It is a good security practice to use the least amount of privilege required. So I followed Keita’s instructions on granting user access to a S3 bucket to create a new user that can only access a single bucket in S3. Because my AWS usage is only S3 and Route53, I also gave this user access to AWS billing. That is a minor violation of least privilege, but the increased convenience well worth the small decrease in security.
There are plenty of options for copying files to S3. It is important that your choice sets the content-type correctly. I use Forklift from binarynights to copy my files to Amazon S3. If you add the site as a Favorite from the Favorites pane, then you have the option to save the secret key.