Many AWS services use pagination to limit the number of items returned in a single API call. For example, S3’s list_objects_v2()
returns a maximum of 1000 objects per call, and DynamoDB’s scan() returns up to 1MB of data per call.
When you call these operations through boto3 without proper pagination handling, you only receive the first page of results. This means your
application silently operates on incomplete data, which can lead to incorrect logic and missed operations on resources that exist beyond the first
page.
What is the potential impact?
Operating on incomplete data can cause missing critical resources, incorrect business logic based on partial datasets, and security vulnerabilities
where policies or access changes are not applied to the full resource set. These issues are often silent and difficult to detect in testing
environments with smaller datasets.
