The top three areas
Guest OS are all the responsibility of the organisation using AWS. Typically you would think of these three areas as the EC2 service. Below these areas organisation data is not visible to AWS which helps to ensure that your customer data is protected.
The areas of the Shared Responsibility Model that are not visible to the organisation using AWS are regularly checked as part of compliance.
- AWS Compliance - provides detail from a number of 3rd Party audits that regularly go through the entire AWS stack to ensure compliance