What is the difference between choosing Encryption at the S3 bucket level rather than individual object level? By selecting encryption at the bucket level, it seems intuitive that encryption would be applied to all bucket objects. However, that doesnt appear to be the case.
Choosing between bucket-level and object-level encryption is more of a design and/or requirement decision. However, if you are mainly concerned about the behaviour/effect of enabling bucket-level encryption, the effect is NOT retroactive, as far as the existing objects in the bucket is concerned.
That is, existing objects in the bucket which were not encrypted prior to the bucket encryption being enabled will remain unencrypted – only new/subsequent objects will be impacted.