The Threat Stack Cloud Security PlatformⓇ (CSP) supports the export of batched files to an AWS S3 bucket with KMS Encryption-managed keys. There are no additional permissions needed. See the Amazon KMS Encryption documentation for configuration instructions.
Enable your custom or customer-managed KMS Encryption key is before you configure the Threat Stack CSP data portability integration. If you add KMS Encryption to your S3 bucket after you integrate data portability, then you must re-enroll the KMS encrypted S3 bucket through the Threat Stack API.
The Threat Stack CSP also supports the export of batched files to an AWS S3 bucket with S3-managed encryption.