now u dont only need access to the object itslef, but also to the underlying KMS key that was used
each time api is called, it adds to the quota limit, so if u make a lot of calls, to masla hosakta hai, hence if use case says highly reqeusted servcies so just avoid it
With server-side encryption with customer-provided keys (SSE-C), you manage the encryption keys, and Amazon S3 manages the encryption as it writes to disks and the decryption when you access your objects
You provide the encryption keys, but the server handles the actual encryption and decryption processes. You need to manage and securely store the keys yourself.
When you upload data, you provide the encryption key, and the server uses it to encrypt the data before storing it. When you retrieve the data, you provide the same key to decrypt it