We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.
If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”
Customize cookie preferences
We use cookies and similar tools (collectively, "cookies") for the following purposes.
Essential
Essential cookies are necessary to provide our site and services and cannot be deactivated. They are usually set in response to your actions on the site, such as setting your privacy preferences, signing in, or filling in forms.
Performance
Performance cookies provide anonymous statistics about how customers navigate our site so we can improve site experience and performance. Approved third parties may perform analytics on our behalf, but they cannot use the data for their own purposes.
Allowed
Functional
Functional cookies help us provide useful site features, remember your preferences, and display relevant content. Approved third parties may set these cookies to provide certain site features. If you do not allow these cookies, then some or all of these services may not function properly.
Allowed
Advertising
Advertising cookies may be set through our site by us or our advertising partners and help us deliver relevant marketing content. If you do not allow these cookies, you will experience less relevant advertising.
Allowed
Blocking some types of cookies may impact your experience of our sites. You may review and change your choices at any time by selecting Cookie preferences in the footer of this site. We and selected third-parties use cookies or similar technologies as specified in the AWS Cookie Notice.
Unable to save cookie preferences
We will only store essential cookies at this time, because we were unable to save your cookie preferences.
If you want to change your cookie preferences, try again later using the link in the AWS console footer, or contact support if the problem persists.
Security and Compliance is a
shared
responsibility between AWS and the customer. AWS is
responsible for protecting the infrastructure that runs all of the
services offered in the AWS Cloud, known as Security
of the Cloud. This
infrastructure is composed of the hardware, software, networking,
and facilities that run AWS Cloud services. The customer’s
responsibility is determined by the AWS Cloud services they select.
This determines the amount of configuration work the customer must
perform as part of their security responsibilities, known as
Security in the
Cloud. For example, for Amazon Elastic Compute Cloud
(EC2) service, the customer will be responsible for the necessary
security configurations and management from its networking,
operating system, and application configuration including its
patching and permissions. However, for abstracted services like
Amazon Simple Storage Service (S3) where AWS operates the
infrastructure, operating system and environment, the customer is
provided access endpoints to use, store, and retrieve data. The
customer will be responsible for managing the stored data to include
applying encryption and appropriate access permissions. Applying
this shared responsibility model to telco workloads means that,
while AWS provides a secure infrastructure, CSPs and their Virtual
Network Function/Container Network Function (VNF/CNF) vendors should
implement security measures to protect the workload. They can do
this by adopting AWS security best practices and recommendations,
and by following telco security standards as defined by multiple
standard organizations such as
3GPP,
ETSI, and
IETF at the
application level, to verify that the overall system is secured from
each layer.
The Shared Responsibility Model in an AWS Region
Shared responsibility varies when using AWS
services residing in a customer’s data center; for example, when the
Radio Access Network (RAN) functions such as Virtual Distributed
Unit (vDU) are deployed on
AWS Outposts. AWS Outposts is a family of fully-managed solutions
delivering AWS infrastructure and services to virtually any
on-premises or edge location. In AWS Outposts, the customer takes
the responsibility of securing the physical infrastructure to host
the AWS Outposts equipment in their own data centers. As a managed
service, it inherits our well-tested security procedures, and
includes built-in tampering and dedicated security components such
as the
Nitro
Security card and key.
The preceding figure summarizes the shared responsibility model between AWS and the
customer. AWS operates, manages, and controls the components from the host operating system
and virtualization layer down to the physical security of the facilities owned by AWS. The
customer assumes responsibility and management of the guest operating system and associated
application or network functions as well as the configuration of the AWS services used.
Shared Responsibility Model at the edge with AWS Outposts
The preceding figure shows an edge model with AWS Outposts, where
the responsibility of the physical security, networking, cooling,
and electricity for AWS Outposts is owned by the customer.
Did this page help you? - Yes
Thanks for letting us know we're doing a good job!
If you've got a moment, please tell us what we did right so we can do more of it.
Did this page help you? - No
Thanks for letting us know this page needs work. We're sorry we let you down.
If you've got a moment, please tell us how we can make the documentation better.