Yes. As I wrote in https://news.ycombinator.com/item?id=29663566, service accounts are not constrained by customer bucket policies. In fact, not even SCP's are restricted by service-linked roles:
"SCPs do not affect any service-linked role. Service-linked roles enable other AWS services to integrate with AWS Organizations and can't be restricted by SCPs."
"SCPs do not affect any service-linked role. Service-linked roles enable other AWS services to integrate with AWS Organizations and can't be restricted by SCPs."
https://docs.aws.amazon.com/organizations/latest/userguide/o...