The App Infrastructure Protection (AIP) Cloud Security PlatformⓇ (CSP) supports the export of batched files to an AWS S3 bucket with KMS Encryption-managed keys. There are no additional permissions needed. See the Amazon KMS Encryption documentation for configuration instructions.
Enable your custom or customer-managed KMS Encryption key before you configure the AIP CSP data portability integration. If you add KMS Encryption to your S3 bucket after you integrate data portability, then you must re-enroll the KMS encrypted S3 bucket through the AIP API.
The AIP CSP also supports the export of batched files to an AWS S3 bucket with S3-managed encryption.