AWS S3 access control

I would use S3 Access Points to achieve this. You can read the full documentation here: https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-points.html

Each access point has distinct permissions and network controls that S3 applies for any request that is made through that access point. Each access point enforces a customized access point policy that works in conjunction with the bucket policy that is attached to the underlying bucket.

An example of an access point policy to grant access to a Prefix (folder) is here:/

{
	"Version": "2012-10-17",
	"Statement": [
		{
			"Sid": "Statement1",
			"Principal": {
				"AWS": "arn:aws:iam::123456789012:root"
			},
			"Effect": "Allow",
			"Action": [
				"s3:*"
			],
			"Resource": [
				"arn:aws:s3:us-west-2:123456789012:accesspoint/tester"
			],
			"Condition": {
				"StringEquals": {
					"s3:prefix": [
						"asdf"
					]
				}
			}
		}
	]
}