Under the shared responsibility model, AWS is responsible for the infrastructure that runs all of the services offered in the AWS Cloud. This infrastructure consists of the hardware, software, networking, and facilities that run AWS Cloud services. While AWS handles infrastructure and foundation services, customers are responsible for securing their data within the cloud. Patch management of the EC2 instance's guest operating system, applications, and utilities, as well as firewall configuration for the EC2 instance, fall under the customer's management. However, the physical security of data centers where the hardware for EC2 and S3 resides is an AWS responsibility.