AWS Key Management Service endpoints and quotas
The following are the service endpoints and service quotas for this service. To connect programmatically to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints. Service quotas, also referred to as limits, are the maximum number of service resources or operations for your AWS account. For more information, see AWS service quotas.
Service endpoints
| Region Name | Region | Endpoint | Protocol |
|---|---|---|---|
| US East (Ohio) | us-east-2 |
kms.us-east-2.amazonaws.com kms-fips.us-east-2.amazonaws.com |
HTTPS HTTPS |
| US East (N. Virginia) | us-east-1 |
kms.us-east-1.amazonaws.com kms-fips.us-east-1.amazonaws.com |
HTTPS HTTPS |
| US West (N. California) | us-west-1 |
kms.us-west-1.amazonaws.com kms-fips.us-west-1.amazonaws.com |
HTTPS HTTPS |
| US West (Oregon) | us-west-2 |
kms.us-west-2.amazonaws.com kms-fips.us-west-2.amazonaws.com |
HTTPS HTTPS |
| Africa (Cape Town) | af-south-1 |
kms.af-south-1.amazonaws.com kms-fips.af-south-1.amazonaws.com |
HTTPS HTTPS |
| Asia Pacific (Hong Kong) | ap-east-1 |
kms.ap-east-1.amazonaws.com kms-fips.ap-east-1.amazonaws.com |
HTTPS HTTPS |
| Asia Pacific (Mumbai) | ap-south-1 |
kms.ap-south-1.amazonaws.com kms-fips.ap-south-1.amazonaws.com |
HTTPS HTTPS |
| Asia Pacific (Osaka) | ap-northeast-3 |
kms.ap-northeast-3.amazonaws.com kms-fips.ap-northeast-3.amazonaws.com |
HTTPS HTTPS |
| Asia Pacific (Seoul) | ap-northeast-2 |
kms.ap-northeast-2.amazonaws.com kms-fips.ap-northeast-2.amazonaws.com |
HTTPS HTTPS |
| Asia Pacific (Singapore) | ap-southeast-1 |
kms.ap-southeast-1.amazonaws.com kms-fips.ap-southeast-1.amazonaws.com |
HTTPS HTTPS |
| Asia Pacific (Sydney) | ap-southeast-2 |
kms.ap-southeast-2.amazonaws.com kms-fips.ap-southeast-2.amazonaws.com |
HTTPS HTTPS |
| Asia Pacific (Tokyo) | ap-northeast-1 |
kms.ap-northeast-1.amazonaws.com kms-fips.ap-northeast-1.amazonaws.com |
HTTPS HTTPS |
| Canada (Central) | ca-central-1 |
kms.ca-central-1.amazonaws.com kms-fips.ca-central-1.amazonaws.com |
HTTPS HTTPS |
| Europe (Frankfurt) | eu-central-1 |
kms.eu-central-1.amazonaws.com kms-fips.eu-central-1.amazonaws.com |
HTTPS HTTPS |
| Europe (Ireland) | eu-west-1 |
kms.eu-west-1.amazonaws.com kms-fips.eu-west-1.amazonaws.com |
HTTPS HTTPS |
| Europe (London) | eu-west-2 |
kms.eu-west-2.amazonaws.com kms-fips.eu-west-2.amazonaws.com |
HTTPS HTTPS |
| Europe (Milan) | eu-south-1 |
kms.eu-south-1.amazonaws.com kms-fips.eu-south-1.amazonaws.com |
HTTPS HTTPS |
| Europe (Paris) | eu-west-3 |
kms.eu-west-3.amazonaws.com kms-fips.eu-west-3.amazonaws.com |
HTTPS HTTPS |
| Europe (Stockholm) | eu-north-1 |
kms.eu-north-1.amazonaws.com kms-fips.eu-north-1.amazonaws.com |
HTTPS HTTPS |
| Middle East (Bahrain) | me-south-1 |
kms.me-south-1.amazonaws.com kms-fips.me-south-1.amazonaws.com |
HTTPS HTTPS |
| South America (São Paulo) | sa-east-1 |
kms.sa-east-1.amazonaws.com kms-fips.sa-east-1.amazonaws.com |
HTTPS HTTPS |
| AWS GovCloud (US-East) | us-gov-east-1 |
kms.us-gov-east-1.amazonaws.com kms-fips.us-gov-east-1.amazonaws.com |
HTTPS HTTPS |
| AWS GovCloud (US-West) | us-gov-west-1 |
kms.us-gov-west-1.amazonaws.com kms-fips.us-gov-west-1.amazonaws.com |
HTTPS HTTPS |
Service quotas
The default value of the Cryptographic operations (symmetric) request rate quota
varies by Region. For detailed information about Cryptographic operations
(symmetric) request rate and the other AWS KMS quotas, see Quotas in the
AWS Key Management Service Developer Guide or the Service Quotas console
| Name | Default | Adjustable |
|---|---|---|
| Aliases per CMK | 50 |
Yes |
| CancelKeyDeletion request rate | 5 per second |
Yes |
| ConnectCustomKeyStore request rate | 5 per second |
Yes |
| CreateAlias request rate | 5 per second |
Yes |
| CreateCustomKeyStore request rate | 5 per second |
Yes |
| CreateGrant request rate | 50 per second |
Yes |
| CreateKey request rate | 5 per second |
Yes |
| Cryptographic operations (ECC) request rate | 300 per second |
Yes |
| Cryptographic operations (RSA) request rate | 500 per second |
Yes |
| Cryptographic operations (symmetric) request rate | 5,500 per second |
Yes |
| Customer Master Keys (CMKs) | 10,000 |
Yes |
| DeleteAlias request rate | 15 per second |
Yes |
| DeleteCustomKeyStore request rate | 5 per second |
Yes |
| DeleteImportedKeyMaterial request rate | 5 per second |
Yes |
| DescribeCustomKeyStores request rate | 5 per second |
Yes |
| DescribeKey request rate | 2,000 per second |
Yes |
| DisableKey request rate | 5 per second |
Yes |
| DisableKeyRotation request rate | 5 per second |
Yes |
| DisconnectCustomKeyStore request rate | 5 per second |
Yes |
| EnableKey request rate | 5 per second |
Yes |
| EnableKeyRotation request rate | 15 per second |
Yes |
| GenerateDataKeyPair (ECC_NIST_P256) request rate | 25 per second |
Yes |
| GenerateDataKeyPair (ECC_NIST_P384) request rate | 10 per second |
Yes |
| GenerateDataKeyPair (ECC_NIST_P521) request rate | 5 per second |
Yes |
| GenerateDataKeyPair (ECC_SECG_P256K1) request rate | 25 per second |
Yes |
| GenerateDataKeyPair (RSA_2048) request rate | 1 per second |
Yes |
| GenerateDataKeyPair (RSA_3072) request rate | 0.5 per second |
Yes |
| GenerateDataKeyPair (RSA_4096) request rate | 0.1 per second |
Yes |
| GetKeyPolicy request rate | 1,000 per second |
Yes |
| GetKeyRotationStatus request rate | 1,000 per second |
Yes |
| GetParametersForImport request rate | 0.25 per second |
Yes |
| GetPublicKey request rate | 2,000 per second |
Yes |
| Grants per CMK | 50,000 |
Yes |
| ImportKeyMaterial request rate | 5 per second |
Yes |
| Key policy document size | 32,768 Bytes |
Yes |
| ListAliases request rate | 500 per second |
Yes |
| ListGrants request rate | 100 per second |
Yes |
| ListKeyPolicies request rate | 100 per second |
Yes |
| ListKeys request rate | 500 per second |
Yes |
| ListResourceTags request rate | 2,000 per second |
Yes |
| ListRetirableGrants request rate | 100 per second |
Yes |
| PutKeyPolicy request rate | 15 per second |
Yes |
| ReplicateKey request rate | 5 per second |
Yes |
| RetireGrant request rate | 30 per second |
Yes |
| RevokeGrant request rate | 30 per second |
Yes |
| ScheduleKeyDeletion request rate | 15 per second |
Yes |
| TagResource request rate | 10 per second |
Yes |
| UntagResource request rate | 5 per second |
Yes |
| UpdateAlias request rate | 5 per second |
Yes |
| UpdateCustomKeyStore request rate | 5 per second |
Yes |
| UpdateKeyDescription request rate | 5 per second |
Yes |
| UpdatePrimaryRegion request rate | 5 per second |
Yes |
