Below are some items you are responsible for within their infrastructure:
- Network access to and from your AWS instances
- Logging
- Patching
- Backups
- Virus Protection of instances
Amazon is responsible for items such as:
- Physical security
- Physical servers, storage, and networking components
- Disk destruction
- Security audites
- DDOS protection (Free Kindle AWS White Paper Below)
Neither list above is comprehensive but does give you an idea on what you the customer will need to protect on your own. Even something such as login access to your instances is your responsibility. If you happen to loose your private key to an instance, there's not much Amazon can do for you as an example (easy to resolve that problem I know). For the most part if it's anything that's physical or layer 2, you can probably bet that Amazon handles that portion of the cloud.
Hopes this helps, anything else I should add to the list above? Let me know in the comment section below!