AWS Key Management Service endpoints and quotas - AWS General Reference

AWS Key Management Service endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints. Service quotas, also referred to as limits, are the maximum number of service resources or operations for your AWS account. For more information, see AWS service quotas.

Service endpoints

Region Name Region Endpoint Protocol
US East (Ohio) us-east-2

kms.us-east-2.amazonaws.com

kms-fips.us-east-2.amazonaws.com

kms-fips.us-east-2.amazonaws.com

HTTPS

HTTPS

HTTPS

US East (N. Virginia) us-east-1

kms.us-east-1.amazonaws.com

kms-fips.us-east-1.amazonaws.com

kms-fips.us-east-1.amazonaws.com

HTTPS

HTTPS

HTTPS

US West (N. California) us-west-1

kms.us-west-1.amazonaws.com

kms-fips.us-west-1.amazonaws.com

kms-fips.us-west-1.amazonaws.com

HTTPS

HTTPS

HTTPS

US West (Oregon) us-west-2

kms.us-west-2.amazonaws.com

kms-fips.us-west-2.amazonaws.com

kms-fips.us-west-2.amazonaws.com

HTTPS

HTTPS

HTTPS

Africa (Cape Town) af-south-1

kms.af-south-1.amazonaws.com

kms-fips.af-south-1.amazonaws.com

kms-fips.af-south-1.amazonaws.com

HTTPS

HTTPS

HTTPS

Asia Pacific (Hong Kong) ap-east-1

kms.ap-east-1.amazonaws.com

kms-fips.ap-east-1.amazonaws.com

kms-fips.ap-east-1.amazonaws.com

HTTPS

HTTPS

HTTPS

Asia Pacific (Mumbai) ap-south-1

kms.ap-south-1.amazonaws.com

kms-fips.ap-south-1.amazonaws.com

kms-fips.ap-south-1.amazonaws.com

HTTPS

HTTPS

HTTPS

Asia Pacific (Osaka) ap-northeast-3

kms.ap-northeast-3.amazonaws.com

kms-fips.ap-northeast-3.amazonaws.com

kms-fips.ap-northeast-3.amazonaws.com

HTTPS

HTTPS

HTTPS

Asia Pacific (Seoul) ap-northeast-2

kms.ap-northeast-2.amazonaws.com

kms-fips.ap-northeast-2.amazonaws.com

kms-fips.ap-northeast-2.amazonaws.com

HTTPS

HTTPS

HTTPS

Asia Pacific (Singapore) ap-southeast-1

kms.ap-southeast-1.amazonaws.com

kms-fips.ap-southeast-1.amazonaws.com

kms-fips.ap-southeast-1.amazonaws.com

HTTPS

HTTPS

HTTPS

Asia Pacific (Sydney) ap-southeast-2

kms.ap-southeast-2.amazonaws.com

kms-fips.ap-southeast-2.amazonaws.com

kms-fips.ap-southeast-2.amazonaws.com

HTTPS

HTTPS

HTTPS

Asia Pacific (Tokyo) ap-northeast-1

kms.ap-northeast-1.amazonaws.com

kms-fips.ap-northeast-1.amazonaws.com

kms-fips.ap-northeast-1.amazonaws.com

HTTPS

HTTPS

HTTPS

Canada (Central) ca-central-1

kms.ca-central-1.amazonaws.com

kms-fips.ca-central-1.amazonaws.com

kms-fips.ca-central-1.amazonaws.com

HTTPS

HTTPS

HTTPS

Europe (Frankfurt) eu-central-1

kms.eu-central-1.amazonaws.com

kms-fips.eu-central-1.amazonaws.com

kms-fips.eu-central-1.amazonaws.com

HTTPS

HTTPS

HTTPS

Europe (Ireland) eu-west-1

kms.eu-west-1.amazonaws.com

kms-fips.eu-west-1.amazonaws.com

kms-fips.eu-west-1.amazonaws.com

HTTPS

HTTPS

HTTPS

Europe (London) eu-west-2

kms.eu-west-2.amazonaws.com

kms-fips.eu-west-2.amazonaws.com

kms-fips.eu-west-2.amazonaws.com

HTTPS

HTTPS

HTTPS

Europe (Milan) eu-south-1

kms.eu-south-1.amazonaws.com

kms-fips.eu-south-1.amazonaws.com

kms-fips.eu-south-1.amazonaws.com

HTTPS

HTTPS

HTTPS

Europe (Paris) eu-west-3

kms.eu-west-3.amazonaws.com

kms-fips.eu-west-3.amazonaws.com

kms-fips.eu-west-3.amazonaws.com

HTTPS

HTTPS

HTTPS

Europe (Stockholm) eu-north-1

kms.eu-north-1.amazonaws.com

kms-fips.eu-north-1.amazonaws.com

kms-fips.eu-north-1.amazonaws.com

HTTPS

HTTPS

HTTPS

Middle East (Bahrain) me-south-1

kms.me-south-1.amazonaws.com

kms-fips.me-south-1.amazonaws.com

kms-fips.me-south-1.amazonaws.com

HTTPS

HTTPS

HTTPS

South America (São Paulo) sa-east-1

kms.sa-east-1.amazonaws.com

kms-fips.sa-east-1.amazonaws.com

kms-fips.sa-east-1.amazonaws.com

HTTPS

HTTPS

HTTPS

AWS GovCloud (US-East) us-gov-east-1

kms.us-gov-east-1.amazonaws.com

kms-fips.us-gov-east-1.amazonaws.com

kms-fips.us-gov-east-1.amazonaws.com

HTTPS

HTTPS

HTTPS

AWS GovCloud (US-West) us-gov-west-1

kms.us-gov-west-1.amazonaws.com

kms-fips.us-gov-west-1.amazonaws.com

kms-fips.us-gov-west-1.amazonaws.com

HTTPS

HTTPS

HTTPS

Service quotas

Name Default Adjustable
Aliases per CMK All supported Regions: 50 Yes
CancelKeyDeletion request rate All supported Regions: 5 per second Yes
ConnectCustomKeyStore request rate All supported Regions: 5 per second Yes
CreateAlias request rate All supported Regions: 5 per second Yes
CreateCustomKeyStore request rate All supported Regions: 5 per second Yes
CreateGrant request rate All supported Regions: 50 per second Yes
CreateKey request rate All supported Regions: 5 per second Yes
Cryptographic operations (ECC) request rate All supported Regions: 300 per second Yes
Cryptographic operations (RSA) request rate All supported Regions: 500 per second Yes
Cryptographic operations (symmetric) request rate

ap-northeast-1: 10,000 per second

ap-southeast-1: 10,000 per second

ap-southeast-2: 10,000 per second

eu-central-1: 10,000 per second

eu-west-2: 10,000 per second

us-east-2: 10,000 per second

eu-west-1: 50,000 per second

us-east-1: 50,000 per second

us-west-2: 50,000 per second

All other supported Regions: 5,500 per second

Yes
Customer Master Keys (CMKs) All supported Regions: 10,000 Yes
DeleteAlias request rate All supported Regions: 15 per second Yes
DeleteCustomKeyStore request rate All supported Regions: 5 per second Yes
DeleteImportedKeyMaterial request rate All supported Regions: 5 per second Yes
DescribeCustomKeyStores request rate All supported Regions: 5 per second Yes
DescribeKey request rate All supported Regions: 2,000 per second Yes
DisableKey request rate All supported Regions: 5 per second Yes
DisableKeyRotation request rate All supported Regions: 5 per second Yes
DisconnectCustomKeyStore request rate All supported Regions: 5 per second Yes
EnableKey request rate All supported Regions: 5 per second Yes
EnableKeyRotation request rate All supported Regions: 15 per second Yes
GenerateDataKeyPair (ECC_NIST_P256) request rate All supported Regions: 25 per second Yes
GenerateDataKeyPair (ECC_NIST_P384) request rate All supported Regions: 10 per second Yes
GenerateDataKeyPair (ECC_NIST_P521) request rate All supported Regions: 5 per second Yes
GenerateDataKeyPair (ECC_SECG_P256K1) request rate All supported Regions: 25 per second Yes
GenerateDataKeyPair (RSA_2048) request rate All supported Regions: 1 per second Yes
GenerateDataKeyPair (RSA_3072) request rate All supported Regions: 0.5 per second Yes
GenerateDataKeyPair (RSA_4096) request rate All supported Regions: 0.1 per second Yes
GetKeyPolicy request rate All supported Regions: 1,000 per second Yes
GetKeyRotationStatus request rate All supported Regions: 1,000 per second Yes
GetParametersForImport request rate All supported Regions: 0.25 per second Yes
GetPublicKey request rate All supported Regions: 2,000 per second Yes
Grants per CMK All supported Regions: 50,000 Yes
ImportKeyMaterial request rate All supported Regions: 5 per second Yes
Key policy document size All supported Regions: 32,768 Bytes Yes
ListAliases request rate All supported Regions: 500 per second Yes
ListGrants request rate All supported Regions: 100 per second Yes
ListKeyPolicies request rate All supported Regions: 100 per second Yes
ListKeys request rate All supported Regions: 500 per second Yes
ListResourceTags request rate All supported Regions: 2,000 per second Yes
ListRetirableGrants request rate All supported Regions: 100 per second Yes
PutKeyPolicy request rate All supported Regions: 15 per second Yes
ReplicateKey request rate All supported Regions: 5 per second Yes
RetireGrant request rate All supported Regions: 30 per second Yes
RevokeGrant request rate All supported Regions: 30 per second Yes
ScheduleKeyDeletion request rate All supported Regions: 15 per second Yes
TagResource request rate All supported Regions: 10 per second Yes
UntagResource request rate All supported Regions: 5 per second Yes
UpdateAlias request rate All supported Regions: 5 per second Yes
UpdateCustomKeyStore request rate All supported Regions: 5 per second Yes
UpdateKeyDescription request rate All supported Regions: 5 per second Yes
UpdatePrimaryRegion request rate All supported Regions: 5 per second Yes