enable S3 ServerSideEncryption for all writes. S3 doesn't charge any extra for using encryption and there's no reason not to. AES256 using the S3 managed keys are used by default but can be changed to use KMS keys be setting the ENV variables ServerSideEncryption='aws:kms' and SSEKMSKeyId=kms-key-id
enable S3 ServerSideEncryption for all writes. S3 doesn't charge any extra for using encryption and there's no reason not to. AES256 using the S3 managed keys are used by default but can be changed to use KMS keys be setting the ENV variables ServerSideEncryption='aws:kms' and SSEKMSKeyId=kms-key-id