Dual-stack endpoint support - Amazon Key Management Service
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Dual-stack endpoint support

Amazon KMS provides a dual-stack public endpoint that supports both IPv4 and IPv6 clients. A dual-stack endpoint enables clients to communicate with Amazon KMS using either IPv4 or IPv6 addresses. For more information on the Amazon KMS endpoints, see Amazon Key Management Service endpoints and quotas.

The Amazon KMS dual-stack public endpoint at https://kms.your-region.api.aws supports both IPv4 and IPv6 clients. Amazon KMS is also privately accessible over IPv4 and IPv6 from your virtual private cloud (VPC) using Amazon PrivateLink. For more information about creating private interface VPC endpoints for Amazon KMS, see Connect to Amazon KMS through a VPC endpoint.

For more information about IPv6 addressing for your VPCs, see How Amazon VPC works in the Amazon Virtual Private Cloud User Guide. For more information about how to configure your VPC for dual-stack mode, see IP addressing for your VPCs and subnets in the Amazon Virtual Private Cloud User Guide.

Features not available over IPv6

Amazon KMS cannot communicate over IPv6 with Amazon CloudHSM key stores or External key stores. This limitation does not prevent you from calling Amazon KMS APIs over IPv6.