A common failure mode in the past 40 years of communication is for automated billing to be triggered by an unauthenticated request to a service; I saw examples in the 1980s on PSS.

That Amazon would make the mistake nowadays of billing people for failed and unauthenticated delete requests, does seem sloppy.

Thus this is welcome:

Previously: https://medium.com/@maciej.pocwierz/how-an-empty-s3-bucket-can-make-your-aws-bill-explode-934a383cb8b1