AWS security operates on a shared responsibility model comprising of parts managed by you and other parts managed by AWS. For example, you will need to implement your own security controls for users and roles, policies and configuration, applications and data (storage, in-transit, and at-rest) and for firewalls, network configuration, and the operating system.

AWS is responsible for managing the security for the virtualization layer, the compute, storage, and network infrastructure, and the global infrastructure (regions, AZs, and endpoints), and physical security. In addition, AWS is responsible for the operating system or the platform layer for EC2 or other infrastructure instances for AWS container services (Amazon RDS, Amazon EMR, and so on). AWS also manages the underlying service components and the operating system for AWS abstracted services (Amazon S3, DynamoDB, SQS, SES, and so on).

AWS has a whole host of industry recognized compliance certifications...