When you are uploading objects or creating a copy of an existing object, you can encrypt your data by adding the
x-amz-server-side-encryption header to the request.
You can specify server-side encryption using REST APIs and AWS SDKs that support wrapper API to request server-side encryption. In addition, you can use the AWS management console to upload objects and request server-side encryption.
Regarding server-side encryption, Amazon S3 encrypts your data at the object level with three options to manage the encryption keys: