S3 Extension and S3 Bucket Settings?

I’m trying to use the s3 extension. I can do a read and write using CFFILE. ie:

What should the AWS bucket settings and the AMI policy be? I cant seem to lock it down so its not public writeable. Does anyone have a guide to the AWS settings?