S3 bucket default encryption for object uploads

Starting January 5, 2023, the automatic encryption status for S3 bucket default encryption configuration and all new object uploads is visible in AWS CloudTrail logs across all AWS Regions, including the AWS GovCloud (US) Regions and the AWS China Regions. Over the next few weeks, we will roll out this automatic encryption status to the Amazon S3 console, S3 Inventory, S3 Storage Lens, and Amazon S3 API responses in the AWS CLI and AWS SDKs in all Regions. During the next few weeks, the automatic encryption status will also be rolled out to the Amazon S3 console, S3 Inventory, S3 Storage Lens, and as an additional Amazon S3 API response header in the AWS Command Line Interface and AWS SDKs. When this update is complete in all AWS Regions, we will update the documentation.

Will Amazon S3 encrypt my existing objects that are unencrypted? No. Beginning on January 5, 2023, Amazon S3 only automatically encrypts new object uploads. To encrypt existing objects, you can use S3 Batch Operations to create encrypted copies of your objects. These encrypted copies will retain the existing object data and name and will be encrypted by using the encryption keys that you specify.

Above answers referenced from: https://docs.aws.amazon.com/AmazonS3/latest/userguide/default-encryption-faq.html