Document history - Amazon Key Management Service
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Document history

This topic describes significant updates to the Amazon Key Management Service Developer Guide.

Recent updates

The following table describes significant changes to this documentation since January 2018. In addition to major changes listed here, we also update the documentation frequently to improve the descriptions and examples, and to address the feedback that you send to us. To be notified about significant changes, subscribe to the RSS feed.

You might need to scroll horizontally or vertically to see all of the data in this table.

ChangeDescriptionDate

Updates to managed policy

Added new permissions to AWSKeyManagementServiceCustomKeyStoresServiceRolePolicy that allow Amazon KMS to monitor changes in the VPC that contains your Amazon CloudHSM cluster so that Amazon KMS can provide clear error messages in the case of failures.

November 10, 2023

Feature update

Added support for the DryRun API parameter.

July 5, 2023

Feature update

Added support for importing key material for all types of Amazon KMS keys, except custom key stores.

June 5, 2023

Feature update

Updates to Amazon KMS APIs for Nitro Enclaves

March 10, 2023

Feature update

The RSAES_PKCS1_V1_5 wrapping algorithm is deprecated. Amazon KMS will end all support for RSAES_PKCS1_V1_5 by October 1, 2023 pursuant to cryptographic key management guidance from the National Institute of Standards and Technology (NIST). We recommend that you begin using a different wrapping algorithm immediately.

February 28, 2023

Feature update

Added support for External key stores, a feature that lets you protect your Amazon resources using cryptographic keys outside of Amazon.

November 29, 2022

Quota change

Increased the Amazon KMS keys resource quota to 100,000 KMS keys in each account and Region.

July 8, 2022

Feature update

Added support for HMAC KMS keys in more Amazon Web Services Regions

July 8, 2022

New topic

Added the Resilience in Amazon Key Management Service topic to the Security chapter of the Amazon KMS Developer Guide.

June 14, 2022

New feature

Added support for Amazon KMS keys and API operations that generate and verify HMAC codes.

April 19, 2022

Documentation change

Replace the term customer master key (CMK) with Amazon KMS key and KMS key.

August 30, 2021

New feature

Added support for multi-Region keys, a set of interoperable KMS keys in different Regions that have the same key ID and key material. You can use multi-Region keys to encrypt data in one Region and decrypt data in a different Region.

June 8, 2021

New feature

Added support for attribute based access control (ABAC). You can use tags and aliases to control access to your Amazon KMS keys.

December 17, 2020

New feature

Added support for VPC endpoint policies.

July 9, 2020

New content

Explains the security properties of Amazon KMS.

June 18, 2020

New feature

Added support for asymmetric Amazon KMS keys and asymmetric data keys.

November 25, 2019

Updated feature

You can view the key policy of Amazon managed keys in the Amazon KMS console. This feature used to be limited to customer managed keys.

November 15, 2019

New feature

Explains how to use hybrid post-quantum key exchange algorithms in TLS for your calls to Amazon KMS.

November 4, 2019

Quota change

Increased the resource quotas for some APIs that manage KMS keys.

September 18, 2019

Quota change

Changed the resource quotas for KMS keys, aliases, and grants per KMS key.

March 27, 2019

Quota change

Changed the shared per-second request quota for cryptographic operations that use Amazon KMS keys in a custom key store.

March 7, 2019

New feature

Explains how to create and manage Amazon KMS custom key stores. Each key store is backed by an Amazon CloudHSM cluster that you own and control.

November 26, 2018

New console

Explains how to use the new Amazon KMS console, which is independent of the IAM console. The original console, and instructions for using it, will remain available for a brief period to give you time to familiarize yourself with the new console.

November 7, 2018

Quota change

Changed the shared request quota for use of Amazon KMS keys.

August 21, 2018

New content

Explains how Amazon Secrets Manager uses Amazon KMS keys to encrypt the secret value in a secret.

July 13, 2018

New content

Explains how DynamoDB uses Amazon KMS Amazon KMS keys to support its server-side encryption option.

May 23, 2018

New feature

Explains how to use a private endpoint in your VPC to connect directly to Amazon KMS, instead of connecting over the internet.

January 22, 2018

Earlier updates

The following table describes the important changes to the Amazon Key Management Service Developer Guide prior to 2018.

You might need to scroll horizontally or vertically to see all of the data in this table.

Change Description Date
New content Added documentation about Tagging keys. February 15, 2017
New content Added documentation about Monitoring Amazon KMS keys and Monitoring with Amazon CloudWatch. August 31, 2016
New content Added documentation about Imported key material. August 11, 2016
New content Added the following documentation: IAM policies, Permissions reference, and Condition keys. July 5, 2016
Update Updated portions of the documentation in the Authentication and access control chapter. July 5, 2016
Update Updated the Quotas page to reflect new default quotas. May 31, 2016
Update Updated the Quotas page to reflect new default quotas, and updated the grant token documentation to improve clarity and accuracy. April 11, 2016
New content Added documentation about Allowing multiple IAM principals to access a KMS key and Using the IP address condition. February 17, 2016
Update Updated the Key policies in Amazon KMS and Changing a key policy pages to improve clarity and accuracy. February 17, 2016
Update Updated the Managing keys topic pages to improve clarity. January 5, 2016
New content Added documentation about How Amazon CloudTrail uses Amazon KMS. November 18, 2015
New content Added instructions for Changing a key policy. November 18, 2015
Update Updated the documentation about How Amazon Relational Database Service (Amazon RDS) uses Amazon KMS. November 18, 2015
New content Added documentation about How WorkSpaces uses Amazon KMS. November 6, 2015
Update Updated the Key policies in Amazon KMS page to improve clarity. October 22, 2015
New content Added documentation about Deleting Amazon KMS keys, including supporting documentation about Creating an alarm and Determining past usage of a KMS key. October 15, 2015
New content Added documentation about Determining access to Amazon KMS keys. October 15, 2015
New content Added documentation about Key states of Amazon KMS keys. October 15, 2015
New content Added documentation about How Amazon Simple Email Service (Amazon SES) uses Amazon KMS. October 1, 2015
Update Updated the Quotas page to explain the new request quotas. August 31, 2015
New content Added information about the charges for using Amazon KMS. See Amazon KMS Pricing. August 14, 2015
New content Added request quotas to the Amazon KMS Quotas. June 11, 2015
New content Added a new Java code sample demonstrating use of the UpdateAlias operation. See Updating an alias. June 1, 2015
Update Moved the Amazon Key Management Service regions table to the Amazon Web Services General Reference. May 29, 2015
New content Added documentation about How Amazon EMR uses Amazon KMS. January 28, 2015
New content Added documentation about How Amazon WorkMail uses Amazon KMS. January 28, 2015
New content Added documentation about How Amazon Relational Database Service (Amazon RDS) uses Amazon KMS. January 6, 2015
New content Added documentation about How Amazon Elastic Transcoder uses Amazon KMS. November 24, 2014
New guide Introduced the Amazon Key Management Service Developer Guide. November 12, 2014