On many buckets, we use s3://bucket/path to separate environments
because AWS used to have a really low limit on the number of buckets
we could have, and we wanted to share them across environments.

If you combine this with an IAM policy that only allows you access
to the s3://bucket/path that you "own", then get_bucket fails.
http://boto.cloudhackers.com/en/stable/ref/s3.html#boto.s3.connection.S3Connection.get_bucket
The HEAD appears to be similar to get_all_keys which requires
ListObjects on the bucket with no conditions.

django-storages (Which is what we write new S3 access in) actually
always passes validate=False unless you're allowing it to create buckets
for you (which we never do).
https://github.com/jschneier/django-storages/blob/1.4.1/storages/backends/s3boto.py#L320-L334