diff --git a/internal/service/securitylake/data_lake.go b/internal/service/securitylake/data_lake.go
index 08620d3a4769..5f9a8e64230f 100644
--- a/internal/service/securitylake/data_lake.go
+++ b/internal/service/securitylake/data_lake.go
@@ -21,8 +21,8 @@ import (
 	"github.com/hashicorp/terraform-plugin-framework/path"
 	"github.com/hashicorp/terraform-plugin-framework/resource"
 	"github.com/hashicorp/terraform-plugin-framework/resource/schema"
+	"github.com/hashicorp/terraform-plugin-framework/resource/schema/listplanmodifier"
 	"github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier"
-	"github.com/hashicorp/terraform-plugin-framework/resource/schema/stringdefault"
 	"github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier"
 	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
 	"github.com/hashicorp/terraform-plugin-framework/types"
@@ -85,19 +85,20 @@ func (r *resourceDataLake) Schema(ctx context.Context, req resource.SchemaReques
 						"region": schema.StringAttribute{
 							Required: true,
 						},
-					},
-					Blocks: map[string]schema.Block{
-						"encryption_configuration": schema.ListNestedBlock{
-							NestedObject: schema.NestedBlockObject{
-								Attributes: map[string]schema.Attribute{
-									"kms_key_id": schema.StringAttribute{
-										Optional: true,
-										Computed: true,
-										Default:  stringdefault.StaticString("S3_MANAGED_KEY"),
-									},
+						"encryption_configuration": schema.ListAttribute{
+							Computed: true,
+							Optional: true,
+							ElementType: types.ObjectType{
+								AttrTypes: map[string]attr.Type{
+									"kms_key_id": types.StringType,
 								},
 							},
+							PlanModifiers: []planmodifier.List{
+								listplanmodifier.UseStateForUnknown(),
+							},
 						},
+					},
+					Blocks: map[string]schema.Block{
 						"lifecycle_configuration": schema.ListNestedBlock{
 							Validators: []validator.List{
 								listvalidator.SizeAtMost(1),
diff --git a/internal/service/securitylake/data_lake_test.go b/internal/service/securitylake/data_lake_test.go
index 340dcae41704..95a4d164eb96 100644
--- a/internal/service/securitylake/data_lake_test.go
+++ b/internal/service/securitylake/data_lake_test.go
@@ -305,6 +305,8 @@ func testAccDataLakeConfigBaseConfig(rName string) string {
 	return fmt.Sprintf(`
 
 
+
+
 data "aws_caller_identity" "current" {}
 
 resource "aws_iam_role" "meta_store_manager" {
@@ -467,6 +469,28 @@ resource "aws_iam_role_policy" "datalake_s3_replication" {
 }
   EOF
 }
+
+resource "aws_kms_key" "test" {
+  description = %[1]q
+
+  policy = jsonencode({
+    Version = "2012-10-17"
+    Id      = %[1]q
+
+    Statement = [{
+      Sid      = "Enable IAM User Permissions"
+      Effect   = "Allow"
+      Action   = "kms:*"
+      Resource = "*"
+
+      Principal = {
+        AWS = "*"
+      }
+    }]
+  })
+}
+
+
 `, rName)
 }
 
@@ -479,10 +503,6 @@ resource "aws_securitylake_data_lake" "test" {
 
   configurations {
     region = "eu-west-1"
-
-    encryption_configuration {
-      kms_key_id = "S3_MANAGED_KEY"
-    }
   }
   tags = {
     Name = %[1]q