Create a VPC endpoint for Amazon KMS

You can create a VPC endpoint for Amazon KMS by using the Amazon VPC console or the Amazon VPC API. Follow the procedures to Create an interface endpoint using one of the following values.

To create a VPC endpoint for Amazon KMS, use the following service name:
```
com.amazonaws.region.kms
```
For example, in the US West (Oregon) Region (us-west-2), the service name would be:
```
com.amazonaws.us-west-2.kms
```
To create a VPC endpoint that connects to an Amazon KMS FIPS endpoint, use the following service name:
```
com.amazonaws.region.kms-fips
```
For example, in the US West (Oregon) Region (us-west-2), the service name would be:
```
com.amazonaws.us-west-2.kms-fips
```

To make it easier to use the VPC endpoint, you can enable a private DNS name for your VPC endpoint. If you select the Enable DNS Name option, the standard Amazon KMS DNS hostname resolves to your VPC endpoint. For example, https://kms.us-west-2.amazonaws.com would resolve to a VPC endpoint connected to service name com.amazonaws.us-west-2.kms.

This option makes it easier to use the VPC endpoint. The Amazon SDKs and Amazon CLI use the standard Amazon KMS DNS hostname by default, so you do not need to specify the VPC endpoint URL in applications and commands.

For more information, see Accessing a service through an interface endpoint in the Amazon PrivateLink Guide.

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Connect to Amazon KMS through a VPC endpoint

Connect to a VPC endpoint