The Shared Responsibility Model

Security and Compliance is a shared responsibility between AWS and the customer. This shared responsibility model can help relieve your operational burden, as AWS operates, manages, and controls the components from the host operating system and virtualization layer, down to the physical security of the facilities in which the service operates.

For AWS Lambda, AWS manages the underlying infrastructure and foundation services, the operating system, and the application platform. You are responsible for the security of your code and identity and access management (IAM) to the Lambda service and within your function.

Figure 1 shows the shared responsibility model as it applies to the common and distinct components of AWS Lambda. AWS responsibilities appear below the dotted line in orange, and customer responsibilities appear above the dotted line in blue.

A diagram showing the shared responsibility model for AWS Lambda. On the customer side
are customer function code and libraries, resource configuration, and identity and access
management. On the AWS side are compute, execution environment, runtime language, networking
infrastructure, server software, hardware, Regions, Availability Zones, and EC2
hardware.

Figure 1 – Shared responsibility model for AWS Lambda

Warning Javascript is disabled or is unavailable in your browser.

To use the AWS Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Cost for running Lambda-based applications

Lambda Functions