A developer has created a new IAM user that has the s3:PutObject permission to write to a specific Amazon S3 bucket. The S3 bucket uses server-side encryption with AWS KMS managed keys (SSE-KMS) as the default encryption. When an application uses the access key and secret key of the IAM user to call the PutObject API operation, the application receives an access denied error.
What should the developer do to resolve this error?

A. Update the policy of the IAM user to allow the s3:EncryptionConfiguration action.
B. Update the bucket policy of the S3 bucket to allow the IAM user to upload objects.
C. Update the policy of the IAM user to allow the kms:GenerateDataKey action.
D. Update the ACL of the S3 bucket to allow the IAM user to upload objects.