I’d guess that the top tier of S3 physical storage is all SSD, and hardware-driven encryption on such devices is virtually free, as well as desirable for lifecycle reasons.
To allow this to double as ”user level” encryption you need to coordinate & manage the keys used vs. just picking something random when the drive is formatted. This is how Apple’s and others’ full-disk encryption has worked for years.
To allow this to double as ”user level” encryption you need to coordinate & manage the keys used vs. just picking something random when the drive is formatted. This is how Apple’s and others’ full-disk encryption has worked for years.