What problem are you trying to solve?

Focus on the what and why of the need you have, not the how you'd like it solved.

Atlas keeps incrementing a rotation age counter (>365, >700 days) for AWS CMKs with automatic rotation enabled because the Key ID/ARN doesn’t change. This produces false-positive overdue rotation alerts and forces teams either to ignore, disable, or manually rotate keys just to clear the alert.

What would you like to see happen?

Describe the desired outcome or enhancement.

Atlas should detect AWS KMS automatic key material rotation (e.g. via ListKeyRotations) and update a “last rotated” timestamp, resetting or suppressing the generic elapsed‑time alert. Alert logic should be based on actual rotation events, not just time since initial CMK association.

Why is this important to you or your team?

Explain how the request adds value or solves a business need.

• Eliminates misleading security alerts and alert fatigue.

• Provides clean evidence for audits and compliance without manual explanation.

• Improves trust in Atlas’ encryption at rest monitoring.

What steps, if any, are you taking today to manage this problem?

• Verifying rotation via AWS KMS.

• Manually documenting rotation dates internally.

• Considering disabling or extending the Atlas rotation alert to avoid noise.