AWS S3 Server side encryption Access denied error

When you copy files from one S3 bucket in account A using credentials of account A to a bucket in account B, the owner of the files in the destination bucket will be account A. (Account A is the principal that created the files in account B's bucket).

During the file copy from source to destination bucket, add the --acl bucket-owner-full-control option so that account B can control the files. Otherwise you might have files in account B's bucket that account B cannot access or control.

Another option is to use the credentials of account B to copy from the source to the destination bucket. This way the owner of the copied files is account B.

Solution provided by John Hanely works, but that does not immediately change the ownership. You would need to execute a separate command to change it

First Step:

aws s3 cp s3://yourbucket s3://yourbucket --recursive --acl bucket-owner-full-control

Second Step:

aws s3 cp s3://yourbucket s3://yourbucket --recursive --metadata-directive REPLACE

Notice --meta-directive REPLACE

You should replace the files and the metadata together this way --

aws s3 cp s3://yourbucket s3://yourbucket --recursive --acl bucket-owner-full-control --metadata-directive REPLACE