The Shared Responsibility Model - Security Overview of AWS Lambda

The Shared Responsibility Model

Security and Compliance is a shared responsibility between AWS and the customer. This shared responsibility model can help relieve your operational burden, as AWS operates, manages, and controls the components from the host operating system and virtualization layer, down to the physical security of the facilities in which the service operates.

For AWS Lambda, AWS manages the underlying infrastructure and foundation services, the operating system, and the application platform. You are responsible for the security of your code and identity and access management (IAM) to the Lambda service and within your function.

Figure 1 shows the shared responsibility model as it applies to the common and distinct components of AWS Lambda. AWS responsibilities appear below the dotted line in orange, and customer responsibilities appear above the dotted line in blue.


      A diagram showing the shared responsibility model for AWS Lambda. On the customer side
        are customer function code and libraries, resource configuration, and identity and access
        management. On the AWS side are compute, execution environment, runtime language, networking
        infrastructure, server software, hardware, Regions, Availability Zones, and EC2
        hardware.

Figure 1 – Shared responsibility model for AWS Lambda