[DOCS-14706] [Atlas] AWS KMS encryption keys for customer key management with an AWS IAM role Created: 04/Aug/21 Updated: 29/Oct/23 Resolved: 20/Aug/21 |
|
| Status: | Closed |
| Project: | Documentation |
| Component/s: | Atlas |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Improvement | Priority: | Minor - P4 |
| Reporter: | Seunghyoung Lee | Assignee: | Zachary Carr |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Participants: | |
| Days since reply: | 2 years, 24 weeks, 5 days ago |
| Story Points: | 3 |
| Description |
|
Documentation Link - https://docs.atlas.mongodb.com/security-aws-kms/ Hello Team, Recently, we have Introduced the ability to use an AWS IAM role to authorize Atlas to access: - AWS KMS encryption keys for customer key management as documented here. Therefore, customer cannot use an AWS IAM user for new clusters anymore. However, I still can see that our document mentions about an IAM user. Therefore, could you please update our document accordingly to change it to an AWS IAM role. For example)
In addition to that, can you please add an note to make sure that the new IAM role can access the old CMK when switching their Atlas project from credentials-based access to role-based access to their encryption keys AND changing the CMK at the same time? I have a customer who had an issue when switching credential based encryption at rest to role based encryption at rest AND the KMS keys were also being switched from the old keys as the new IAM role didn't have privileges to access the old CMK. |
| Comments |
| Comment by Zachary Carr [ 20/Aug/21 ] |
|
Merged to master, to be published later today. |
| Comment by Zachary Carr [ 20/Aug/21 ] |
|
Thank you! |
| Comment by Seunghyoung Lee [ 20/Aug/21 ] |
|
Hi zach.carr, thanks for looking into this and updating our documentation accordingly. Yes, they're accurate. LGTM! |
| Comment by Zachary Carr [ 18/Aug/21 ] |
|
HI seunghyoung.lee, thanks for filing this! I made these changes in this PR, would you mind taking a look whenever you have some time to confirm they're accurate? Thank you! |