Amazon Web Services S3 – Part 2: Security
Simple Storage Service (S3)
Write and delete access to buckets and objects is controlled via Access Control Lists (ACL). You can assign read permissions to any object to specific users. You can also make an object public to grant access to anyone.
Transfer into and out of S3 can utilize SSH which will encrypt data. This prevents any “over the wire” interception of your data. Data at rest is not encrypted and Amazon recommends that users encrypt any sensitive data with their encryption tool of choice. You would encrypt your data before uploading to S3.
When you remove an object or bucket, public access (i.e. from the internet) is removed immediately. The space is then made available for writing by any user.