Explanation

In the AWS shared responsibility model:

AWS is responsible for:

• "Monitor the health of an Availability Zone" - AWS manages the underlying infrastructure including Availability Zones
• "Protect the infrastructure that runs Amazon EC2 instances" - AWS is responsible for the security OF the cloud (physical infrastructure, network infrastructure, virtualization layer)

Customer is responsible for:

• "Patch an Amazon EC2 instance operating system" - Customer manages the security IN the cloud (operating system, applications, data)
• "Configure a security group" - Customer manages network security configurations
• "Manage access to the data in an Amazon S3 bucket" - Customer manages data security and access controls

The shared responsibility model divides security responsibilities where AWS manages security OF the cloud infrastructure, while customers manage security IN the cloud (their applications, data, and configurations).