The correct answer is true. AWS manages the security of the cloud, which includes the infrastructure that runs all of the services offered in the AWS Cloud. This is part of the AWS responsibility under the shared responsibility model. However, the customer is responsible for securing anything in the cloud, which includes user access controls for services such as Amazon RDS. Configuring secure user access with appropriate permissions is a customer responsibility.