# Throttling Amazon KMS requests
<a name="throttling"></a>

To ensure that Amazon KMS can provide fast and reliable responses to API requests from all customers, it throttles API requests that exceed certain boundaries. 

*Throttling* occurs when Amazon KMS rejects a request that might otherwise be valid, and returns a `ThrottlingException` error like the following one. 

```
You have exceeded the rate at which you may call KMS. Reduce the frequency of your calls. 
(Service: AWSKMS; Status Code: 400; Error Code: ThrottlingException; Request ID: <ID>
```

Amazon KMS throttles requests for the following conditions.
+ The rate of requests per second exceeds the Amazon KMS [request quota](requests-per-second.md) for an account and Region. 

  For example, if users in your account submit 1000 `DescribeKey` requests in a second, Amazon KMS throttles all subsequent `DescribeKey` requests in that second.

  To respond to throttling, use a [backoff and retry strategy](https://docs.aws.amazon.com/general/latest/gr/api-retries.html). This strategy is implemented automatically for HTTP 400 errors in some Amazon SDKs.
+ A burst or sustained high rate of requests to change the state of the same KMS key. This condition is often known as a "hot key."

  For example, if an application in your account sends a persistent volley of `EnableKey` and `DisableKey` requests for the same KMS key, Amazon KMS throttles the requests. This throttling occurs even if the requests don't exceed the request-per-second request limit for the `EnableKey` and `DisableKey` operations.

  To respond to throttling, adjust your application logic so it makes only required requests or it consolidates the requests of multiple functions. 
+ Requests for operations on KMS keys in a [Amazon CloudHSM key store](requests-per-second.md#rps-key-stores) might be throttled at a lower-than-expected rate when the Amazon CloudHSM cluster associated with the Amazon CloudHSM key store is processing numerous commands, including those unrelated to the Amazon CloudHSM key store.

  (Amazon KMS no longer throttles requests for operations on KMS keys in a Amazon CloudHSM key store when there are no available PKCS \$111 sessions for the Amazon CloudHSM cluster. Instead, it throws a `KMSInternalException` and recommends that you retry your request.)

To view trends in your request rates, use the [Service Quotas console](https://console.aws.amazon.com/servicequotas). You can also create an [Amazon CloudWatch](https://docs.amazonaws.cn/AmazonCloudWatch/latest/DeveloperGuide/) alarm that alerts you when your request rate reaches a certain percentage of a quota value. For details, see [Manage your Amazon KMS API request rates using Service Quotas and Amazon CloudWatch](https://amazonaws-china.com/blogs/security/manage-your-aws-kms-api-request-rates-using-service-quotas-and-amazon-cloudwatch/) in the *Amazon Security Blog*.

All Amazon KMS quotas are adjustable, except for the [on-demand rotation resource quota](resource-limits.md#on-demand-rotation-resource-quota) and the [Amazon CloudHSM key store request quota](requests-per-second.md#rps-key-stores). To request a quota increase, see [Requesting a quota increase](https://docs.amazonaws.cn/servicequotas/latest/userguide/request-increase.html) in the *Service Quotas User Guide*. To request a quota decrease, to change a quota that is not listed in Service Quotas, or to change a quota in an Amazon Web Services Region where Service Quotas for Amazon KMS is not available, please visit [Amazon Web Services Support Center](https://console.amazonaws.cn/support/home) and create a case. 

**Note**  
Amazon KMS [custom key store request quotas](requests-per-second.md#rps-key-stores) do not appear in the Service Quotas console. You cannot view or manage these quotas by using Service Quotas API operations.