AWS Key Management Service (KMS) Encryption
The AWS name is Server-Side Encryption with AWS KMS Managed Keys (SSE-KMS).
SSE-KMS is similar to SSE-S3, but with some additional benefits plus additional charges for using this service. There are separate permissions for the use of an envelope key (that is, a key that protects your data's encryption key) that provides added protection against unauthorized access to your content in S3. SSE-KMS also provides an audit trail of when your key was used and by whom. You also have the option to create and manage encryption keys yourself, or use a default key that is unique to you, the service you're using, and the region you're working in.
For more information, see Protecting Data Using Server-Side Encryption with AWS KMS-Managed Keys (SSE-KMS).
Customer-Provided Key Encryption
The AWS name is Server-Side Encryption with Customer-Provided Keys (SSE-C). This type of key allows you to protect your data at rest, setting your own encryption keys.
This option isn't supported by the S3 Connector.
For more information, see Protecting Data Using Server-Side Encryption with Customer-Provided Encryption Keys (SSE-C).
AWS Managed Encryption
This is the default encryption mechanism for the S3 Connector. The AWS name is S3-Managed Encryption Keys (SSE-S3).
Amazon S3 encrypts each object with a unique key. As an additional safeguard, it encrypts the key itself with a master key that it regularly rotates. Amazon S3 server-side encryption uses one of the strongest block ciphers available, 256-bit Advanced Encryption Standard (AES-256), to encrypt data.
For more information, see Protecting Data Using Server-Side Encryption with Amazon S3-Managed Encryption Keys (SSE-S3).
Storing your content unencrypted isn't recommended.