I have two quick questions for you. First, are you using the Enterprise version of Dremio? I believe this is the only one that supports the use of KMS encryption.
Second, have you verified that the core-site.xml is on all nodes (if you have multiple nodes)?
If you have checked both of these things, have you validated that you all the AWS s3 calls listed on the docs are available to your account that is configured for access? A 403 from AWS to me usually means there is a permission issue if all other bits of the configuration are correct.
We are on the AWS community edition v 24. So i guess, straight off that means KMS encryption is not supported.
We are using a single node instance, but we do have the customization.sh script etc. run so that it can copy to all nodes, if we choose to, but we think that option is unlikely.
I was looking at the distributed config page because that was the only place KMS encryption was mentioned. I was basically wanting use KMS encryption of the S3 bucket where the reflections get built. But it looks like this option does not exist for the community edition.