On AWS, you can restrict an access key to an S3 bucket (or many). This way, your app A can access bucket X, and your app B can access bucket Y, but if A gets compromised, It won’t be able to delete files from Y.
It is way too complicated to configure on AWS, but very powerful.
Being able, on our lovely made-in-France Scaleway, to check “all buckets” or “bucket A” or “bucket A + bucket B” as access rights for a given access key would be great.
Like selecting “all repos” or “repo A” on Github when you configure an app !