Still, if somebody knows your credentials, can impersonate yourself looking at your shoulders, or at the phone, if is faster than yourself in typing it.

Wouldn’t they have already seen it in plan text in whatever medium you received it?

After few requests timed out, started to dig a bit. The CNAME for a bucket endpoint was pointing to s3-1-w.amazonaws.com with a TTL of at least an other 5600 secods. Doing a full trace was giving back a new s3-3-w.amazonaws.com The IP related to s3-1-w was/is timing out, all cool instead for the s3-3-w.