Amazon S3 adds new bucket-level setting to standardize encryption types used in your buckets
News
This article announces a new Amazon S3 bucket-level encryption configuration setting that standardizes server-side encryption types across buckets.
- Enforce SSE-S3 or SSE-KMS encryption for all write requests to buckets
- Disable server-side encryption with customer-provided keys (SSE-C) on specific buckets
- Configure via PutBucketEncryption API using AWS Management Console, SDK, API, or CLI
- Available in all AWS Regions immediately
- Helps standardize encryption types and improve security compliance
This enhancement allows organizations to enforce consistent encryption policies across their S3 buckets, preventing the use of less standardized encryption methods.
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
Related articles
Nov 19
2025
2025
Advanced notice: Amazon S3 to disable the use of SSE-C encryption by default for all new buckets and select existing buckets in April 2026
Apr 6
2026
2026
Amazon S3 starts rolling out new security best practice to new and existing buckets by default
Jan 30
2026
2026
Change the server-side encryption type of Amazon S3 objects
Apr 16
2025
2025
Amazon S3 Tables now support server-side encryption using AWS KMS with customer-managed keys
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.