TL;DR
AWS launches UpdateObjectEncryption API allowing atomic encryption type changes on S3 objects without data movement, supporting compliance migrations at scale.
Key Points
- Atomic encryption key changes for objects of any size or storage class without data movement
- Migrate from SSE-S3 to SSE-KMS or swap customer-managed KMS keys for compliance requirements
- S3 Batch Operations support enables standardization across entire buckets while preserving object properties and lifecycle eligibility
- Available in all AWS regions via AWS Management Console and latest SDKs
Why It Matters
This eliminates a major operational burden for organizations managing compliance migrations—previously, changing encryption types required copying objects, consuming bandwidth and KMS quota. In-place encryption updates enable teams to meet increasingly stringent audit requirements and implement custom key rotation standards without service disruption or data movement overhead.
Source: aws.amazon.com