References - Amazon Key Management Service
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China.


The following references provide useful information about using and managing KMS keys.

  • Key type reference. Lists the type of KMS key that supports each Amazon KMS API operation.

    To find: Can I enable and disable an RSA signing KMS key?

  • Key state table. Shows how the key state of a KMS key affects its use in Amazon KMS API operations.

    To find: Can I change the alias of a KMS key that is pending deletion?

  • Amazon KMS API permissions reference. Provides information about the permissions required for each Amazon KMS API operation.

    To find: Can I run GetKeyPolicy on a key in a different Amazon account? Can I allow kms:Decrypt permission in an IAM policy?

    • ViaService reference. Lists the Amazon services that support the kms:ViaService condition key.

      To find: Can I use the kms:ViaService condition key to allow a permission only when it comes from Amazon ElastiCache? What about Amazon Neptune?

  • Amazon KMS pricing. Lists and explains the price of KMS keys.

    To find: How much does it cost to use my asymmetric keys?

  • Amazon KMS request quotas. Lists the per-second quotas for Amazon KMS API requests in each account and Region.

    To find: How many Decrypt requests can I run in each second? How many Decrypt requests can I run on KMS keys in my custom key store?

  • Amazon KMS resource quotas. Lists the quotas on Amazon KMS resources.

    To find: How many KMS key can I have in each Region of my account? How many aliases can I have on each KMS key?

  • Amazon services integrated with Amazon KMS. Lists the Amazon services that use KMS keys to protect the resources that they create, store, and manage.

    To find: Does Amazon Connect use KMS keys to protect my Connect resources?