Uploaded image for project: 'Documentation'
  1. Documentation
  2. DOCS-14706

[Atlas] AWS KMS encryption keys for customer key management with an AWS IAM role

    XMLWordPrintable

Details

    • Improvement
    • Status: Closed
    • Minor - P4
    • Resolution: Fixed
    • None
    • None
    • Atlas
    • None
    • 3
    • CET: Zombies (10-16 Aug 2021), CET: Axolotl (17-23 Aug 2021)
    • true

    Description

      Documentation Link - https://docs.atlas.mongodb.com/security-aws-kms/

      Hello Team,

      Recently, we have Introduced the ability to use an AWS IAM role to authorize Atlas to access: - AWS KMS encryption keys for customer key management as documented here.

      Therefore, customer cannot use an AWS IAM user for new clusters anymore.

      However, I still can see that our document mentions about an IAM user. Therefore, could you please update our document accordingly to change it to an AWS IAM role.

      For example)

      Have an AWS IAM user with sufficient privileges. 
      

      In addition to that, can you please add an note to make sure that the new IAM role can access the old CMK when switching their Atlas project from credentials-based access to role-based access to their encryption keys AND changing the CMK at the same time? I have a customer who had an issue when switching credential based encryption at rest to role based encryption at rest AND the KMS keys were also being switched from the old keys as the new IAM role didn't have privileges to access the old CMK.

      Attachments

        Activity

          People

            zach.carr@mongodb.com Zachary Carr
            seunghyoung.lee@mongodb.com Seunghyoung Lee
            Zachary Carr Zachary Carr
            Seunghyoung Lee
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:
              1 year, 15 weeks, 5 days ago