If you are using customer managed KMS keys for encrypting data on S3 you must then specify the server-side-encryption option

s3-object-upload.sh

#!/bin/bash

# MUST specify --server-side-encryption aws:kms if you are using customer managed
# encryption keys. Not needed if using S3 default encryption keys

aws s3api put-object --bucket bucket --key objectKey --body /path/to/file --server-side-encryption aws:kms