Scope and Shared Responsibility
Shared responsibility is the concept for determining who is in charge of certain areas in a cloud platform. AWS operates, manages and controls the components from the host operating system and virtualization layer down to the physical security of the facilities in which the service operates. The customer assumes responsibility and management of the guest operating system (including updates and security patches), other associated application software as well as the configuration of the AWS provided security group firewall.
Example of AWS shared responsibility