This document contains a presentation on security best practices for Amazon S3. It discusses how S3 provides confidentiality, integrity and availability. It also summarizes how S3 supports analytics and data serving through its scalable and cost-effective architecture. The presentation recommends enabling default encryption with SSE-KMS, using object lock for governed data, requiring TLS through bucket policies, and enabling VPC endpoints with limiting bucket policies. Useful policy snippets are also provided for requiring TLS, signatures, source IP restrictions, MFA and VPC endpoints.