AWS Key Management Service endpoints and quotas - AWS General Reference

AWS Key Management Service endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints. Service quotas, also referred to as limits, are the maximum number of service resources or operations for your AWS account. For more information, see AWS service quotas.

Service endpoints

Region Name Region Endpoint Protocol
US East (Ohio) us-east-2

kms.us-east-2.amazonaws.com

kms-fips.us-east-2.amazonaws.com

HTTPS

HTTPS

US East (N. Virginia) us-east-1

kms.us-east-1.amazonaws.com

kms-fips.us-east-1.amazonaws.com

HTTPS

HTTPS

US West (N. California) us-west-1

kms.us-west-1.amazonaws.com

kms-fips.us-west-1.amazonaws.com

HTTPS

HTTPS

US West (Oregon) us-west-2

kms.us-west-2.amazonaws.com

kms-fips.us-west-2.amazonaws.com

HTTPS

HTTPS

Africa (Cape Town) af-south-1

kms.af-south-1.amazonaws.com

kms-fips.af-south-1.amazonaws.com

HTTPS

HTTPS

Asia Pacific (Hong Kong) ap-east-1

kms.ap-east-1.amazonaws.com

kms-fips.ap-east-1.amazonaws.com

HTTPS

HTTPS

Asia Pacific (Mumbai) ap-south-1

kms.ap-south-1.amazonaws.com

kms-fips.ap-south-1.amazonaws.com

HTTPS

HTTPS

Asia Pacific (Osaka) ap-northeast-3

kms.ap-northeast-3.amazonaws.com

kms-fips.ap-northeast-3.amazonaws.com

HTTPS

HTTPS

Asia Pacific (Seoul) ap-northeast-2

kms.ap-northeast-2.amazonaws.com

kms-fips.ap-northeast-2.amazonaws.com

HTTPS

HTTPS

Asia Pacific (Singapore) ap-southeast-1

kms.ap-southeast-1.amazonaws.com

kms-fips.ap-southeast-1.amazonaws.com

HTTPS

HTTPS

Asia Pacific (Sydney) ap-southeast-2

kms.ap-southeast-2.amazonaws.com

kms-fips.ap-southeast-2.amazonaws.com

HTTPS

HTTPS

Asia Pacific (Tokyo) ap-northeast-1

kms.ap-northeast-1.amazonaws.com

kms-fips.ap-northeast-1.amazonaws.com

HTTPS

HTTPS

Canada (Central) ca-central-1

kms.ca-central-1.amazonaws.com

kms-fips.ca-central-1.amazonaws.com

HTTPS

HTTPS

Europe (Frankfurt) eu-central-1

kms.eu-central-1.amazonaws.com

kms-fips.eu-central-1.amazonaws.com

HTTPS

HTTPS

Europe (Ireland) eu-west-1

kms.eu-west-1.amazonaws.com

kms-fips.eu-west-1.amazonaws.com

HTTPS

HTTPS

Europe (London) eu-west-2

kms.eu-west-2.amazonaws.com

kms-fips.eu-west-2.amazonaws.com

HTTPS

HTTPS

Europe (Milan) eu-south-1

kms.eu-south-1.amazonaws.com

kms-fips.eu-south-1.amazonaws.com

HTTPS

HTTPS

Europe (Paris) eu-west-3

kms.eu-west-3.amazonaws.com

kms-fips.eu-west-3.amazonaws.com

HTTPS

HTTPS

Europe (Stockholm) eu-north-1

kms.eu-north-1.amazonaws.com

kms-fips.eu-north-1.amazonaws.com

HTTPS

HTTPS

Middle East (Bahrain) me-south-1

kms.me-south-1.amazonaws.com

kms-fips.me-south-1.amazonaws.com

HTTPS

HTTPS

South America (São Paulo) sa-east-1

kms.sa-east-1.amazonaws.com

kms-fips.sa-east-1.amazonaws.com

HTTPS

HTTPS

AWS GovCloud (US-East) us-gov-east-1

kms.us-gov-east-1.amazonaws.com

kms-fips.us-gov-east-1.amazonaws.com

HTTPS

HTTPS

AWS GovCloud (US-West) us-gov-west-1

kms.us-gov-west-1.amazonaws.com

kms-fips.us-gov-west-1.amazonaws.com

HTTPS

HTTPS

Service quotas

Note

The default value of the Cryptographic operations (symmetric) request rate quota varies by Region. For detailed information about Cryptographic operations (symmetric) request rate and the other AWS KMS quotas, see Quotas in the AWS Key Management Service Developer Guide or the Service Quotas console.

Name Default Adjustable
Aliases per CMK 50 Yes
CancelKeyDeletion request rate 5 per second Yes
ConnectCustomKeyStore request rate 5 per second Yes
CreateAlias request rate 5 per second Yes
CreateCustomKeyStore request rate 5 per second Yes
CreateGrant request rate 50 per second Yes
CreateKey request rate 5 per second Yes
Cryptographic operations (ECC) request rate 300 per second Yes
Cryptographic operations (RSA) request rate 500 per second Yes
Cryptographic operations (symmetric) request rate 5,500 per second Yes
Customer Master Keys (CMKs) 10,000 Yes
DeleteAlias request rate 15 per second Yes
DeleteCustomKeyStore request rate 5 per second Yes
DeleteImportedKeyMaterial request rate 5 per second Yes
DescribeCustomKeyStores request rate 5 per second Yes
DescribeKey request rate 2,000 per second Yes
DisableKey request rate 5 per second Yes
DisableKeyRotation request rate 5 per second Yes
DisconnectCustomKeyStore request rate 5 per second Yes
EnableKey request rate 5 per second Yes
EnableKeyRotation request rate 15 per second Yes
GenerateDataKeyPair (ECC_NIST_P256) request rate 25 per second Yes
GenerateDataKeyPair (ECC_NIST_P384) request rate 10 per second Yes
GenerateDataKeyPair (ECC_NIST_P521) request rate 5 per second Yes
GenerateDataKeyPair (ECC_SECG_P256K1) request rate 25 per second Yes
GenerateDataKeyPair (RSA_2048) request rate 1 per second Yes
GenerateDataKeyPair (RSA_3072) request rate 0.5 per second Yes
GenerateDataKeyPair (RSA_4096) request rate 0.1 per second Yes
GetKeyPolicy request rate 1,000 per second Yes
GetKeyRotationStatus request rate 1,000 per second Yes
GetParametersForImport request rate 0.25 per second Yes
GetPublicKey request rate 2,000 per second Yes
Grants per CMK 50,000 Yes
ImportKeyMaterial request rate 5 per second Yes
Key policy document size 32,768 Bytes Yes
ListAliases request rate 500 per second Yes
ListGrants request rate 100 per second Yes
ListKeyPolicies request rate 100 per second Yes
ListKeys request rate 500 per second Yes
ListResourceTags request rate 2,000 per second Yes
ListRetirableGrants request rate 100 per second Yes
PutKeyPolicy request rate 15 per second Yes
ReplicateKey request rate 5 per second Yes
RetireGrant request rate 30 per second Yes
RevokeGrant request rate 30 per second Yes
ScheduleKeyDeletion request rate 15 per second Yes
TagResource request rate 10 per second Yes
UntagResource request rate 5 per second Yes
UpdateAlias request rate 5 per second Yes
UpdateCustomKeyStore request rate 5 per second Yes
UpdateKeyDescription request rate 5 per second Yes
UpdatePrimaryRegion request rate 5 per second Yes