Java folks being Java folks, however, decided that having this external process was a faulty design, for some reason and decided to rewrite it in Java and have it run in the same JVM as the app (with some huge performance implications, at least at first).
Like most tools at Amazon, this extended back to developer desktops, so even development keys could be generated, and autorotated without developers needing to know about them. Group based access ensured they were sent to hosts when new employees entered a group and were removed when they left the group.
A lot of internal Amazon ideas eventually make their way to the public as AWS offerings, typically with limitations due to them needing to be public offerings without dev teams that can sit in a room at a moments notice and decide on any necessary changes. Typically that means the AWS offering is lacking features compared to the internal version, but eventually teams are encouraged to migrate (I’ve been away from Amazon for about 4 years, but that’s still the impression I get). Lambda, DynamoDB, Code Deploy, Autoscaling Groups, ALB/NLBs (load balancer tied to an ASG), Cloud Watch, SQS, etc. all had internal equivalents which often were better (imho) than the AWS offering. Some were hosted (by another team), some needed to be managed by each team (which made the move to AWS more compelling).