Comment by hn_throwaway_99
6 years ago
I'm not talking about not having any access in the technical sense. I'm talking about a "Chinese wall" whereby people who work for AWS supporting customers should absolutely not be able to inform any of the teams that build new Amazon services. These types of Chinese walls exist in many different industries, perhaps most famously finance, and when these walls have been "breached" in the past it has resulted in huge scandals.
I think your understanding is true, unless the claimant elaborate what those data is and how his team got it, I do not understand how it would have worked.
Access records for public services have a very detailed iam audit trail that logs people who accessed what at what time, and service teams don't get to just jump around that. Maybe they can see some metadata but certainly not actual data in an S3 bucket somewhere.