With more than 100 trillion objects in Amazon Simple Storage Service (Amazon S3) and an almost unimaginably broad set of use cases, securing data stored in Amazon S3 is important for every organization.


For that reason, AWS curated the top 10 controls for securing your data in S3.

1. Block public S3 buckets at the organization level
2. Use bucket policies to verify all access granted is restricted and specific
3. Ensure that any identity-based policies don’t use wildcard actions
4. Enable S3 protection in GuardDuty to detect suspicious activities
5. Use Macie to scan for sensitive data outside of designated areas
6. Encrypt your data in S3
7. Protect data in S3 from accidental deletion using S3 Versioning and S3 Object Lock
8. Enable logging for S3 using CloudTrail and S3 server access logging
9. Backup your data in S3
10. Monitor S3 using Security Hub and CloudWatch Logs

https://aws.amazon.com/blogs/security/top-10-security-best-practices-for-securing-data-in-amazon-s3/