Best practice would be to let your client application to upload directly to S3, not flowing through your own web infrastructure. This would leverage ether massive parallel nature of S3 and off-load your web infrastructure. Offloading your infrastructure will allow to use less instances or smaller instances to serve the same amount of traffic. Hence a lower infrastructure cost for you.
You would need to write an S3 IAM Policy that would limit access for each of your user to their own "directory" (aka key prefix) on S3
Have a look at this blog post : http://blogs.aws.amazon.com/security/post/Tx1P2T3LFXXCNB5/Writing-IAM-policies-Grant-access-to-user-specific-folders-in-an-Amazon-S3-bucke
If your application is a web app, you can even let your customers' browsers upload directly to S3. See how to implement this securely at http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-UsingHTTPPOST.html
Just a last note about your question : S3 is not a file system, S3 is an object store. Read more about the differences between object storage and file system at http://www.infoworld.com/article/2614094/data-center/what-is-object-storage-.html
