Given that one has enabled encryption for a bucket, existent files in the bucket will not get encrypted. AWS suggest one to recursively copy over the files using the aws cli as
aws s3 cp s3://awsexamplebucket/ s3://awsexamplebucket/ --recursivewhich works perfectly if you have not enabled bucket versioning since it will replace the old file and use the default encryption to write the new file (one could specify the KMS key). Having versioning enabled the cp command won't replace the existing files but create a new version so one version will be non-encrypted while the new version will be encrypted. To address this one could use lifecycle rules to expire and delete old versions.
Another approach is to remove all old versions of the objects and only keep the latest version (the encrypted version) i.e. run the aws s3 cp command and then remove the old versions of the objects. This can b