1.3. AWS Shared Responsibility Model (Developer Context)
š” First Principle: AWS secures the infrastructure under your application; you secure everything inside it ā and the exam will test exactly where that boundary falls.
What breaks when developers misunderstand this model? They either over-engineer (manually patching Lambda runtimes that AWS manages) or under-engineer (assuming AWS encrypts their DynamoDB data at rest by default without enabling it). Both waste time and create vulnerabilities. For instance, a developer who assumes AWS handles S3 bucket policies by default could inadvertently expose sensitive data publicly.
Think of it like renting an apartment: the landlord maintains the building structure, plumbing, and electrical (AWS), but you're responsible for locking your door, not leaving the stove on, and what you store inside (your code, data, and configurations).
