Security in AWS is a shared responsibility based on the cloud service model used by the customer or user. In AWS, physical resources, such as servers, storage, and network, are managed by the AWS, and users need not worry about it as AWS has already put in best practices and it is transparent about it.
It is up to you to configure security in the AWS as per the proven best practices available for the AWS infrastructure.
Users can configure security groups, access control lists, Virtual Private Cloud (VPC), and identity and access management to make the resources in cloud more secure.
Compliance is extremely important for assurance of security and protection. Security and compliance both are shared responsibilities for AWS and the AWS customer based on the usage of cloud service model used by the customer. AWS complies to SOC 1/ISAE 3402, SOC 2, SOC 3, FISMA, DIACAP, and FedRAMP, PCI DSS Level 1, ISO 9001, ISO 27001, ISO 27018, and so on.
