Now there's a fail.
The ingress was okay, but the egress flow was very very bad!
The operator’s approach to bad actors was to respond as slowly as possible instead of quickly rejecting.
You can also add IP address restrictions to a bucket access policy; this was obviously not done here because once she had the credentials, it didn't matter where she was accessing from.
Tor node IPs are published, so you can just block that list.