A company uses Amazon RDS to run their production database. Under the AWS Shared Responsibility Model, who is responsible for patching the underlying database engine software?
Trap 1: The customer, because they chose to run a relational database
For EC2-based databases, the customer patches the OS and database software. For managed RDS, the model is different — AWS handles engine patching.
Trap 2: A shared responsibility where AWS and the customer each patch…
For RDS engine patching specifically, it is AWS's responsibility. While some configuration decisions belong to the customer, engine patching is managed by AWS.
Trap 3: A third-party DBA contracted by the customer
The Shared Responsibility Model is between AWS and the customer. Third parties contracted by the customer are still considered the customer's responsibility in this model.
- A
The customer, because they chose to run a relational database
Why wrong: For EC2-based databases, the customer patches the OS and database software. For managed RDS, the model is different — AWS handles engine patching.
- B
AWS, because RDS is a managed service that abstracts OS and engine management
RDS is a managed database service. AWS is responsible for patching the database engine (MySQL, PostgreSQL, etc.), the underlying OS, and the hardware. This is why RDS sits on the 'AWS manages' side for engine patching, unlike a self-managed DB on EC2.
- C
A shared responsibility where AWS and the customer each patch different components
Why wrong: For RDS engine patching specifically, it is AWS's responsibility. While some configuration decisions belong to the customer, engine patching is managed by AWS.
- D
A third-party DBA contracted by the customer
Why wrong: The Shared Responsibility Model is between AWS and the customer. Third parties contracted by the customer are still considered the customer's responsibility in this model.