Interview AWS

What is the AWS shared responsibility model, and where is the line between AWS and the customer?

AWS · Basic level

Answer

AWS secures the cloud infrastructure; the customer secures what they put in the cloud. The line depends on the service: EC2 gives me OS responsibility, while managed services like RDS, S3, and Lambda shift more infrastructure work to AWS but leave identity, data, configuration, and application security with me.

Technical explanation

The responsibility boundary changes by service model: IaaS leaves more to the customer, while managed and serverless services shift infrastructure operations to AWS but not data, IAM, or application responsibility.

AWS foundation answers should clarify ownership boundaries, global infrastructure concepts, failure domains, and the service-specific split between AWS-managed and customer-managed responsibilities.

A strong interview answer connects definitions to architecture decisions: compliance, latency, blast radius, operational ownership, and high availability.

Always state that the exact responsibility or placement decision depends on the specific AWS service and workload requirements.

Hands-on example

1. Choose a simple workload such as a web API with S3 and RDS, then map each component to AWS-owned and customer-owned responsibilities.

2. Place the workload in one Region, spread compute across at least two AZs, and put static assets behind CloudFront to show the Region/AZ/Edge distinction.

3. Create a responsibility matrix covering IAM, encryption, patching, networking, data, backups, monitoring, and incident response.

4. Use that matrix as the interview-ready explanation of how AWS concepts become production operating controls.

Preparing for an interview?

Check how well your resume matches the role with our free resume checker— match score, ATS check, and the skills you're missing.

More AWS interview questions

← All AWS questions