From @bmonkman in Slack:

I’m applying the current version to Helix and noticed one issue with the files stuff. There’s a piece that creates a policy for the CI user to be able to deploy to the S3 buckets we create. That will need to be changed so it only allows deploying to buckets with signed_urls: false

resource "aws_iam_policy" "deploy_assets_policy"