According to theAWS Shared Responsibility Model, AWS is responsible for the security "of" the cloud (such as protecting the infrastructure, including hardware, software, networking, and facilities that run AWS Cloud services). In contrast, customers are responsible for security "in" the cloud. This includes configuring and using AWS services securely.
D. Use AWS Identity and Access Management (IAM) according to the principle of least privilegeis a customer's responsibility. Customers must manage their credentials, control access to resources, and ensure that IAM policies follow the principle of least privilege, which means granting only the permissions necessary to perform a task.
Why other options are not suitable:
A. Patch the Amazon DynamoDB operating system: AWS is responsible for managing and patching the infrastructure for managed services like DynamoDB.
B. Secure Amazon CloudFront edge locations by allowing physical access according to the principle of least privilege: AWS handles physical security of its edge locations.
C. Protect the hardware that runs AWS services: AWS is responsible for protecting the physical hardware that runs AWS services.
