diff --git a/policy/action.go b/policy/action.go
index 5d6a996..1b43079 100644
--- a/policy/action.go
+++ b/policy/action.go
@@ -175,6 +175,9 @@ const (
 	// DeleteObjectTaggingAction - Delete Object Tags API action
 	DeleteObjectTaggingAction = "s3:DeleteObjectTagging"
 
+	// UpdateObjectEncryptionAction - UpdateObjectEncryption REST API action
+	UpdateObjectEncryptionAction = "s3:UpdateObjectEncryption"
+
 	// PutBucketEncryptionAction - PutBucketEncryption REST API action
 	PutBucketEncryptionAction = "s3:PutEncryptionConfiguration"
 
@@ -276,6 +279,7 @@ var SupportedActions = map[Action]struct{}{
 	GetObjectTaggingAction:                 {},
 	PutObjectTaggingAction:                 {},
 	DeleteObjectTaggingAction:              {},
+	UpdateObjectEncryptionAction:           {},
 	PutBucketEncryptionAction:              {},
 	GetBucketEncryptionAction:              {},
 	PutBucketVersioningAction:              {},
@@ -311,6 +315,7 @@ var SupportedObjectActions = map[Action]struct{}{
 	GetObjectTaggingAction:               {},
 	PutObjectTaggingAction:               {},
 	DeleteObjectTaggingAction:            {},
+	UpdateObjectEncryptionAction:         {},
 	GetObjectVersionAction:               {},
 	GetObjectVersionTaggingAction:        {},
 	DeleteObjectVersionAction:            {},
@@ -532,6 +537,14 @@ func createActionConditionKeyMap() ActionConditionKeyMap {
 				condition.ExistingObjectTag.ToKey(),
 			}, commonKeys...)...),
 
+		UpdateObjectEncryptionAction: condition.NewKeySet(
+			append([]condition.Key{
+				condition.S3XAmzServerSideEncryption.ToKey(),
+				condition.S3XAmzServerSideEncryptionCustomerAlgorithm.ToKey(),
+				condition.S3XAmzServerSideEncryptionAwsKmsKeyID.ToKey(),
+				condition.S3VersionID.ToKey(),
+			}, commonKeys...)...),
+
 		PutObjectVersionTaggingAction: condition.NewKeySet(
 			append([]condition.Key{
 				condition.S3VersionID.ToKey(),