As described in “Data Encryption Demystified“, we can use KMS keys to encrypt objects in S3 buckets. This article explains how you can use Boto3 to create KMS keys and use these keys to encrypt S3 objects. One of the biggest advantages of using KMS keys over other encryption methods is that this approach can help meet encryption related compliance requirements. There are two ways to create KMS keys. You can either use AWS console to create KMS keys, or, you can use AWS APIs to create KMS keys.
BOTO3 libraries provide an easy way to create KMS keys/aliases. The KMS keys can be then used to encrypt S3 objects during put operations.