Finding the key ID and ARN - AWS Key Management Service

Finding the key ID and ARN

To identify an AWS KMS CMK, you can use its key ID or its Amazon Resource Name (key ARN). In cryptographic operations, you can also use the alias name or alias ARN.

For detailed information about the CMK identifiers that AWS KMS supports, see Key identifiers (KeyId). For help finding an alias name and alias ARN, see Finding the alias name and alias ARN.

To find the key ID and ARN (console)

  1. Open the AWS KMS console at https://console.aws.amazon.com/kms.

  2. To change the AWS Region, use the Region selector in the upper-right corner of the page.

  3. To view the keys in your account that you create and manage, in the navigation pane choose Customer managed keys. To view the keys in your account that AWS creates and manages for you, in the navigation pane, choose AWS managed keys.

  4. To find the key ID for a CMK, see the row that begins with the CMK alias.

    The Key ID column appears in the tables by default. If the Key ID column doesn't appear in your table, use the procedure described in Customizing your CMK tables to restore it. You can also view the key ID of a CMK on its details page.

  5. To find the Amazon Resource Name (ARN) of the CMK, choose the key ID or alias. The key ARN appears in the General Configuration section.

To find the key ID and key ARN (AWS KMS API)

To find the key ID and key ARN of a customer master key (CMK), use the ListKeys operation. For examples in multiple programming languages, see Getting key IDs and ARNs and Get key IDs and ARNs.

The ListKeys response includes the key ID and key ARN for every CMK in the account and Region.

$ aws kms list-keys { "Keys": [ { "KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab", "KeyArn": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab" }, { "KeyId": "0987dcba-09fe-87dc-65ba-ab0987654321", "KeyArn": "arn:aws:kms:us-west-2:111122223333:key/0987dcba-09fe-87dc-65ba-ab0987654321" } ] }