Principle 7: Secure development

Services should be designed and developed to identify and mitigate threats to their security. Those which aren’t may be vulnerable to security issues which could compromise your data, cause loss of service or enable other malicious activity.

Applicable risk classes: III-V

The requirements of this principle are satisfied entirely by the AWS; the customer bears no responsibility for fulfilling Principle 7.

The fulfilment of this principle is a joint effort between AWS and the customer under the Shared Responsibility Model for Security. AWS goes to great lengths to protect the security of the various services that customers consume (providing security of the cloud), and provides customers with a rich set of tools to employ to be secure in the cloud. The majority of this whitepaper is devoted to describing the tools available for this, and which aspects of security they are aimed at.

Customer responsibility for secure development in particular extends beyond the AWS and third-party technology used for this, into the processes and methodologies (such as DevSecOps) that govern it. Advice for putting this in place is available in the AWS Cloud Adoption Framework – Security Perspective.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Principle 6: Personnel security

Principle 8: Supply chain security