaS):
- Customer manages OS, patches, apps, and firewall.
Amazon S3 or DynamoDB (managed services):
- AWS manages infrastructure.
- Customer manages data, permissions, encryption.

✅ Shared Responsibility Applies to IT Controls Too

Security controls are also shared between AWS and customers.

AWS helps reduce customer workload by handling:

Physical security
Infrastructure maintenance
Some operational controls, depending on the service

Customers use AWS documentation to verify their part of controls.

✅ Types of Controls

1. Inherited Controls (AWS Only)

Customers automatically benefit from AWS's controls, such as:

Physical security of data centers
Environmental protection (power, HVAC)

2. Shared Controls (Both AWS & Customer)

Each party handles its layer.

Examples:

Patch Management
- AWS patches infrastructure.
- Customer patches OS and applications.
Configuration Management
- AWS configures infrastructure.
- Customer configures OS, DB, apps.
Awareness & Training
- AWS trains its staff.
- Customer trains their employees.

3. Customer-Specific Controls

Fully the customer’s responsibility.