# Security in AWS DeepRacer Student
Cloud security at AWS is the highest priority. As an AWS customer, you benefit from a data center and network architecture that is built to meet the requirements of the most security-sensitive organizations.
Security is a shared responsibility between AWS and you. The [shared responsibility model](https://aws.amazon.com/compliance/shared-responsibility-model/) describes this as security of the cloud and security in the cloud:
+ **Security of the cloud** – AWS is responsible for protecting the infrastructure that runs AWS services in the AWS Cloud. AWS also provides you with services that you can use securely. Third-party auditors regularly test and verify the effectiveness of our security as part of the [AWS Compliance Programs](https://aws.amazon.com/compliance/programs/). To learn about the compliance programs that apply to AWS DeepRacer Student, see [AWS Services in Scope by Compliance Program](https://aws.amazon.com/compliance/services-in-scope/).
+ **Security in the cloud** – Your responsibility is determined by the AWS service that you use. You are also responsible for other factors including the sensitivity of your data, your company’s requirements, and applicable laws and regulations
This documentation helps you understand how to apply the shared responsibility model when using AWS DeepRacer Student. It shows you how to configure AWS DeepRacer Student to meet your security and compliance objectives. You also learn how to use other AWS services that help you to monitor and secure your AWS DeepRacer Student resources.
**Topics**
+ [Data protection](data-protection.md)
+ [Identity and access management](security-iam.md)
+ [Compliance validation](compliance-validation.md)
+ [Resilience](disaster-recovery-resiliency.md)
+ [Infrastructure security](infrastructure-security.md)
# Data protection in AWS DeepRacer Student
The following sections explain what data is captured by AWS DeepRacer Student, and where AWS DeepRacer Student uses data encryption to protect your data.
When you create a AWS DeepRacer Student account you also create an AWS Player account. Resources created in your AWS DeepRacer Student account are stored in your AWS Player account. For more details about AWS Player accounts, see [What are AWS Player accounts?](setting-up.md) in the *AWS DeepRacer Student User Guide*.
**Topics**
+ [Captured data in the AWS DeepRacer Student portal](#captured-data)
+ [Encryption at rest in AWS DeepRacer Student portal](#encryption-rest)
+ [Encryption in transit in AWS DeepRacer Student portal](#encryption-transit)
## Captured data in the AWS DeepRacer Student portal
To use the AWS DeepRacer Student portal, the required data is stored in your AWS Player account. The data captured in the AWS DeepRacer Student portal is not used to help improve the service.
**Captured data in AWS DeepRacer Student.**
The following is a summary of data created in AWS DeepRacer Student and stored in your AWS Player account.
+ Your email address and password used to register your account.
+ Your racer name
+ Your standing on the Student League leaderboard
+ Your trained models
+ Reward function code
## Encryption at rest in AWS DeepRacer Student portal
Data captured by AWS DeepRacer Student portal is encrypted by default.
AWS Player accounts use Amazon Cognito to encrypt and store the email and password used to login to AWS DeepRacer Student. For more information, see [Data Protection in Amazon Cognito](https://docs.aws.amazon.com/cognito/latest/developerguide/data-protection.html).
All other data captured in AWS DeepRacer Student is encrypted at rest in the cloud using AWS owned keys through AWS Key Management Service with AES-GCM and using keys of size 256-bits. This data is stored and encrypted in Amazon Simple Storage Service (S3) and Amazon DynamoDB.
## Encryption in transit in AWS DeepRacer Student portal
Your registered and authorized email addresses are encrypted with client-side encryption. All other [data captured in AWS DeepRacer Student](#captured-data) is copied out of your account and processed in an internal AWS system. By default, AWS DeepRacer Student uses secure connections over HTTPS to encrypt data in transit.
# Identity and access management for AWS DeepRacer Student
AWS Identity and Access Management (IAM) is an AWS service that helps an administrator securely control access to AWS resources. IAM administrators control who can be authenticated (signed in) and authorized (have permissions) to use AWS resources. AWS DeepRacer Student does not directly integrate with IAM to control user access to AWS resources. Instead, AWS DeepRacer Student uses an authenticated proxy API managed by AWS DeepRacer to secure user resources.
# Compliance validation for AWS DeepRacer Student
Third-party auditors assess the security and compliance of AWS DeepRacer Student as part of multiple AWS compliance programs.
For a list of AWS services in scope of specific compliance programs, see [AWS Services in Scope by Compliance Program](https://aws.amazon.com/compliance/services-in-scope/). For general information, see [AWS Compliance Programs](https://aws.amazon.com/compliance/programs/).
You can download third-party audit reports using AWS Artifact. For more information, see [Downloading Reports in AWS Artifact](https://docs.aws.amazon.com/artifact/latest/ug/downloading-documents.html).
AWS provides the following resources to help with compliance:
+ [Security and Compliance Quick Start Guides](https://aws.amazon.com/quickstart/?awsf.quickstart-homepage-filter=categories%23security-identity-compliance) – These deployment guides discuss architectural considerations and provide steps for deploying security- and compliance-focused baseline environments on AWS.
+ [AWS Compliance Resources](https://aws.amazon.com/compliance/resources/) – This collection of workbooks and guides might apply to your industry and location.
+ [Evaluating Resources with Rules](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config.html) in the *AWS Config Developer Guide* – AWS Config; assesses how well your resource configurations comply with internal practices, industry guidelines, and regulations.
+ [AWS Security Hub CSPM](https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html) – This AWS service provides a comprehensive view of your security state within AWS that helps you check your compliance with security industry standards and best practices.
# Resilience in AWS DeepRacer Student
The AWS global infrastructure is built around AWS Regions and Availability Zones. Regions provide multiple physically separated and isolated Availability Zones, which are connected through low-latency, high-throughput, and highly redundant networking. With Availability Zones, you can design and operate applications and databases that automatically fail over between zones without interruption. Availability Zones are more highly available, fault tolerant, and scalable than traditional single or multiple data center infrastructures.
For more information about AWS Regions and Availability Zones, see [AWS Global Infrastructure](https://aws.amazon.com/about-aws/global-infrastructure/).
# Infrastructure security in AWS DeepRacer Student
As a managed service, AWS DeepRacer Student is protected by the AWS global network security procedures that are described in the [Amazon Web Services: Overview of Security Processes](https://d0.awsstatic.com/whitepapers/Security/AWS_Security_Whitepaper.pdf) whitepaper.