Queryable Encryption with AWS KMS question regarding "region"

Good Evening,

I’m trying to test queryable encryption using AWS KMS. I am using the following documentation: https://www.mongodb.com/docs/manual/core/queryable-encryption/tutorials/aws/aws-automatic/#std-label-qe-tutorial-automatic-aws

I have a question regarding this step:

customerMasterKeyCredentials = {
key: process.env.AWS_KEY_ARN, // Your AWS Key ARN
region: process.env.AWS_KEY_REGION, // Your AWS Key Region

I have the ARN, but it is unclear what value I should I add for the “AWS Key Region” since AWS doesn’t provide a “Key Region” parameter. I’ve tried values: “WEST” and “Single Region” but neither works. Is someone able to give me examples of what values are possible for this parameter? It seems odd that we would specify “WEST” since that value could be extracted from the ARN.

Thanks for your help!


You can find the region of your AWS KMS key in the key’s ARN (Amazon Resource Name). The region is the part of the ARN.

In this case, the region value will be us-east-1

Thanks, Rishabh.

I did find that the region is optional since AWS provides it in the ARN. "
AWS region of your master key, e.g. “us-west-2”; required only if not specified in your ARN."

Now that makes sense since I had noticed it in the ARN.

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.