AWS AmazonS3 documentation change
Summary
Updated SSE-C default setting announcement to reflect completed deployment status and removed future-tense language.
Security assessment
This change only updates temporal references (e.g., changing 'will deploy' to 'deployed') without modifying security guidance, best practices, or threat information. No evidence of vulnerability remediation or new security content exists beyond reflecting a completed rollout timeline.
Diff
diff --git a/AmazonS3/latest/userguide/security.md b/AmazonS3/latest/userguide/security.md index ab140dfd5..46c58b298 100644 --- a//AmazonS3/latest/userguide/security.md +++ b//AmazonS3/latest/userguide/security.md @@ -11,3 +11 @@ -As [announced on November 19, 2025](https://aws.amazon.com/blogs/storage/advanced-notice-amazon-s3-to-disable-the-use-of-sse-c-encryption-by-default-for-all-new-buckets-and-select-existing-buckets-in-april-2026/), Amazon Simple Storage Service is deploying a new default bucket security setting that automatically disables server-side encryption with customer-provided keys (SSE-C) for all new general purpose buckets. For existing buckets in AWS accounts with no SSE-C encrypted objects, Amazon S3 will also disable SSE-C for all new write requests. For AWS accounts with SSE-C usage, Amazon S3 will not change the bucket encryption configuration on any of the existing buckets in those accounts. This deployment started on April 6, 2026, and will complete over the next few weeks in 37 AWS Regions, including the AWS China and AWS GovCloud (US) Regions. - -With these changes, applications that need SSE-C encryption must deliberately enable SSE-C by using the [PutBucketEncryption](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketEncryption.html) API operation after creating a new bucket. For more information about this change, see [Default SSE-C setting for new buckets FAQ](./default-s3-c-encryption-setting-faq.html). +Amazon Simple Storage Service now applies a new default bucket security setting that automatically disables server-side encryption with customer-provided keys (SSE-C) for all new general purpose buckets. In April 2026, Amazon S3 deployed an update so all new general purpose buckets have SSE-C encryption disabled for all new write requests. For existing buckets in AWS accounts with no SSE-C encrypted objects, Amazon S3 also disabled SSE-C for all new write requests. With this change, applications that need SSE-C encryption must deliberately enable SSE-C by using the [PutBucketEncryption](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketEncryption.html) API operation after creating a new bucket. For more information about this change, see [Default SSE-C setting for new buckets FAQ](./default-s3-c-encryption-setting-faq.html).