It is a 160 Page PDF on S3.
If you are putting any confidential information in S3 you need to see the S3 service map in the PDF on page 3. All the different access points and places you can set an ACL... All the bolt on services that keep on piling on starts to show the age of the service.<p><a href="https://github.com/trustoncloud/threatmodel-for-aws-s3/raw/main/Amazon%20Simple%20Storage%20Service%20(S3)%20-%20ThreatModel.pdf" rel="nofollow">https://github.com/trustoncloud/threatmodel-for-aws-s3/raw/m...</a><p>Here is a nice threat:<p>Etags includes the MD5 of the file but not consistently and can be used by
developers to verify the integrity of a file. An attacker can affect an upload
function to change the etag of a file, in order to disrupt a workflow downstream.