Between December 21, 2021 at 23:48 UTC and December 22, 2021 at 08:23 UTC, the policy used by AWS Support automated systems - AWSSupportServiceRolePolicy - inadvertently included S3:GetObject permissions. This change has been reverted. While these permissions were temporarily present, they were not and could not be used - only a tightly controlled set of AWS support systems may assume the AWSSupportService role, and these systems do not provide the capability to access S3 objects even if permission is granted to the role. Regardless, we are implementing additional safeguards to prevent the Support policy from inadvertently granting data access permissions. All changes to AWS Managed Policies are publicly visible and all access to S3 objects are recorded in S3 server access logs and CloudTrail data events.