So, man, I'll answer here because I can not comment.
You will not be able to store session through API (ajax requests, etc). This is because these requests are completely independent of each other and the backend usually treats each of them as independent sessions.
There are a few ways you can get around this. What I usually do is use a JWT (Json Web Token) . With it you can store information about the user inside it and retrieve them inside your backend. These tokens are often used in session form, you can send an expiration date inside it and renew this expiration with each call to the backend, for example, causing if the user stays more than 20min without calling the backend, the token becomes invalid and it must log in again. You can store this token in sessionStorage, localStorage, or even use cookies.
Through S3, because it is static, you will not be able to work with sessions, since sessions usually work well on sites that are rendered by the backend itself (Django, Pyramid, among other frameworks) do this, but you you will not be able to use S3 to publish this type of site.
In short, I suggest you use JWT to work with sessions (simulate them, in that case)