So do you proxy your calls from S3 to a serverless service? And do you handle cross origin calls via CORS? Just curious because I've never used serverless before.
You can use JavaScript on the frontend to call a Lambda function that you 100% control (including CORS, etc). You can use this to do things like authentication, authorization, and rate limiting, as well, versus just giving open access to an internal datastore.