Security and compliance

Security in AWS is a shared responsibility based on the cloud service model that's used by the customer or user. In AWS, physical resources, such as servers, storage, and the network, are managed by AWS. Users don't have to worry about security since AWS has already put in best practices and it is transparent.

It is up to you to configure security in AWS as per the proven best practices that are available for the AWS infrastructure.

Users can configure security groups and access control lists, Virtual Private Cloud (VPC), and identity and access management to make the resources in the cloud more secure:

Compliance is extremely important for the assurance of security and protection. Security and compliance are both shared responsibilities for AWS and the AWS customer, and is based on how much the cloud service model is used by the customer. AWS complies to SOC 1/ISAE 3402, SOC 2, SOC 3, FISMA, DIACAP, FedRAMP, PCI DSS Level 1, ISO 9001, ISO 27001, ISO 27018, and so on.