- Enforce access control using S3 bucket policies and IAM policies.
- Enable versioning to maintain a history of object changes and prevent accidental deletions.
- Implement bucket logging to track access to your S3 resources.
- Example bucket policy to restrict access to a specific IAM user:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::123456789012:user/username"
},
"Action": "s3:*",
"Resource": "arn:aws:s3:::example-bucket/*"
}
]
}