As other already replied, as soon as your code is connected to the internet, security is a thing, no matter if it's in a public cloud or elsewhere.
That said, how to do it, and what to focus on, might change a little bit, since some security aspects are covered by the cloud vendor (obvious example: physical access to your servers and disks). When you start using managed services (ie PaaS os SaaS, and no longer only IaaS), some responsibilities ownership move. An obvious example would be: if you provision EC2 hosts to deploy your own MongoDB onto it, your responsible of applying security patches on this host and software (plus all the usual network and access security). On the other hand, if you use a managed database (like RDS), you're now responsible for setting up correctly all the accesses, but the vendor takes care of security patches for you.
These are examples, to show that:
On the AWS side, there are many resources, but one I like to share frequently with my teams is this talk which does a great job covering many aspects and should remove all uncertainty (then you need to get the job done!):
AWS Security Roadshow - The AWS Shared Security Responsibility Model in Practice