Viewing HMAC KMS keys - Amazon Key Management Service
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China.

Viewing HMAC KMS keys

You can view HMAC KMS keys in the Amazon KMS console or by using the DescribeKey API. You can monitor the use of your HMAC KMS keys in Amazon CloudTrail logs and in Amazon CloudWatch. For basic instructions on viewing KMS keys, see Viewing keys.

You can distinguish HMAC KMS keys from other types of KMS keys by their key spec, which begins with HMAC, or their key usage, which is always Generate and verify MAC (GENERATE_VERIFY_MAC).

HMAC KMS keys are included in the table on the Customer managed keys page of the Amazon KMS console. However, you cannot sort or filter KMS keys by key spec or key usage. To make it easier to find your HMAC keys, assign them a distinctive alias or tag. Then you can sort or filter by the alias or tag.

On the key details page for a HMAC KMS key, you can find its configuration details on the Cryptographic configuration tab.