AWS is responsible for the physical security of the data centers, including facilities, power, and environmental controls. The customer is responsible for managing the guest operating system, configuring security groups and network ACLs, and implementing application-level encryption.