AWS is responsible for security 'of' the cloud (hardware, facilities, managed services) and you are responsible for security 'in' the cloud (your data, IAM, OS patching, configuration). AWS does not secure your data for you, you never manage AWS's data centers, and auditors verify controls but don't own them.
Official docs