AWS S3: multipart upload (5MB+) fails when encryption is enabled with SSE-S3

[nazarewk]

Summary

This issue is mostly to report an error and give a way to fix it for people encountering it in future.

I tried to use SSE-S3 encryption by setting up s3.encryptionOptions.enableEncryption (and no other options) and got consistens errors on multipart uploads (minio client splits 5+MB uploads automagically) with failed to put file: x-amz-server-side-encryption header is not supported for this operation. .

I tried tracking it down to minio/minio-go#1776 , but the fix was really simple: just don't enable encryption as it is always-on with no option to disable on AWS S3 anymore:

Amazon S3 now applies server-side encryption with Amazon S3 managed keys (SSE-S3) as the base level of encryption for every bucket in Amazon S3. Starting January 5, 2023, all new object uploads to Amazon S3 are automatically encrypted at no additional cost and with no impact on performance. The automatic encryption status for S3 bucket default encryption configuration and for new object uploads is available in AWS CloudTrail logs, S3 Inventory, S3 Storage Lens, the Amazon S3 console, and as an additional Amazon S3 API response header in the AWS Command Line Interface and AWS SDKs. For more information, see Default encryption FAQ.

This could be documented somewhere unless it's a temporary AWS hiccup to fail when specifying it on multipart upload explicitly.

[nazarewk]

FYI: the fix landed in minio/minio-go#1777 , pending release