Explanation

In the AWS Shared Responsibility Model:

Customer Responsibilities (Security IN the Cloud):

• Configure VPC subnets - Customers are responsible for network configuration including VPC setup, subnets, and routing
• Configure security groups for Amazon EC2 instances - Customers manage security groups, which act as virtual firewalls for EC2 instances

AWS Responsibilities (Security OF the Cloud):

• Manage and maintain AWS Regions - AWS manages the physical infrastructure and availability zones
• Patch and maintain Amazon CloudFront - AWS manages the CDN service infrastructure
• Patch the operating system in Amazon DynamoDB - AWS manages the underlying infrastructure for managed services like DynamoDB

The key distinction is that customers are responsible for security configuration within their cloud environment, while AWS manages the security of the cloud infrastructure itself.