Shared responsibility model
Security can't be an afterthought. It is essential in the multitenant environment of cloud.
It is clearly defined what the responsibility of AWS is as a service provider, and what the responsibility of a customer is as a consumer of AWS resources, and that helps to make the environment more secure.
Reference: https://aws.amazon.com/compliance/shared-responsibility-model/
AWS is responsible for securing the cloud infrastructure while the customer is responsible for configuring security in the cloud.
The responsibility of AWS and a customer may change based on the cloud service model used by the customer.
Platform as a Service (PaaS) model demands more responsibility from AWS compared with Infrastructure as a Service (IaaS) because the customer has very little control over the overall environment in PaaS:
As you go down in service model, customer's responsibility increases, and as you go upward in service model from IaaS to SaaS, AWS responsibility increases.