Support for customer-managed keys (CMK) on the volume-level instead of Encryption-at-Rest
For some customers managing a set of low-latency workloads is crucial, so volume-based encryption using their own KMS encryption keys is preferred over the encryption-at-rest feature of the WiredTiger storage engine. https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-modifying-external-accounts.html
The support is required for clusters, their backups and Atlas Data Lake.
3
votes
![](https://secure.gravatar.com/avatar/bbcf42f83c49e11e3ab269c2bd13835d?size=40&default=https%3A%2F%2Fassets.uvcdn.com%2Fpkg%2Fadmin%2Ficons%2Fuser_70-6bcf9e08938533adb9bac95c3e487cb2a6d4a32f890ca6fdc82e3072e0ea0368.png)