Amazon S3 now automatically applies S3 managed server-side encryption (SSE-S3) as a base level of encryption to all new objects added to S3, at no additional cost and with no impact on performance. SSE-S3 uses 256-bit Advanced Encryption Standard and has been configured for trillions of objects by customers. This new base level of encryption helps customers meet their encryption requirements, with no changes to applications. Alternatively, customers can still choose to update this default configuration using customer-provided encryption keys (SSE-C) or AWS Key Management Service keys (SSE-KMS).
Source:: Amazon AWS