Amazon S3 adds new bucket-level setting to standardize encryption types used in your buckets

Amazon S3 now supports a new default encryption configuration setting to enforce Amazon S3 managed server-side encryption (SSE-S3) or server-side encryption with AWS KMS keys (SSE-KMS) for all write requests to your buckets. This new bucket-level setting helps you standardize the server-side encryption types that can be used with your buckets. Using the PutBucketEncryption API, you can disable server-side encryption with customer-provided keys (SSE-C) on specific buckets or in your AWS CloudFormation templates. This enhancement to the PutBucketEncryption API is now available in all AWS Regions. You can use the AWS Management Console, SDK, API, or CLI to configure encryption controls for your buckets. To learn more, see the [AWS Storage Blog post](https://aws.amazon.com/blogs/storage/advanced-notice-amazon-s3-to-disable-the-use-of-sse-c-encryption-by-default-for-all-new-buckets-and-select-existing-buckets-in-april-2026/) or [default SSE-C setting for new S3 buckets FAQ](https://docs.aws.amazon.com/AmazonS3/latest/userguide/default-s3-c-encryption-setting-faq.html) in the S3 User Guide. For more information on the PutBucketEncryption API, visit the [S3 documentation](https://docs.aws.amazon.com/AmazonS3/latest/API/API%5FPutBucketEncryption.html).