Changelog for AWS KMS key policies

As part of our ongoing work to make Atlassian Cloud more scalable, reliable, and resilient, earlier versions of AWS KMS key policy template may become insufficient to support upcoming cloud changes.

When we introduce a breaking change, we’ll:

explain what is changing
provide a transition window so you can update your key policy
document timelines and may provide assistance as needed during such transitions

This changelog page:

tracks required updates to your AWS KMS key policies used with Atlassian cloud
is for customers who use Customer-managed keys (CMK) encryption, not Bring Your Own Key (BYOK). What is CMK encryption?

To modify your AWS KMS key policy, follow the AWS instructions for editing key policies.

変更履歴

The table below includes historically published CMK key policy versions.

Active - the most recent and stable version.
Supported - no longer the suggested version, but remain stable and supported.
Deprecated - no longer supported, for reference only.

VERSION (バージョン)	新着情報	互換性	ステータス	Publish date
V2	Support for AWS high-performance Elastic Block Store (EBS)	Requires policy V1 → V2 update within transition window	アクティブ	2025年11月 3日)
V1	Initial version	(no prior versions)	Supported until June 30, 2026	2025 年 4 月 1 日

Scroll down this page to see further details of each version.

The primary instruction page Set up AWS account and create a KMS key policy always refers to the latest template versions.

You can use either /latest/ or the most recent version number to access the most up-to-date templates. For example:

Latest key policy template: https://cmk-atlassian.s3.amazonaws.com/latest/atlassian-cmk-key-template.json
Latest CloudFormation template: https://cmk-atlassian.s3.amazonaws.com/latest/atlassian-cmk-key-template-cf.json

V2

説明	Support Elastic Block Store (EBS) due to Atlassian cloud infrastructure change.
アクティブ	November 3, 2025
Key policy template	https://cmk-atlassian.s3.amazonaws.com/v2/atlassian-cmk-key-template.json
Further details	This code has been added in this version: `{` `"Sid": "AwsManagedServiceEBS",` `"Effect": "Allow",` `"Principal": "",` `"Action": [` `"kms:CreateGrant",` `"kms:GenerateDataKeyWithoutPlaintext",` `"kms:ReEncrypt"` `],` `"Resource": "",` `"Condition": {` `"StringEquals": {` `"kms:ViaService": "ec2.${AWS::Region}.amazonaws.com"` `},` `"ForAnyValue:StringEquals": {` `"kms:EncryptionContextKeys": "aws:ebs:id"` `},` `"ForAnyValue:StringLike": {` `"aws:PrincipalOrgPaths": [` `"o-rab3nm4fez//ou-6ypf-c369q98l/*"` `]` `}` `}` `}`
CloudFormation template	https://cmk-atlassian.s3.amazonaws.com/v2/atlassian-cmk-key-template-cf.json

V1

説明	Initial Key policies for CMK.
アクティブ	April 1, 2025 – November 3, 2025
サポート対象	November 3, 2025
Key policy template	https://cmk-atlassian.s3.amazonaws.com/v1/atlassian-cmk-key-template.json
CloudFormation template	https://cmk-atlassian.s3.amazonaws.com/v1/atlassian-cmk-key-template-cf.json

この内容はお役に立ちましたか?

正確ではなかった明確ではなかった関係なかった

さらにヘルプが必要ですか?

アトラシアンコミュニティをご利用ください。

コミュニティに質問