Dual-stack endpoint support
Amazon KMS provides a dual-stack public endpoint that supports both IPv4 and IPv6 clients. A dual-stack endpoint enables clients to communicate with Amazon KMS using either IPv4 or IPv6 addresses. For more information on the Amazon KMS endpoints, see Amazon Key Management Service endpoints and quotas.
The Amazon KMS dual-stack public endpoint at
https://kms.
supports both IPv4
and IPv6 clients. Amazon KMS is also privately accessible over IPv4 and IPv6 from your virtual
private cloud (VPC) using Amazon PrivateLink. For more information about creating private interface
VPC endpoints for Amazon KMS, see Connect to Amazon KMS through a VPC endpoint.your-region
.api.aws
For more information about IPv6 addressing for your VPCs, see How Amazon VPC works in the Amazon Virtual Private Cloud User Guide. For more information about how to configure your VPC for dual-stack mode, see IP addressing for your VPCs and subnets in the Amazon Virtual Private Cloud User Guide.
Features not available over IPv6
Amazon KMS cannot communicate over IPv6 with Amazon CloudHSM key stores or External key stores. This limitation does not prevent you from calling Amazon KMS APIs over IPv6.