In the AWS shared responsibility model, AWS is responsible for the security of the cloud, including the infrastructure that runs all the services offered in the AWS Cloud. The customer is responsible for security in the cloud, which includes managing the guest operating system (including updates and security patches), any application software or utilities installed by the customer on the instances, and the configuration of the AWS provided firewall (security groups) on each instance. Therefore, applying OS patches and securing the server against unauthorized access are responsibilities of the customer.