The recommended way by AWS S3 is to control access at the bucket level using bucket policies and control access at the object level using ACLs if needed. What happens if there are conflicts between bucket policies and access control lists?
The least privilege access is granted if conflicts exist between ACLs and bucket policies. Access control lists, or ACLs, can be applied at the bucket level or the object level. There are four main permissions that can be controlled at the bucket level using ACLs. List objects allow the grantee to list objects in the AWS S3 bucket, write objects allows the grantee to create and delete objects in the bucket, read bucket permissions allows the grantee to read bucket ACLs, and finally, write bucket permissions allows the grantee to edit the bucket ACLs.