In the AWS shared responsibility model, which service requires customers to apply the latest security updates and patches?