Finding the key ID and key ARN
To identify an Amazon KMS key, you can use the key ID or the Amazon Resource Name (key ARN). In cryptographic operations, you can also use the alias name or alias ARN.
For detailed information about the KMS key identifiers supported by Amazon KMS, see Key identifiers (KeyId). For help finding an alias name and alias ARN, see Finding the alias name and alias ARN.
To find the key ID and ARN (console)
-
Open the Amazon KMS console at https://console.amazonaws.cn/kms
. -
To change the Amazon Web Services Region, use the Region selector in the upper-right corner of the page.
-
To view the keys in your account that you create and manage, in the navigation pane choose Customer managed keys. To view the keys in your account that Amazon creates and manages for you, in the navigation pane, choose Amazon managed keys.
-
To find the key ID for a KMS key, see the row that begins with the KMS key alias.
The Key ID column appears in the tables by default. If the Key ID column doesn't appear in your table, use the procedure described in Customizing your KMS key tables to restore it. You can also view the key ID of a KMS key on its details page.
-
To find the Amazon Resource Name (ARN) of the KMS key, choose the key ID or alias. The key ARN appears in the General Configuration section.
To find the key ID and key ARN (Amazon KMS API)
To find the key ID and key ARN of an Amazon KMS key, use the ListKeys operation. For examples in multiple programming languages, see Getting key IDs and ARNs and Get key IDs and ARNs.
The ListKeys response includes the key ID and key ARN for every KMS key in
the account and Region.
$aws kms list-keys{ "Keys": [ { "KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab", "KeyArn": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab" }, { "KeyId": "0987dcba-09fe-87dc-65ba-ab0987654321", "KeyArn": "arn:aws:kms:us-west-2:111122223333:key/0987dcba-09fe-87dc-65ba-ab0987654321" } ] }