Resources
Amazon S3 documentation
Authenticating Requests (AWS Signature Version 4)
Authenticating Requests: Using Query Parameters (AWS Signature Version 4)
Authenticating Requests: Browser-Based Uploads Using POST (AWS Signature Version 4)
Amazon S3 Signature Version 4 Authentication Specific Policy Keys
Other references
Building a Data Perimeter on AWS (AWS whitepaper)
SEC03-BP02 Grant least privilege access (AWS Well Architected Framework, Security pillar)
SEC03-BP05 Define permission guardrails for your organization (AWS Well Architected Framework, Security Pillar)