Amazon KMS eventual consistency - Amazon Key Management Service
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Amazon KMS eventual consistency

The Amazon KMS API follows an eventual consistency model due to the distributed nature of the system. As a result, changes to Amazon KMS resources might not be immediately visible to the subsequent commands you run.

When you perform Amazon KMS API calls, there might be a brief delay before the change is available throughout Amazon KMS. It typically takes less than a few seconds for the change to propagate throughout the system, but in some cases it can take several minutes. You might get unexpected errors, such as a NotFoundException or an InvalidStateException, during this time. For example, Amazon KMS might return a NotFoundException if you call GetParametersForImport immediately after calling CreateKey.

We recommend that you configure a retry strategy on your Amazon KMS clients to automatically retry operations after a brief waiting period. For more information, see Retry behavior in the Amazon SDKs and Tools Reference Guide.

For grant related API calls, you can use a grant token to avoid any potential delay and use the permissions in a grant immediately. For more information, see Eventual consistency (for grants).