Sounds like they amay be accepting user PDFs, saving them to a bucket, and then doing processing after.

They trust their AWS EC2 instance doing the processing but not their AWS S3 bucket doing the storing? I don't really understand the threat model here.

And what's "public bucket"?

So the model here is, first it gets uploaded to a staging bucket, a lambda/callback checks the validity of the file and then puts it into a safe bucket of which content I trust to put in my server(backend)

I think maybe you are using the word "tampered" in an unusual way? To mean unsafe?

ah apologies again, for this specific one i meant where users from the internet are allowed to upload to. (i am using presigned urls)

apologies my bad. I mean someone uploading a malicious pdf as user input. I am talking beyond calmav and flietype checking, to check if its a valid pdf.