[NBJack]

I'm not sure if the author is aware that they can bring their own key material if they wish to KMS. The cost model is a little different, but you retain complete control of their life cycle across time and regions. It would seem to solve many of their pain points. Additionally, AWS recently added support for a user maintained keystore.

As for some of these statements (i.e. loss of key equals loss of data, re-encryption with a new key is expensive to go through an entire disk, etc.), that is exactly the point of encryption and holds true beyond the cloud. It is not meant to be trivial; it is a layer of security that trades convenience and often some level of performance.