Under the AWS shared responsibility model, which two aspects are managed by the customer?

The AWS shared responsibility model delineates the security and compliance obligations of AWS and its customers. In this framework, customers are responsible for aspects related to the data they put into the cloud and how they manage that data.

Data encryption involves securing data both at rest and in transit, ensuring that unauthorized users cannot access it. This is a critical aspect of data governance and security that customers must manage within their cloud environments. User access management refers to the processes and tools in place to define who can access resources and data within AWS. This includes setting permissions, roles, and policies that determine user capabilities and ensuring only authorized individuals have access to sensitive information.

These responsibilities belong to the customer because they pertain to specific data handling practices and user permissions tailored to individual business needs and compliance requirements. In contrast, aspects such as physical security of data centers, hardware maintenance, and network infrastructure setup fall under AWS's responsibility, as they pertain to the underlying infrastructure and services provided by the cloud provider.