As per the documentation:
Amazon S3 Bucket Keys reduce the cost of Amazon S3 server-side encryption using AWS Key Management Service (SSE-KMS). This new bucket-level key for SSE can reduce AWS KMS request costs by up to 99 percent by decreasing the request traffic from Amazon S3 to AWS KMS. With a few clicks in the AWS Management Console, and without any changes to your client applications, you can configure your bucket to use an S3 Bucket Key for AWS KMS-based encryption on new objects.
The documentation notes a couple scenarios to be aware of before enabling the feature, but doesn't list any reasons why you overall would disable it... so why is it even an option?
I can't think of any use-case where a user would want this disabled (if they are already using KMS). Any ideas?
This bucket key is under control of AWS. The AWS customer using the S3 bucket cannot control when the key is rotated or disabled, among other things. It is indeed very convenient for AWS to manage all the key-related activities without the customer needing to worry about them, and AWS uses very strong keys.
An organization's Information Security (InfoSec) team may require all encryption to be performed by keys under the control of the organization. An AWS-controlled key may not be good enough. In this situation, the InfoSec team may dictate that customer-managed keys must be used, ruling out the type of key you are asking about.