To reduce the chance of a human error affecting the a production site (especially in a team environment) it is good practice to implement a CI/CD pipeline. This post covers the implementation of a CI/CD pipeline for the AlphaGeek site. In future I will provide a more generic post about CI/CD pipelines.
After implementing an AWS CloudFront distribution for serving content from AWS S3 it is best practice to prevent direct access to the S3 bucket. This will prevent duplicate content issues on search engines and will also mean your content can only be accessed by the domains you expect.
It's very common to have some sort of test/SIT/UAT environment(s). Often this site should't be made public. When using AWS there are a number of strategies to secure the test environment(s) from limiting access by IP address (this works well if you have a static IP and/or can VPN to a fixed IP address), only permit access via a VPN connection (which can be useful in a corporate environment), or set-up the web browser and AWS WAF (works for Chrome and FireFox in a small business environment).