Is there a bulletproof way to configure your AWS system?


I am learning how to configure a multi-region AWS system. However, everything I read says "if you want/need more security then do X". Why would anyone want less security (is what I start thinking)… Is there a way to create a bullet proof AWS system? If so, what are the key pieces? If not, how can I prove that to someone who asks?