Find the key ID and key ARN - Amazon Key Management Service
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Find the key ID and key ARN

To identify an Amazon KMS key, you can use the key ID or the Amazon Resource Name (key ARN). In cryptographic operations, you can also use the alias name or alias ARN.

You can use the Amazon KMS console or the ListKeys operation to identify the key ID and key ARN of each KMS key in your account and Region.

For detailed information about the KMS key identifiers supported by Amazon KMS, see Key identifiers (KeyId). For help finding an alias name and alias ARN, see Find the alias name and alias ARN for a KMS key.

  1. Open the Amazon KMS console at https://console.amazonaws.cn/kms.

  2. To change the Amazon Web Services Region, use the Region selector in the upper-right corner of the page.

  3. To view the keys in your account that you create and manage, in the navigation pane choose Customer managed keys. To view the keys in your account that Amazon creates and manages for you, in the navigation pane, choose Amazon managed keys.

  4. To find the key ID for a KMS key, see the row that begins with the KMS key alias.

    The Key ID column appears in the tables by default. If the Key ID column doesn't appear in your table, use the procedure described in Customize your console view to restore it. You can also view the key ID of a KMS key on its details page.

    Customer managed keys table showing Key ID for a single key-test alias.
  5. To find the Amazon Resource Name (ARN) of the KMS key, choose the key ID or alias. The key ARN appears in the General Configuration section.

    General configuration section showing key alias, status, and ARN details.

To find the key ID and key ARN of an Amazon KMS key, use the ListKeys operation.

The ListKeys operation returns the key ID and Amazon Resource Name (ARN) of all KMS keys in the caller's account and Region.

For example, this call to the ListKeys operation returns the ID and ARN of each KMS key in this fictitious account. For examples in multiple programming languages, see Use ListKeys with an Amazon SDK or CLI.

$ aws kms list-keys { "Keys": [ { "KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab", "KeyArn": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab" }, { "KeyId": "0987dcba-09fe-87dc-65ba-ab0987654321", "KeyArn": "arn:aws:kms:us-west-2:111122223333:key/0987dcba-09fe-87dc-65ba-ab0987654321" } ] }