Amazon S3 adds new bucket-level setting to disable SSE-C encryption
Amazon S3 now supports a new default encryption configuration to disable server-side encryption with customer-provided keys (SSE-C) requests to your buckets. This new bucket-level setting helps you standardize the server-side encryption types that can be used with your general purpose buckets. Using the PutBucketEncryption API, you can disable SSE-C encryption on specific buckets or in your Infrastructure as Code templates.
Support for blocking SSE-C encryption using the PutBucketEncryption API in all Amazon Web Services Regions, including the Amazon Web Services China (Beijing) Region, operated by Sinnet, and the Amazon Web Services China (Ningxia) Region, operated by NWCD. You can use Amazon Web Services Management Console, SDK, API, or CLI to configure the use SSE-C encryption in your buckets. To learn more about our upcoming plans for SSE-C encryption, see the SSE-C encryption default change for new S3 buckets FAQ in the S3 User Guide. For more information on the PutBucketEncryption API, visit the S3 documentation.