Simple Storage Service (S3) encrypts data at rest by default using managed keys (Server-Side Encryption with Amazon S3-Managed Keys - SSE-S3). Users do not need to manually enable this feature; it's applied automatically, ensuring data is protected as soon as it is uploaded. Other services, such as EC2 and RDS, offer encryption capabilities as well but require explicit enablement. AWS Key Management Service (KMS) is a service that manages encryption keys and is not a service that stores user data.