Many enterprises have security standards around s3 buckets including requiring encryption. Currently, Chef A2 backup to S3 does not allow for this.
# this fails when kms encryption is enabled
chef-automate backup create
# likewise, this aws s3 command fails
aws s3 cp /tmp/hi.txt s3://acme-chefautomate/
# while this one, with just one simple '--flag option' added, succeeds
aws s3 cp /tmp/hi.txt s3://acme-chefautomate/ --sse aws:kms
Please consider adding at least the equivalent of an option for "--sse aws:kms" to the s3 backup config settings. Feels like this should be a very low hanging fruit thing to do.