Document history - AWS Key Management Service

Document history

This topic describes significant updates to the AWS Key Management Service Developer Guide.

Recent updates

The following table describes significant changes to this documentation since January 2018. In addition to major changes listed here, we also update the documentation frequently to improve the descriptions and examples, and to address the feedback that you send to us. To be notified about significant changes, use the link in the upper right corner to subscribe to the RSS feed.

Current API version: 2014-11-01

Change Description Date

New feature

Added support for VPC endpoint policies.

July 9, 2020

New content

Explains the security properties of AWS KMS.

June 18, 2020

New feature

Added support for asymmetric customer master keys and asymmetric data keys.

November 25, 2019

Updated feature

You can view the key policy of AWS managed CMKs in the AWS KMS console. This feature used to be limited to customer managed CMKs.

November 15, 2019

New feature

Explains how to use hybrid post-quantum key exchange algorithms in TLS for your calls to AWS KMS.

November 4, 2019

Quota change

Increased the resource quotas for some APIs that manage CMKs.

September 18, 2019

Quota change

Changed the resource quotas for customer master keys (CMKs), aliases, and grants per CMK.

March 27, 2019

Quota change

Changed the shared per-second request quota for cryptographic operations that use customer master keys (CMKs) in a custom key store.

March 7, 2019

New feature

Explains how to create and manage AWS KMS custom key stores. Each key store is backed by an AWS CloudHSM cluster that you own and control.

November 26, 2018

New console

Explains how to use the new AWS KMS console, which is independent of the IAM console. The original console, and instructions for using it, will remain available for a brief period to give you time to familiarize yourself with the new console.

November 7, 2018

Quota change

Changed the shared request quota for use of customer master keys.

August 21, 2018

New content

Explains how AWS Secrets Manager uses AWS KMS customer master keys to encrypt the secret value in a secret.

July 13, 2018

New content

Explains how DynamoDB uses AWS KMS customer master keys to support its server-side encryption option.

May 23, 2018

New feature

Explains how to use a private endpoint in your VPC to connect directly to AWS KMS, instead of connecting over the internet.

January 22, 2018

Earlier updates

The following table describes the important changes to the AWS Key Management Service Developer Guide prior to 2018.

Change Description Date
New content Added documentation about Tagging keys. February 15, 2017
New content Added documentation about Monitoring customer master keys and Monitoring with Amazon CloudWatch. August 31, 2016
New content Added documentation about Importing key material. August 11, 2016
New content Added the following documentation: Overview of managing access, Using IAM policies, AWS KMS API permissions reference, and Using policy conditions. July 5, 2016
Update Updated portions of the documentation in the Authentication and access control chapter. July 5, 2016
Update Updated the Quotas page to reflect new default quotas. May 31, 2016
Update Updated the Quotas page to reflect new default quotas, and updated the Grant tokens documentation to improve clarity and accuracy. April 11, 2016
New content Added documentation about Allowing multiple IAM users to access a CMK and Using the IP address condition. February 17, 2016
Update Updated the Using key policies in AWS KMS and Changing a key policy pages to improve clarity and accuracy. February 17, 2016
Update Updated the Getting started topic pages to improve clarity. January 5, 2016
New content Added documentation about How AWS CloudTrail uses AWS KMS. November 18, 2015
New content Added instructions for Changing a key policy. November 18, 2015
Update Updated the documentation about How Amazon Relational Database Service (Amazon RDS) uses AWS KMS. November 18, 2015
New content Added documentation about How Amazon WorkSpaces uses AWS KMS. November 6, 2015
Update Updated the Using key policies in AWS KMS page to improve clarity. October 22, 2015
New content Added documentation about Deleting customer master keys, including supporting documentation about Creating an Amazon CloudWatch alarm and Determining past usage of a customer master key. October 15, 2015
New content Added documentation about Determining access to an AWS KMS customer master key. October 15, 2015
New content Added documentation about Key state: Effect on your CMK. October 15, 2015
New content Added documentation about How Amazon Simple Email Service (Amazon SES) uses AWS KMS. October 1, 2015
Update Updated the Quotas page to explain the new request quotas. August 31, 2015
New content Added information about the charges for using AWS KMS. See AWS KMS Pricing. August 14, 2015
New content Added request quotas to the AWS KMS Quotas. June 11, 2015
New content Added a new Java code sample demonstrating use of the UpdateAlias operation. See Updating an alias. June 1, 2015
Update Moved the AWS Key Management Service regions table to the AWS General Reference. May 29, 2015
New content Added documentation about How Amazon EMR uses AWS KMS. January 28, 2015
New content Added documentation about How Amazon WorkMail uses AWS KMS. January 28, 2015
New content Added documentation about How Amazon Relational Database Service (Amazon RDS) uses AWS KMS. January 6, 2015
New content Added documentation about How Amazon Elastic Transcoder uses AWS KMS. November 24, 2014
New guide Introduced the AWS Key Management Service Developer Guide. November 12, 2014