Explanation

Under the AWS Shared Responsibility Model:

Customer Responsibility (Security IN the Cloud):

• Amazon EC2 operating system patching (B) - Customers are responsible for patching and maintaining the guest operating systems on their EC2 instances
• API access control for AWS resources (C) - Customers manage IAM policies, user access, and API permissions for their AWS resources

AWS Responsibility (Security OF the Cloud):

• Hardware maintenance (A) - AWS maintains the physical infrastructure and hardware
• Configuration management of infrastructure devices (D) - AWS manages the configuration of network devices, hypervisors, and physical infrastructure
• Maintenance of an Availability Zone (E) - AWS is responsible for maintaining the physical facilities and infrastructure of Availability Zones

This division ensures AWS handles the security of the cloud infrastructure, while customers secure their content, platforms, applications, and operating systems within that infrastructure.