Amazon’s shared responsibility model states that AWS is responsible for ensuring that the services they provide works (availability, networking, compute, storage, etc, a.k.a. “security of the cloud”), and the customers have to make sure that what they control works (software, patches, etc, a.k.a. “security in the cloud”). AWS will not be liable for what the clients manage.