When purposing an S3 bucket for a specific use case where single user will need access to work with that bucket a policy similar to the one below can be assigned to a user in IAM:
This is relevant in situations such as Using pgbackups-archive to automate archving Heroku backups to S3.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::myapp-backups"
},
{
"Action": "s3:PutObject",
"Effect": "Allow",
"Resource": "arn:aws:s3:::myapp-backups/*"
}
]
}