[DOCS-14706] [Atlas] AWS KMS encryption keys for customer key management with an AWS IAM role Created: 04/Aug/21  Updated: 29/Oct/23  Resolved: 20/Aug/21

Status: Closed
Project: Documentation
Component/s: Atlas
Affects Version/s: None
Fix Version/s: None

Type: Improvement Priority: Minor - P4
Reporter: Seunghyoung Lee Assignee: Zachary Carr
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Participants:
Days since reply: 2 years, 24 weeks, 5 days ago
Story Points: 3

 Description   

Documentation Link - https://docs.atlas.mongodb.com/security-aws-kms/

Hello Team,

Recently, we have Introduced the ability to use an AWS IAM role to authorize Atlas to access: - AWS KMS encryption keys for customer key management as documented here.

Therefore, customer cannot use an AWS IAM user for new clusters anymore.

However, I still can see that our document mentions about an IAM user. Therefore, could you please update our document accordingly to change it to an AWS IAM role.

For example)

Have an AWS IAM user with sufficient privileges. 

In addition to that, can you please add an note to make sure that the new IAM role can access the old CMK when switching their Atlas project from credentials-based access to role-based access to their encryption keys AND changing the CMK at the same time? I have a customer who had an issue when switching credential based encryption at rest to role based encryption at rest AND the KMS keys were also being switched from the old keys as the new IAM role didn't have privileges to access the old CMK.



 Comments   
Comment by Zachary Carr [ 20/Aug/21 ]

Merged to master, to be published later today.

Comment by Zachary Carr [ 20/Aug/21 ]

Thank you!

Comment by Seunghyoung Lee [ 20/Aug/21 ]

Hi zach.carr, thanks for looking into this and updating our documentation accordingly. Yes, they're accurate. LGTM! 

Comment by Zachary Carr [ 18/Aug/21 ]

HI seunghyoung.lee, thanks for filing this! I made these changes in this PR, would you mind taking a look whenever you have some time to confirm they're accurate? Thank you!

Generated at Thu Feb 08 08:11:00 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.