Currently, we do not support re-encryption with keys from separate AWS accounts. If a customer wants to re-encrypt with a new key from a different AWS account, they must delete their site and existing encryption policy. Then, they need to create a new encryption policy with the new account and keys and contact Atlassian to provision the sites again.

Instead, it would be more seamless if Atlassian Support handled re-encryption with keys from different AWS accounts.