"If the threat model posits an attacker with an exploit for Amazon S3"
No, I'm not talking about an "S3 exploit". In fact, quite the opposite. I'm talking about an exploit for the web server that serves static S3 sites (and yes, it is a web server) which would serve arbitrary content instead of the underlying S3 content.
The end user doesn't care that you injected the defaced content vs. altered the underlying content - defaced is defaced.
In that situation, a malicious actor can execute arbitrary code on an S3 box that likely hosts all kinds of government / business critical data. OP's point is that unless your static website secretly contains nuclear launch codes, the actor will not spend his time coming after your site. You would hear about this kind of situation in the newspaper before your website would change.
No, I'm not talking about an "S3 exploit". In fact, quite the opposite. I'm talking about an exploit for the web server that serves static S3 sites (and yes, it is a web server) which would serve arbitrary content instead of the underlying S3 content.
The end user doesn't care that you injected the defaced content vs. altered the underlying content - defaced is defaced.