You can apply policies to S3 in order to increase security. To start off you can assign IAM permissions to users, allowing or denying access to the bucket. You can get even more granular with a bucket ACL and even an object ACL that offers more specific security by attaching the ACL to the bucket or object in question and have specific rules applied indicating which AWS users and groups have access and what type of access that is, really only reason you’d use ACL is if specific objects require different permissions among the bucket most of the time just a traditional IAM or bucket policy will suffice. You can even allow cross-account access by utilizing a bucket policy.