I am working on implementing a functionality in my client application to programmatically or using CLI upload image file in S3 bucket by passing KMS keys only. This would be a generic functionality and available to all the users of the application .The client is sceptical about giving his IAM root or service account access and secret key details for programatic implementation in application .
Please suggest for industry standards and AWS principals for implementing such kind of upload functionalities.