How to decrypt AWS KMS Double Encryption when downloading files from S3?

In our use case, S3 Bucket default server side encryption is set to use KMS.

We’re generating the RDS MSSQL DB transaction logs and storing into S3 using exec msdb.dbo.rds_tlog_backup_copy_to_S3 with @kms_key_arn parameter.

In the above scenario, the file resides inside is S3 is double encrypted. i.e. Encrypted first when storing the transaction logs to S3 by using msdb.dbo.rds_tlog_backup_copy_to_S3 with @kms_key_arn parameter. Re-encrypted again with S3 Bucket default server-side encryption is set to use KMS.

Our requirement is AWS KMS encrypted database backup need to be restored in an on-premises environment. The on-premises environment isn't aware of the AWS KMS key details because it's an external entity. So, we must decrypt the AWS KMS encrypted files prior to restoring.

We understand that we don't need to specify the AWS Key Management Service (AWS KMS) key ID when you download an SSE-KMS-encrypted object from an S3 bucket. Instead, we need the permission to decrypt the AWS KMS key. We've this IAM permission policies in place. However, our S3 transaction backup log file objects are double decrypted. By using this IAM decrypt permission policies in place, its decrypted only once which was encrypted by SSE-KMS and I could not find the solution to decrypt the file which was encrypted by using msdb.dbo.rds_tlog_backup_copy_to_S3 with @kms_key_arn parameter. - Could you pls suggest any solution on this? Thanks.