"""
If your database server is compromised, the attacker might delete the data in your database on that machine. He would also likely gain access to the AWS credentials you use to send backups to S3 - if this gives him access to also delete your backup, you’re in big trouble. With a policy like the one below, you can restrict users from deleting files, but actually they can still overwrite an existing file, rendering your backup useless. With versioning enabled, an attacker will be able to overwrite a file, but you will always be able to get the original file back. Only the owner of the S3 bucket can permanently delete an object in a versioned bucket.
"""
une bonne pratique sécurité par rapport à s3

via http://www.mypersonnaldata.eu/shaarli/?zvNpRg