AWS is discontinuing its SSE-C encryption for S3, a feature that allowed users to manage their own encryption keys. While not widely adopted, it was exploited in a ransomware scheme, prompting the decision to remove it. The article outlines alternatives like KMS and client-side encryption.

Amazon S3 now allows users to change the server-side encryption type of existing objects without moving data. You can use the UpdateObjectEncryption API to switch between encryption methods, such as from SSE-S3 to SSE-KMS, and apply these changes at scale with S3 Batch Operations. This is particularly useful for meeting compliance and security standards.