保护 AWS 涉及多个层面——身份和访问 (IAM)、网络安全、数据保护 (加密)、监测/检测 和遵循 共享责任模型。安全是一项关键的、持续的规范,也是 Well-Architected 的支柱。
共享责任模型
AWS secures the CLOUD (infrastructure: hardware, facilities, managed service internals).
YOU secure what's IN the cloud (your data, IAM, network config, OS patching on EC2,
application security, access control).
→ Know the boundary: AWS handles infrastructure; YOU handle configuration and data.
Most breaches are CUSTOMER misconfigurations (e.g. public S3 buckets), not AWS failures.
