Managed Services - IAAS vs PAAS - Shared Responsibility - AWS Certification Cheat Sheet

Let’s get a quick overview of Managed Services - IAAS and PAAS - from an AWS certification perspective. We will look at important certification questions regarding Managed Services - IAAS and PAAS.

You will learn

  • What is IAAS(Infrastructure as a Service) ?
  • What is PAAS (Platform as a Service) ?
  • What are the different Managed Services provided by AWS?
  • What is Shared Responsibility Model?

IAAS (Infrastructure as a Service)

IAAS (Infrastructure as a Service) is all about using only infrastructure from cloud provider. It is also called “Lift and Shift”. Example: Using EC2 to deploy your applications or databases

With IAAS, you are responsible for:

  • Application Code and Runtime
  • Configuring load balancing
  • Auto scaling
  • OS upgrades and patches
  • Availability
  • etc.. ( and a lot of things!)

PAAS (Platform as a Service)

PAAS (Platform as a Service) is all about using a platform provided by cloud

Cloud provider is responsible for:

  • OS (incl. upgrades and patches)
  • Application Runtime
  • Auto scaling, Availability & Load balancing etc..

You are responsible for:

  • Application code
  • Configuration

Examples of PAAS

  • CAAS (Container as a Service): Containers instead of Applications
  • FAAS (Function as a Service) or Serverless: Functions instead of Applications

AWS Managed Service Offerings

Here are some of the AWS Managed Service Offerings:

  • Elastic Load Balancing - Distribute incoming traffic across multiple targets
  • AWS Elastic Beanstalk - Run and Manage Web Apps
  • Amazon Elastic Container Service (ECS) - Containers orchestration on AWS
  • AWS Fargate - Serverless compute for containers
  • Amazon Elastic Kubernetes Service (EKS) - Run Kubernetes on AWS
  • Amazon RDS - Relational Databases - MySQL, Oracle, SQL Server etc
  • And a lot more…

Shared Responsibility Model

Security & Compliance is shared responsibility between AWS and customer

Shared Responsibility Model - Amazon EC2

Amazon EC2 instances is Infrastructure as a Service (IaaS).

You are responsible for:

  • Guest OS (incl. security patches)
  • Application software installed
  • Configuring Security Groups (or firewalls)

AWS is responsible for infrastructure layer only.

Shared Responsibility Model - Managed Services

Amazon S3 & DynamoDB are managed services.

AWS manages infrastructure layer, OS, and platform.

You are responsible for

  • Managing your data
  • Managing security of data at rest(encryption)
  • Managing security of data in transit
    • Mandating SSL/HTTPS
    • Using the right network - AWS global network or dedicated private network when possible
  • Managing access to the service
    • Configure right permissions (IAM users/roles/user policies/resource policies)
    • (FOR AWS RDS) Managing in database users
    • Configuring the right security groups (control inbound and outbound traffic)
    • Disabling external access (public vs private)

Certification - Recommended Reading

Cloud Certifications - AWS, Azure and Google Cloud - Top 8 FAQ For Me

Google Cloud For Beginners - How to choose a Database Service?

Teaching Cloud Certifications - Top 6 Learnings

Google Cloud For Beginners - How to choose a Compute Service?

Important Kubernetes Concepts Made Easy

Introduction to Google Cloud - For AWS Professionals

Getting Started with Docker - 5 Easy Steps

GCP PubSub - GCP Certification Cheat Sheet

GCP IAM - GCP Certification Cheat Sheet

GCP App Engine - GCP Certification Cheat Sheet


Congratulations on reading this article!

Wondering what to learn next?


Keep Learning Every Day

Check Out Our Amazing ROADMAPS