diff --git a/lib/models/BucketInfo.js b/lib/models/BucketInfo.js
index 6ac543220..ff1d7ffb5 100644
--- a/lib/models/BucketInfo.js
+++ b/lib/models/BucketInfo.js
@@ -10,7 +10,7 @@ const NotificationConfiguration = require('./NotificationConfiguration');
 
 // WHEN UPDATING THIS NUMBER, UPDATE MODELVERSION.MD CHANGELOG
 // MODELVERSION.MD can be found in S3 repo: lib/metadata/ModelVersion.md
-const modelVersion = 13;
+const modelVersion = 14;
 
 class BucketInfo {
     /**
@@ -33,6 +33,8 @@ class BucketInfo {
     * algorithm to use
     * @param {string} serverSideEncryption.masterKeyId -
     * key to get master key
+    * @param {string} serverSideEncryption.configuredMasterKeyId -
+    * custom KMS key id specified by user
     * @param {boolean} serverSideEncryption.mandatory -
     * true for mandatory encryption
     * bucket has been made
@@ -90,12 +92,15 @@ class BucketInfo {
         }
         if (serverSideEncryption) {
             assert.strictEqual(typeof serverSideEncryption, 'object');
-            const { cryptoScheme, algorithm, masterKeyId, mandatory } =
-                serverSideEncryption;
+            const { cryptoScheme, algorithm, masterKeyId,
+                    configuredMasterKeyId, mandatory } = serverSideEncryption;
             assert.strictEqual(typeof cryptoScheme, 'number');
             assert.strictEqual(typeof algorithm, 'string');
             assert.strictEqual(typeof masterKeyId, 'string');
             assert.strictEqual(typeof mandatory, 'boolean');
+            if (configuredMasterKeyId !== undefined) {
+                assert.strictEqual(typeof configuredMasterKeyId, 'string');
+            }
         }
         if (versioningConfiguration) {
             assert.strictEqual(typeof versioningConfiguration, 'object');
diff --git a/lib/policyEvaluator/utils/actionMaps.js b/lib/policyEvaluator/utils/actionMaps.js
index a9061f029..e50e5b254 100644
--- a/lib/policyEvaluator/utils/actionMaps.js
+++ b/lib/policyEvaluator/utils/actionMaps.js
@@ -17,6 +17,7 @@ const sharedActionMap = {
     bucketHead: 's3:ListBucket',
     bucketPutACL: 's3:PutBucketAcl',
     bucketPutCors: 's3:PutBucketCORS',
+    bucketPutEncryption: 'PutBucketEncryption',
     bucketPutLifecycle: 's3:PutLifecycleConfiguration',
     bucketPutNotification: 's3:PutBucketNotificationConfiguration',
     bucketPutObjectLock: 's3:PutBucketObjectLockConfiguration',
@@ -104,6 +105,7 @@ const actionMonitoringMapS3 = {
     bucketPutPolicy: 'PutBucketPolicy',
     bucketPutReplication: 'PutBucketReplication',
     bucketPutVersioning: 'PutBucketVersioning',
+    bucketPutEncryption: 'PutBucketEncryption',
     bucketPutWebsite: 'PutBucketWebsite',
     completeMultipartUpload: 'CompleteMultipartUpload',
     initiateMultipartUpload: 'CreateMultipartUpload',
diff --git a/lib/s3routes/routes/routePUT.js b/lib/s3routes/routes/routePUT.js
index e7eb7e962..12a8cf242 100644
--- a/lib/s3routes/routes/routePUT.js
+++ b/lib/s3routes/routes/routePUT.js
@@ -80,6 +80,13 @@ function routePUT(request, response, api, log, statsClient) {
                     routesUtils.responseNoBody(err, corsHeaders, response, 200,
                         log);
                 });
+        } else if (request.query.encryption !== undefined) {
+            api.callApiMethod('bucketPutEncryption', request, response, log,
+            (err, corsHeaders) => {
+                routesUtils.statsReport500(err, statsClient);
+                return routesUtils.responseNoBody(err, corsHeaders,
+                    response, 200, log);
+            });
         } else {
             // PUT bucket
             return api.callApiMethod('bucketPut', request, response, log,