This AWS re:Invent 2023 session explores best practices for securing data in Amazon S3. Presenters Meg and Becky from AWS discuss recent security enhancements, including encryption by default, block public access, and disabled ACLs for new buckets. They cover encryption options, monitoring tools like CloudTrail and S3 Access Analyzer, and provide detailed guidance on using IAM policies to control access. The talk emphasizes the importance of both preventative and detective controls, explaining how to use bucket policies to create data perimeters and share data securely across accounts. Advanced features like S3 Access Points and the new Access Grants for managing permissions at scale are also introduced. Throughout, the presenters stress that while S3 security may seem complex, many best practices are now default settings, making it easier for customers to implement strong security postures for their S3 data.