AWS Key Management Service endpoints and quotas
The following are the service endpoints and service quotas for this service. To connect programmatically to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints. Service quotas, also referred to as limits, are the maximum number of service resources or operations for your AWS account. For more information, see AWS service quotas.
Service endpoints
| Region Name | Region | Endpoint | Protocol |
|---|---|---|---|
| US East (Ohio) | us-east-2 |
kms.us-east-2.amazonaws.com kms-fips.us-east-2.amazonaws.com kms-fips.us-east-2.amazonaws.com |
HTTPS HTTPS HTTPS |
| US East (N. Virginia) | us-east-1 |
kms.us-east-1.amazonaws.com kms-fips.us-east-1.amazonaws.com kms-fips.us-east-1.amazonaws.com |
HTTPS HTTPS HTTPS |
| US West (N. California) | us-west-1 |
kms.us-west-1.amazonaws.com kms-fips.us-west-1.amazonaws.com kms-fips.us-west-1.amazonaws.com |
HTTPS HTTPS HTTPS |
| US West (Oregon) | us-west-2 |
kms.us-west-2.amazonaws.com kms-fips.us-west-2.amazonaws.com kms-fips.us-west-2.amazonaws.com |
HTTPS HTTPS HTTPS |
| Africa (Cape Town) | af-south-1 |
kms.af-south-1.amazonaws.com kms-fips.af-south-1.amazonaws.com kms-fips.af-south-1.amazonaws.com |
HTTPS HTTPS HTTPS |
| Asia Pacific (Hong Kong) | ap-east-1 |
kms.ap-east-1.amazonaws.com kms-fips.ap-east-1.amazonaws.com kms-fips.ap-east-1.amazonaws.com |
HTTPS HTTPS HTTPS |
| Asia Pacific (Mumbai) | ap-south-1 |
kms.ap-south-1.amazonaws.com kms-fips.ap-south-1.amazonaws.com kms-fips.ap-south-1.amazonaws.com |
HTTPS HTTPS HTTPS |
| Asia Pacific (Osaka) | ap-northeast-3 |
kms.ap-northeast-3.amazonaws.com kms-fips.ap-northeast-3.amazonaws.com kms-fips.ap-northeast-3.amazonaws.com |
HTTPS HTTPS HTTPS |
| Asia Pacific (Seoul) | ap-northeast-2 |
kms.ap-northeast-2.amazonaws.com kms-fips.ap-northeast-2.amazonaws.com kms-fips.ap-northeast-2.amazonaws.com |
HTTPS HTTPS HTTPS |
| Asia Pacific (Singapore) | ap-southeast-1 |
kms.ap-southeast-1.amazonaws.com kms-fips.ap-southeast-1.amazonaws.com kms-fips.ap-southeast-1.amazonaws.com |
HTTPS HTTPS HTTPS |
| Asia Pacific (Sydney) | ap-southeast-2 |
kms.ap-southeast-2.amazonaws.com kms-fips.ap-southeast-2.amazonaws.com kms-fips.ap-southeast-2.amazonaws.com |
HTTPS HTTPS HTTPS |
| Asia Pacific (Tokyo) | ap-northeast-1 |
kms.ap-northeast-1.amazonaws.com kms-fips.ap-northeast-1.amazonaws.com kms-fips.ap-northeast-1.amazonaws.com |
HTTPS HTTPS HTTPS |
| Canada (Central) | ca-central-1 |
kms.ca-central-1.amazonaws.com kms-fips.ca-central-1.amazonaws.com kms-fips.ca-central-1.amazonaws.com |
HTTPS HTTPS HTTPS |
| Europe (Frankfurt) | eu-central-1 |
kms.eu-central-1.amazonaws.com kms-fips.eu-central-1.amazonaws.com kms-fips.eu-central-1.amazonaws.com |
HTTPS HTTPS HTTPS |
| Europe (Ireland) | eu-west-1 |
kms.eu-west-1.amazonaws.com kms-fips.eu-west-1.amazonaws.com kms-fips.eu-west-1.amazonaws.com |
HTTPS HTTPS HTTPS |
| Europe (London) | eu-west-2 |
kms.eu-west-2.amazonaws.com kms-fips.eu-west-2.amazonaws.com kms-fips.eu-west-2.amazonaws.com |
HTTPS HTTPS HTTPS |
| Europe (Milan) | eu-south-1 |
kms.eu-south-1.amazonaws.com kms-fips.eu-south-1.amazonaws.com kms-fips.eu-south-1.amazonaws.com |
HTTPS HTTPS HTTPS |
| Europe (Paris) | eu-west-3 |
kms.eu-west-3.amazonaws.com kms-fips.eu-west-3.amazonaws.com kms-fips.eu-west-3.amazonaws.com |
HTTPS HTTPS HTTPS |
| Europe (Stockholm) | eu-north-1 |
kms.eu-north-1.amazonaws.com kms-fips.eu-north-1.amazonaws.com kms-fips.eu-north-1.amazonaws.com |
HTTPS HTTPS HTTPS |
| Middle East (Bahrain) | me-south-1 |
kms.me-south-1.amazonaws.com kms-fips.me-south-1.amazonaws.com kms-fips.me-south-1.amazonaws.com |
HTTPS HTTPS HTTPS |
| South America (São Paulo) | sa-east-1 |
kms.sa-east-1.amazonaws.com kms-fips.sa-east-1.amazonaws.com kms-fips.sa-east-1.amazonaws.com |
HTTPS HTTPS HTTPS |
| AWS GovCloud (US-East) | us-gov-east-1 |
kms.us-gov-east-1.amazonaws.com kms-fips.us-gov-east-1.amazonaws.com kms-fips.us-gov-east-1.amazonaws.com |
HTTPS HTTPS HTTPS |
| AWS GovCloud (US-West) | us-gov-west-1 |
kms.us-gov-west-1.amazonaws.com kms-fips.us-gov-west-1.amazonaws.com kms-fips.us-gov-west-1.amazonaws.com |
HTTPS HTTPS HTTPS |
Service quotas
| Name | Default | Adjustable |
|---|---|---|
| Aliases per CMK | All supported Regions: 50 |
Yes |
| CancelKeyDeletion request rate | All supported Regions: 5 per second |
Yes |
| ConnectCustomKeyStore request rate | All supported Regions: 5 per second |
Yes |
| CreateAlias request rate | All supported Regions: 5 per second |
Yes |
| CreateCustomKeyStore request rate | All supported Regions: 5 per second |
Yes |
| CreateGrant request rate | All supported Regions: 50 per second |
Yes |
| CreateKey request rate | All supported Regions: 5 per second |
Yes |
| Cryptographic operations (ECC) request rate | All supported Regions: 300 per second |
Yes |
| Cryptographic operations (RSA) request rate | All supported Regions: 500 per second |
Yes |
| Cryptographic operations (symmetric) request rate |
ap-northeast-1: 10,000 per second ap-southeast-1: 10,000 per second ap-southeast-2: 10,000 per second eu-central-1: 10,000 per second eu-west-2: 10,000 per second us-east-2: 10,000 per second eu-west-1: 50,000 per second us-east-1: 50,000 per second us-west-2: 50,000 per second All other supported Regions: 5,500 per second |
Yes |
| Customer Master Keys (CMKs) | All supported Regions: 10,000 |
Yes |
| DeleteAlias request rate | All supported Regions: 15 per second |
Yes |
| DeleteCustomKeyStore request rate | All supported Regions: 5 per second |
Yes |
| DeleteImportedKeyMaterial request rate | All supported Regions: 5 per second |
Yes |
| DescribeCustomKeyStores request rate | All supported Regions: 5 per second |
Yes |
| DescribeKey request rate | All supported Regions: 2,000 per second |
Yes |
| DisableKey request rate | All supported Regions: 5 per second |
Yes |
| DisableKeyRotation request rate | All supported Regions: 5 per second |
Yes |
| DisconnectCustomKeyStore request rate | All supported Regions: 5 per second |
Yes |
| EnableKey request rate | All supported Regions: 5 per second |
Yes |
| EnableKeyRotation request rate | All supported Regions: 15 per second |
Yes |
| GenerateDataKeyPair (ECC_NIST_P256) request rate | All supported Regions: 25 per second |
Yes |
| GenerateDataKeyPair (ECC_NIST_P384) request rate | All supported Regions: 10 per second |
Yes |
| GenerateDataKeyPair (ECC_NIST_P521) request rate | All supported Regions: 5 per second |
Yes |
| GenerateDataKeyPair (ECC_SECG_P256K1) request rate | All supported Regions: 25 per second |
Yes |
| GenerateDataKeyPair (RSA_2048) request rate | All supported Regions: 1 per second |
Yes |
| GenerateDataKeyPair (RSA_3072) request rate | All supported Regions: 0.5 per second |
Yes |
| GenerateDataKeyPair (RSA_4096) request rate | All supported Regions: 0.1 per second |
Yes |
| GetKeyPolicy request rate | All supported Regions: 1,000 per second |
Yes |
| GetKeyRotationStatus request rate | All supported Regions: 1,000 per second |
Yes |
| GetParametersForImport request rate | All supported Regions: 0.25 per second |
Yes |
| GetPublicKey request rate | All supported Regions: 2,000 per second |
Yes |
| Grants per CMK | All supported Regions: 50,000 |
Yes |
| ImportKeyMaterial request rate | All supported Regions: 5 per second |
Yes |
| Key policy document size | All supported Regions: 32,768 Bytes |
Yes |
| ListAliases request rate | All supported Regions: 500 per second |
Yes |
| ListGrants request rate | All supported Regions: 100 per second |
Yes |
| ListKeyPolicies request rate | All supported Regions: 100 per second |
Yes |
| ListKeys request rate | All supported Regions: 500 per second |
Yes |
| ListResourceTags request rate | All supported Regions: 2,000 per second |
Yes |
| ListRetirableGrants request rate | All supported Regions: 100 per second |
Yes |
| PutKeyPolicy request rate | All supported Regions: 15 per second |
Yes |
| ReplicateKey request rate | All supported Regions: 5 per second |
Yes |
| RetireGrant request rate | All supported Regions: 30 per second |
Yes |
| RevokeGrant request rate | All supported Regions: 30 per second |
Yes |
| ScheduleKeyDeletion request rate | All supported Regions: 15 per second |
Yes |
| TagResource request rate | All supported Regions: 10 per second |
Yes |
| UntagResource request rate | All supported Regions: 5 per second |
Yes |
| UpdateAlias request rate | All supported Regions: 5 per second |
Yes |
| UpdateCustomKeyStore request rate | All supported Regions: 5 per second |
Yes |
| UpdateKeyDescription request rate | All supported Regions: 5 per second |
Yes |
| UpdatePrimaryRegion request rate | All supported Regions: 5 per second |
Yes |
