Comment by abhijais1
In a ideal world yes developers should care about these issues but developers need access to AWS keys to locally test integration with AWS services like SQS and Dynamo so access to micro service keys needs to be provided.
The problem occurs when they forget and commit, that key needs to be rotated which has caused downtimes in the past, or scrubbed which involves a messy fight with VCS support teams.
The problem is not just AWS, in general for third party integrations with platform like banks developers needs to test locally but they forget removing those keys. Each keys committed is a potential SOC2 / PCI non-compliance avenue.
You never need to have your access keys in your repository or read them explicitly from any properties file. The SDK will automatically get the keys from your home directory when you run your code.