Redundancy is not the same as backup. You may not lose files due to machine failure, but a code error, some data scientist deleting the wrong folder, etc, could easily delete the files. Having a backup that isn't automatically tied to the s3 bucket can help prevent catastrophe in these cases.
That's solved by using Object Versioning in S3. That makes it easy to recover from accidental deletion. You can still permanently remove an object by deleting it's versions, but that's a separate operation and not one you'd likely do by accident. Proper permissioning can stop it even being possible.
Beyond that you're probably thinking about black-swan scenarios like AWS going out of business or a hacker breaching your system and deleting everything [1]. In that case you need to be completely separated from AWS (and careful about maintaining the separation) so also using Glacier won't help anyway.
> Proper permissioning can stop it even being possible.
100% this. A little OT, but my standard Postgres backup procedure is streaming via WAL-E to S3. The user WAL-E runs as cannot delete versions. Any attempt to overwrite base backups or WAL parts versions them. I have the versions expire after a couple of months (to reduce storage costs). I do the same for selected logs in /var/log/ via duply.
