Tech should be simple and fail immediately if used incorrectly. It's a tech issue if the dispersal of customer records is happening frequently enough to be a meme.
S3 does fail safe. The default is to deny access, but the problem is that every so often someone “solves” a problem by granting access broadly rather than learning how the tool works or reading the prominent warnings. This isn’t like C++, it’s more an example of how people don’t consistently respect the ancillary tools they use enough to learn how they work. I’ve seen the same pattern in many other contexts and it always came down to “I need to get my real work done, I don’t have time for this sysadmin stuff!”
You can try to be Rust and refuse such access rules. Yes, I know it sometimes makes sense. Rust rejects perfectly fine codes too. People are really into such things.
Rust has unsafe, too, because the implementers know that they need to work in a messy world. S3 has options for globally blocking public access, there are warnings and tools which continuously audit for things like cross-account access, etc. but they have a lot of customers who legitimately need things like that so there has to be a way to do it, just as Rust allows you to say “I know what I’m doing, call libc!”
Tech should be simple and fail immediately if used incorrectly. It's a tech issue if the dispersal of customer records is happening frequently enough to be a meme.