# Security

**Design Principle**

* Apply security at all layers
* Enable traceability
* Automate response to security events
* Focus on securing our system
* Automate security best practices

**Shared Responsibility Model**![](https://3303577320-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-M4cDbT2F2VmcAohuhSN%2F-M4cDbsP_Q866yrLCgLp%2F-M4cDn9Du8dyPlfkU9OD%2FShared%20Responsibility%20Model.png?generation=1586591644883245\&alt=media)**Security in the cloud consists of**

* Data protection
  * Data classification by privilege
  * Data encryption at rest / in transit with ELB, EBS, S3, RDS
  * Make use of AWS services like encryption, key management, logging, exceptional resiliency, versioning.
* Privilege management
  * Root account protection (MFA)
  * Make use of AWS NACLs (for IPs but **not URLs**), IAM, Password Management (like rotation policy).
* Infrastructure protection
  * AWS handles all this but VPC
* Detective controls
  * Make use of CloudTrail, CloudWatch, AWS Config


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://ysfang82.gitbook.io/development-notes/aws-notes/well-architect-framework/security.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.