AWS is responsible to update their databases in the RDS model, but the question is, if there is not back doors and there are security groups and acl's how do aws update their databases?
Who said Amazon doesn't have "back doors" to RDS instances? They have access to the underlying EC2 servers the RDS databases run on, and they have an admin account on all your RDS databases.