Access controls
- user based (IAM Policies)
- Resource based (Bucket policies)
- Object ACL
- Bucket
Encyrption can be done via KMS key
Objects can’t be accessed public if block all public access is enabled, even if IAM policies allow it
https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html