Learn Cloud Security Fundamentals in AWS
Source: Dev.to
Introduction
Security is a vital part of every system and infrastructure. The word security comes from the Latin securitas, which is composed of se- (meaning “without”) and cura (meaning “care” or “worry”). Originally it meant “without worry.” Over time it has come to signify being safe or protected.
Today, when we discuss security we usually refer to protection from harm, danger, or threats—whether in our homes, online, while using online banking, or even across an entire country. Security is important in everything we do.
Cloud providers such as AWS are no exception. Their infrastructure must be safeguarded to ensure users’ peace of mind. On platforms like AWS, security is a shared responsibility: both the provider and the user play a role in maintaining security.
Amazon Web Services (AWS) is one of the most popular cloud service providers worldwide. With great power and flexibility comes the responsibility to secure your cloud infrastructure, data, and applications.
In this guide we’ll explore the fundamental aspects of cloud security on AWS, making it easy to understand for those new to cloud computing.
What is Cloud Security?
Cloud security is the set of rules, tools, and practices used to protect your data, apps, and services stored online (in the “cloud”). It helps prevent data loss, hacking, and misuse of information.
Think of cloud security like locking the doors of your house—you wouldn’t leave your doors open for anyone to enter. In the same way, your cloud account must be secured so that your data remains safe.
If your cloud services aren’t secure, hackers could steal your data or cause major damage. Whether you’re a business or an individual using cloud apps, keeping your information safe is essential.
Why is Cloud Security Important?
- It ensures that only the right people have access to your information.
- It protects your data from being lost, stolen, or misused.
- Good security lets your applications run safely without being exposed to attacks.
- It helps keep personal or business data private, reducing the risk of data breaches and financial loss.
Now that you understand why cloud security matters, let’s look at how AWS helps you stay secure and what your own role is in keeping things safe.
Key Cloud Security Concepts
In AWS, cloud security is the responsibility of both AWS and the customer. This is known as the Shared Responsibility Model.
Before learning how AWS divides security duties, you need to understand that AWS protects its infrastructure, but you must protect your own account.
When you create a new AWS account you start with the root user. The root user has full control, but it’s risky to use it for daily work. You should only use it to create another user—an IAM (Identity and Access Management) user.
Recommended Practices
- Create an IAM user using the root account (do this only once).
- Do not use the root account for everyday tasks; use IAM users instead.
- Follow the principle of least privilege—grant a user only the permissions they need.
- Protect the root user by enabling MFA (Multi‑Factor Authentication).
What is MFA?
MFA adds another layer of security when you sign in. It combines something you know (your password) with something you have (a phone or security device). Even if someone obtains your password, they cannot log in without the MFA code.
Ways to Enable MFA
- A virtual MFA app such as Google Authenticator or Authy
- A physical security key such as YubiKey
- A hardware device from Gemalto
- For AWS GovCloud users, an MFA device from SurePassID
Always enable MFA for both your root and IAM users—it’s one of the simplest and most effective ways to protect your AWS account.
Understanding the AWS Shared Responsibility Model
The AWS Shared Responsibility Model divides security duties between AWS and the customer.
1. AWS’s Responsibility – Security of the Cloud
AWS is responsible for protecting the infrastructure that runs the services offered in the AWS Cloud. This includes:
- Physical security of data centres
- Hardware, software, networking, and facilities
2. Customer’s Responsibility – Security in the Cloud
The customer is responsible for securing the data, user accounts, applications, and configurations they store in the cloud.
Image source: AWS shared responsibility model
For example, AWS secures its data centres and servers, while customers must properly configure their accounts and resources.
Example: RDS (Relational Database Service)
AWS Responsibilities
- Automates database patching
- Audits and maintains the underlying instance and storage disks
- Applies operating system updates
(Further responsibilities can be added as needed; the list reflects the original content.)
This guide provides a high‑level overview of cloud security on AWS. For deeper dives into each topic, refer to the official AWS documentation and security best‑practice guides.
# Stem Patches Automatically
## Amazon RDS (Relational Database Service)
### Customer responsibilities (you)
- Manage in‑database users, roles, and permissions
- Choose whether your database is public or private
- Review and control inbound rules, ports, and IP addresses in the database’s security group
- Configure database encryption settings
### AWS responsibilities
- Ensure encryption options are available for your data
- Provide virtually unlimited storage capacity
- Prevent AWS employees and the public from accessing your data
- Keep each customer’s data separated from others
## Amazon S3 (Simple Storage Service)
### Customer responsibilities (you)
- Define your S3 bucket policies according to your security standards
- Review bucket configuration settings
- Create and manage IAM users and roles with the right permissions
### AWS responsibilities
- Ensure encryption options are available for your data
- Provide virtually unlimited storage capacity
- Prevent AWS employees and the public from accessing your data
- Keep each customer’s data separated from others Conclusion
Security has always been about peace of mind. Whether it’s your home, your phone, or your cloud account, you want to know your data is safe.
AWS gives you a strong foundation by securing the cloud itself, but your part matters too—things like enabling MFA, using strong passwords, and managing who can access what. These simple habits go a long way in keeping your data protected.
Cloud security isn’t a one‑time setup; it’s an ongoing practice. When both AWS and its users stay alert, the cloud becomes a place you can trust to store, build, and grow with confidence.
Now that you understand how security works in AWS, you’re ready to dive deeper and start exploring the services that keep it all running smoothly.
For a deeper and clearer explanation, you can read the full guide here:
Learn Cloud Security Fundamentals in AWS
Other Resources
- How to Deploy a Kubernetes App on AWS EKS
- The Best AWS Services to Deploy Front‑End Applications in 2025
- What is Backend as a Service (BaaS)? A Beginner’s Guide
- The Hidden Challenges of Building with AWS
If you found this article helpful, feel free to share it. And if you prefer learning through videos, I also explain cloud topics in simple terms on my YouTube channel.
Stay updated with my projects by following me on:
Thank you for reading!