How to turn off encryption for an object in AWS s3 bucket via CLI?

Question

I'm trying to verify my S3 bucket in Google Console to investigate, why it's URL was marked as potentially harmful in Google Safe Browsing.

The only method, which is possible with S3 bucket for verification, is HTML file. As far as I understood for the verification, I need the file to be publicly accessible without any additional headers/authorization url query and such things with direct url like https://{bucket}.s3.amazonaws.com/google{personal_id}.html

I allowed public access to bucket objects with ACL. But it is still not downloadable because of KMS default encryption with following error:

<Error>
    <Code>InvalidArgument</Code>
    <Message>
        Requests specifying Server Side Encryption with AWS KMS managed keys require AWS Signature Version 4.
    </Message>
    <ArgumentName>Authorization</ArgumentName>
    <ArgumentValue>null</ArgumentValue>
    <RequestId>D99DE7A5CA2AAFC3</RequestId>
    <HostId>
         3Wot7SGS0sVmiaPz3Fj5riyWKzPxCRpYaQEk13FUjOdS0O4881txJ0Ze1mkmfIgZqon7te+8eWI=
    </HostId>
</Error>

I found how to turn off KMS encryption for an object without touching default encryption of a bucket in Aws Console:

I can go to the object's properties and select encryption "None". After that the object is finally downloadable. But I can't find how to do the same in AWS CLI. put-object command allows only to set up enryption SHA256 and KMS, but it doesn't allow none.

So the question is: How to change existing s3 object encryption to "None" using AWS CLI?

Answer 1

The only way to change the existing s3 object encryption to "None" is to re-PUT the object without encryption.