Amazon - Simple Storage Service S3 Tips

Use AWS Config and Lambda to  Ensure that S3 Bucket Remains Private
 - AWS Config will trigger the Lambda Function to invoke SNS for any changes in the AWS.

Create a Lambda function to monitor the Bucket ACL and Bucket Policy Changes. If the bucket ACL found public - Lambda function can over write it to make it private. 
if the Bucket Policy found public - it can trigger a SNS Notification to the Security Team.

-- Cross region replication for the bucket ensures that the S3 Bucket is available in another region as well.

-- Use "AWS Encryption CLI" to encrypt the data first before sending  the data across the wire.