Warning on S3 Bucket Encryption no longer makes sense #633
Description
Issue #278 is really no longer applicable and W41 should be removed. All S3 buckets encrypt objects by default with the SSE-S3/AES256 algorithm if no encryption is specified when the bucket is created.
This also creates an issue with CloudFormation templates that will be deployed in the Security OU created by AWS Control Tower because the elective control AWS-GR_AUDIT_BUCKET_ENCRYPTION_ENABLED is enabled by default in that account. Having that control puts an explicit deny on s3:PutEncryptionConfiguration for everyone except the Control Tower service role. So CloudFormation templates that conform to this rule will fail in the Security OU, whereas non-conforming templates will succeed and still result in encrypted buckets.