Amazon S3 is an object store on the AWS platform. In simple terms, an object store is a key-value store for objects with a name as the key and an object as the value, unlike a filesystem store, which is hierarchical. In this chapter, we will learn to secure S3 data with access control lists (ACLs), bucket policies, pre-signed URLs, encryption, versioning, and cross-region replication. We have already seen how to secure S3 data using an IAM policy in Chapter 1, Managing AWS Accounts with IAM and Organizations. 

This chapter will cover the following recipes:

• Creating S3 access control lists
• Creating an S3 bucket policy
• S3 cross-account access from the CLI
• S3 pre-signed URLs with an expiry time using the CLI and Python
• Encrypting data on S3
• Protecting data with versioning
• Implementing S3 cross-region replication within the same account
• Implementing S3 cross-region replication across accounts