Kotlin 带有SSE bucket的S3 PutObject使用aws/S3 KMS密钥id，而不是与bucket关联的CMK

我正在尝试从Android设备上传到启用SSE的S3 bucket

我尝试了以下方法：

val file = File(filePath)
val putRequest = PutObjectRequest(bucket, key, file)
s3Client.putObject(putRequest)

该对象确实已上载到指定位置，并且具有正确的CMK，但

putObject

call抛出“无法验证数据上载的完整性。客户端计算的内容哈希与Amazon S3计算的哈希不匹配”

要避免此错误，我可以运行：

val file = File(filePath)
val putRequest = PutObjectRequest(bucket, key, file)
ServiceUtils.skipMd5CheckPerRequest(putRequest)
s3Client.putObject(putRequest)

它会引发相同的错误，因为

skipd5checkperrequest

要求初始化PutRequest元数据。
所以我试着：

val file = File(filePath)
val metadata = ObjectMetadata()
metadata.sseAlgorithm = SSEAlgorithm.KMS.algorithm
val putRequest = PutObjectRequest(bucket, key, file)
   .withMetadata(metadata)
ServiceUtils.skipMd5CheckPerRequest(putRequest)
s3Client.putObject(putRequest)

现在，对象已成功上载，没有任何错误。但是，它是使用默认的S3 KMS密钥ID

aws/S3

加密的，而不是使用CF（下文）中存储桶定义中指定的

KMSMasterKeyID

CloudFormation中的Bucket定义：

"Type": "AWS::S3::Bucket",
"Properties": {
    "AccessControl": "BucketOwnerFullControl",
    "BucketEncryption": {
        "ServerSideEncryptionConfiguration": [
            {
                "ServerSideEncryptionByDefault": {
                    "KMSMasterKeyID": {
                        "Fn::GetAtt": [
                            "someidhere",
                            "Arn"
                        ]
                    },
                    "SSEAlgorithm": "aws:kms"
                }
            }
        ]
    },
    "BucketName": "mybucketname",
    "LifecycleConfiguration": {
        "Rules": [
            {
                "ExpirationInDays": 30,
                "Status": "Enabled"
            }
        ]
    },
    "PublicAccessBlockConfiguration": {
        "BlockPublicAcls": true,
        "BlockPublicPolicy": true,
        "IgnorePublicAcls": true,
        "RestrictPublicBuckets": true
    }
},
"UpdateReplacePolicy": "Retain",
"DeletionPolicy": "Retain",
"Metadata": {
    "aws:cdk:path": "path/to/cdk/CF-stack"
}