CINXE.COM

Create a KMS key - AWS Key Management Service

<!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml" lang="en-US"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Create a KMS key - AWS Key Management Service</title><meta name="viewport" content="width=device-width,initial-scale=1" /><meta name="assets_root" content="/assets" /><meta name="target_state" content="create-keys" /><meta name="default_state" content="create-keys" /><link rel="icon" type="image/ico" href="/assets/images/favicon.ico" /><link rel="shortcut icon" type="image/ico" href="/assets/images/favicon.ico" /><link rel="canonical" href="https://docs.aws.amazon.com/kms/latest/developerguide/create-keys.html" /><meta name="description" content="You can create AWS KMS keys in the AWS Management Console, or by using the CreateKey operation or the AWS::KMS::Key AWS CloudFormation resource . During this process, you set the key policy for the KMS key, which you can change at any time. You also select the following values that define the type of KMS key that you create. You cannot change these properties after the KMS key is created." /><meta name="deployment_region" content="IAD" /><meta name="product" content="AWS Key Management Service" /><meta name="guide" content="Developer Guide" /><meta name="abstract" content="Learn how to use AWS Key Management Service (AWS KMS) to securely store and manage encryption keys and perform encryption and decryption of user data." /><meta name="guide-locale" content="en_us" /><meta name="tocs" content="toc-contents.json" /><link rel="canonical" href="https://docs.aws.amazon.com/kms/latest/developerguide/create-keys.html" /><link rel="alternative" href="https://docs.aws.amazon.com/id_id/kms/latest/developerguide/create-keys.html" hreflang="id-id" /><link rel="alternative" href="https://docs.aws.amazon.com/id_id/kms/latest/developerguide/create-keys.html" hreflang="id" /><link rel="alternative" href="https://docs.aws.amazon.com/de_de/kms/latest/developerguide/create-keys.html" hreflang="de-de" /><link rel="alternative" href="https://docs.aws.amazon.com/de_de/kms/latest/developerguide/create-keys.html" hreflang="de" /><link rel="alternative" href="https://docs.aws.amazon.com/kms/latest/developerguide/create-keys.html" hreflang="en-us" /><link rel="alternative" href="https://docs.aws.amazon.com/kms/latest/developerguide/create-keys.html" hreflang="en" /><link rel="alternative" href="https://docs.aws.amazon.com/es_es/kms/latest/developerguide/create-keys.html" hreflang="es-es" /><link rel="alternative" href="https://docs.aws.amazon.com/es_es/kms/latest/developerguide/create-keys.html" hreflang="es" /><link rel="alternative" href="https://docs.aws.amazon.com/fr_fr/kms/latest/developerguide/create-keys.html" hreflang="fr-fr" /><link rel="alternative" href="https://docs.aws.amazon.com/fr_fr/kms/latest/developerguide/create-keys.html" hreflang="fr" /><link rel="alternative" href="https://docs.aws.amazon.com/it_it/kms/latest/developerguide/create-keys.html" hreflang="it-it" /><link rel="alternative" href="https://docs.aws.amazon.com/it_it/kms/latest/developerguide/create-keys.html" hreflang="it" /><link rel="alternative" href="https://docs.aws.amazon.com/ja_jp/kms/latest/developerguide/create-keys.html" hreflang="ja-jp" /><link rel="alternative" href="https://docs.aws.amazon.com/ja_jp/kms/latest/developerguide/create-keys.html" hreflang="ja" /><link rel="alternative" href="https://docs.aws.amazon.com/ko_kr/kms/latest/developerguide/create-keys.html" hreflang="ko-kr" /><link rel="alternative" href="https://docs.aws.amazon.com/ko_kr/kms/latest/developerguide/create-keys.html" hreflang="ko" /><link rel="alternative" href="https://docs.aws.amazon.com/pt_br/kms/latest/developerguide/create-keys.html" hreflang="pt-br" /><link rel="alternative" href="https://docs.aws.amazon.com/pt_br/kms/latest/developerguide/create-keys.html" hreflang="pt" /><link rel="alternative" href="https://docs.aws.amazon.com/zh_cn/kms/latest/developerguide/create-keys.html" hreflang="zh-cn" /><link rel="alternative" href="https://docs.aws.amazon.com/zh_tw/kms/latest/developerguide/create-keys.html" hreflang="zh-tw" /><link rel="alternative" href="https://docs.aws.amazon.com/kms/latest/developerguide/create-keys.html" hreflang="x-default" /><meta name="feedback-item" content="Key Management Service (KMS)" /><meta name="this_doc_product" content="AWS Key Management Service" /><meta name="this_doc_guide" content="Developer Guide" /><script defer="" src="/assets/r/vendor4.js?version=2021.12.02"></script><script defer="" src="/assets/r/vendor3.js?version=2021.12.02"></script><script defer="" src="/assets/r/vendor1.js?version=2021.12.02"></script><script defer="" src="/assets/r/awsdocs-common.js?version=2021.12.02"></script><script defer="" src="/assets/r/awsdocs-doc-page.js?version=2021.12.02"></script><link href="/assets/r/vendor4.css?version=2021.12.02" rel="stylesheet" /><link href="/assets/r/awsdocs-common.css?version=2021.12.02" rel="stylesheet" /><link href="/assets/r/awsdocs-doc-page.css?version=2021.12.02" rel="stylesheet" /><script async="" id="awsc-panorama-bundle" type="text/javascript" src="https://prod.pa.cdn.uis.awsstatic.com/panorama-nav-init.js" data-config="{'appEntity':'aws-documentation','region':'us-east-1','service':'kms'}"></script><meta id="panorama-serviceSubSection" value="Developer Guide" /><meta id="panorama-serviceConsolePage" value="Create a KMS key" /></head><body class="awsdocs awsui"><div class="awsdocs-container"><awsdocs-header></awsdocs-header><awsui-app-layout id="app-layout" class="awsui-util-no-gutters" ng-controller="ContentController as $ctrl" header-selector="awsdocs-header" navigation-hide="false" navigation-width="$ctrl.navWidth" navigation-open="$ctrl.navOpen" navigation-change="$ctrl.onNavChange($event)" tools-hide="$ctrl.hideTools" tools-width="$ctrl.toolsWidth" tools-open="$ctrl.toolsOpen" tools-change="$ctrl.onToolsChange($event)"><div id="guide-toc" dom-region="navigation"><awsdocs-toc></awsdocs-toc></div><div id="main-column" dom-region="content" tabindex="-1"><awsdocs-view class="awsdocs-view"><div id="awsdocs-content"><head><title>Create a KMS key - AWS Key Management Service</title><meta name="pdf" content="/pdfs/kms/latest/developerguide/kms-dg.pdf#create-keys" /><meta name="rss" content="aws-kms-document-history.rss" /><meta name="forums" content="https://repost.aws/tags/TAMC3vcPOPTF-rPAHZVRj1PQ" /><meta name="feedback" content="https://docs.aws.amazon.com/forms/aws-doc-feedback?hidden_service_name=Key%20Management%20Service%20%28KMS%29&amp;topic_url=https://docs.aws.amazon.com/en_us/kms/latest/developerguide/create-keys.html" /><meta name="feedback-yes" content="feedbackyes.html?topic_url=https://docs.aws.amazon.com/en_us/kms/latest/developerguide/create-keys.html" /><meta name="feedback-no" content="feedbackno.html?topic_url=https://docs.aws.amazon.com/en_us/kms/latest/developerguide/create-keys.html" /><meta name="keywords" content="KMS,key management service,encryption key management,encryption key,,envelope encryption" /><script type="application/ld+json"> { "@context" : "https://schema.org", "@type" : "BreadcrumbList", "itemListElement" : [ { "@type" : "ListItem", "position" : 1, "name" : "AWS", "item" : "https://aws.amazon.com" }, { "@type" : "ListItem", "position" : 2, "name" : "AWS KMS", "item" : "https://docs.aws.amazon.com/kms/index.html" }, { "@type" : "ListItem", "position" : 3, "name" : "Developer Guide", "item" : "https://docs.aws.amazon.com/kms/latest/developerguide" }, { "@type" : "ListItem", "position" : 4, "name" : "Create a KMS key", "item" : "https://docs.aws.amazon.com/kms/latest/developerguide/create-keys.html" } ] } </script></head><body><div id="main"><div style="display: none"><a href="/pdfs/kms/latest/developerguide/kms-dg.pdf#create-keys" target="_blank" rel="noopener noreferrer" title="Open PDF"></a></div><div id="breadcrumbs" class="breadcrumb"><a href="https://aws.amazon.com">AWS</a><a href="/index.html">Documentation</a><a href="/kms/index.html">AWS KMS</a><a href="overview.html">Developer Guide</a></div><div id="page-toc-src"><a href="#create-key-permissions">Permissions for creating KMS keys</a><a href="#symm-asymm-choose">Choosing what type of KMS key to create</a></div><div id="main-content" class="awsui-util-container"><div id="main-col-body"><awsdocs-language-banner data-service="$ctrl.pageService"></awsdocs-language-banner><h1 class="topictitle" id="create-keys">Create a KMS key</h1><div class="awsdocs-page-header-container"><awsdocs-page-header></awsdocs-page-header><awsdocs-filter-selector id="awsdocs-filter-selector"></awsdocs-filter-selector></div><p>You can create AWS KMS keys in the AWS Management Console, or by using the <a href="https://docs.aws.amazon.com/kms/latest/APIReference/API_CreateKey.html">CreateKey</a> operation or the <a href="https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-kms-key.html">AWS::KMS::Key AWS CloudFormation resource</a>. During this process, you set the key policy for the KMS key, which you can change at any time. You also select the following values that define the type of KMS key that you create. You cannot change these properties after the KMS key is created. </p><div class="variablelist"> <dl> <dt><b><span class="term">KMS key type</span></b></dt> <dd> <p><em>Key type</em> is a property that determines what type of cryptographic key is created. AWS KMS offers three key types to protect data:</p> <div class="itemizedlist"> <ul class="itemizedlist"><li class="listitem"> <p>Advanced Encryption Standard (AES) symmetric keys</p> <p>256-bit keys that are used under the Galois Counter Mode (GCM) mode of AES to provide authenticated encryption/decryption of data under 4KB in size. This is the most common type of key and is used to protect other data encryption keys used in your applications and by AWS services that encrypt your data on your behalf.</p> </li><li class="listitem"> <p>RSA, elliptic curve, or SM2 (China Regions only) asymmetric keys</p> <p>These keys are available in various sizes and support many algorithms. They can be used for encryption and decryption, sign and verify, or derive shared secrets operations depending on the algorithm choice.</p> </li><li class="listitem"> <p>Symmetric keys for performing hash-based message authentication codes (HMAC) operations</p> <p>These keys are 256-bit keys used for sign and verify operations.</p> <p>KMS keys cannot be exported from the service in plaintext. They are generated by and can only be used within the hardware security modules (HSMs) used by the service. This is the foundational security property of AWS KMS to ensure that keys are not compromised.</p> </li></ul></div> </dd> <dt><b><span class="term"><div id="key-usage" xreflabel="Key usage"></div>Key usage</span></b></dt> <dd> <p><em>Key usage</em> is a property that determines the cryptographic operations the key supports. KMS keys can have a key usage of <code class="code">ENCRYPT_DECRYPT</code>, <code class="code">SIGN_VERIFY</code>, <code class="code">GENERATE_VERIFY_MAC</code>, or <code class="code">KEY_AGREEMENT</code>. Each KMS key can have only one key usage. Using a KMS key for more than one type of operation makes the product of both operations more vulnerable to attack.</p> </dd> <dt><b><span class="term"><div id="key-spec" xreflabel="Key spec"></div>Key spec</span></b></dt> <dd> <p><em>Key spec</em> is a property that represents the cryptographic configuration of a key. The meaning of the key spec differs with the key type.</p> <p>For KMS keys, the <em>key spec</em> determines whether the KMS key is symmetric or asymmetric. It also determines the type of its key material, and the algorithms it supports.</p> <p>The default key spec, <a href="./symm-asymm-choose-key-spec.html#symmetric-cmks">SYMMETRIC_DEFAULT</a>, represents a 256-bit symmetric encryption key. For a detailed description of all supported key specs, see <a href="./symm-asymm-choose-key-spec.html">Key spec reference</a>.</p> </dd> <dt><b><span class="term"><div id="key-origin" xreflabel="Key origin"></div>Key material origin</span></b></dt> <dd> <p><em>Key material origin</em> is a KMS key property that identifies the source of the key material in the KMS key. You choose the key material origin when you create the KMS key, and you cannot change it. The source of the key material affects the security, durability, availability, latency, and throughput characteristics of the KMS key. </p> <p>Each KMS key includes a reference to its key material in its metadata. The key material origin of symmetric encryption KMS keys can vary. You can use key material that AWS KMS generates, key material that is generated in a <a href="./key-store-overview.html#custom-key-store-overview">custom key store</a>, or <a href="./importing-keys.html">import your own key material</a>. </p> <p>By default, each KMS key has unique key material. However, you can create a set of <a href="./multi-region-keys-overview.html">multi-Region keys</a> with the same key material.</p> <p>KMS keys can have one of the following key material origin values: <code class="code">AWS_KMS</code>, <code class="code">EXTERNAL</code> (<a href="./importing-keys.html">imported key material</a>), <code class="code">AWS_CLOUDHSM</code> (<a href="./keystore-cloudhsm.html">KMS key in a AWS CloudHSM key store</a>), or <code class="code">EXTERNAL_KEY_STORE</code> (<a href="./keystore-external.html">KMS key in an external key store</a>).</p> </dd> </dl></div><div class="highlights"><h6>Topics</h6><ul><li><a href="#create-key-permissions">Permissions for creating KMS keys</a></li><li><a href="#symm-asymm-choose">Choosing what type of KMS key to create</a></li><li><a href="./create-symmetric-cmk.html">Create a symmetric encryption KMS key</a></li><li><a href="./asymm-create-key.html">Create an asymmetric KMS key</a></li><li><a href="./hmac-create-key.html">Create an HMAC KMS key</a></li><li><a href="./create-primary-keys.html">Create multi-Region primary keys</a></li><li><a href="./multi-region-keys-replicate.html">Create multi-Region replica keys</a></li><li><a href="./importing-keys-conceptual.html">Create a KMS key with imported key material</a></li><li><a href="./create-cmk-keystore.html">Create a KMS key in an AWS CloudHSM key store</a></li><li><a href="./create-xks-keys.html">Create a KMS key in external key stores</a></li></ul></div> <h2 id="create-key-permissions">Permissions for creating KMS keys</h2> <p>To create a KMS key in the console or by using the APIs, you must have the following permission in an IAM policy. Whenever possible, use <a href="./policy-conditions.html">condition keys</a> to limit the permissions. For example, you can use the <a href="./conditions-kms.html#conditions-kms-key-spec">kms:KeySpec</a> condition key in an IAM policy to allow principals to create only symmetric encryption keys.</p> <p>For an example of an IAM policy for principals who create keys, see <a href="./customer-managed-policies.html#iam-policy-example-create-key">Allow a user to create KMS keys</a>.</p> <div class="awsdocs-note"><div class="awsdocs-note-title"><awsui-icon name="status-info" variant="link"></awsui-icon><h6>Note</h6></div><div class="awsdocs-note-text"><p>Be cautious when giving principals permission to manage tags and aliases. Changing a tag or alias can allow or deny permission to the customer managed key. For details, see <a href="./abac.html">ABAC for AWS KMS</a>.</p></div></div> <div class="itemizedlist"> <ul class="itemizedlist"><li class="listitem"> <p><a href="https://docs.aws.amazon.com/kms/latest/APIReference/API_CreateKey.html">kms:CreateKey</a> is required. </p> </li><li class="listitem"> <p><a href="https://docs.aws.amazon.com/kms/latest/APIReference/API_CreateAlias.html">kms:CreateAlias</a> is required to create a KMS key in the console where an alias is required for every new KMS key.</p> </li><li class="listitem"> <p><a href="https://docs.aws.amazon.com/kms/latest/APIReference/API_TagResource.html">kms:TagResource</a> is required to add tags while creating the KMS key.</p> </li><li class="listitem"> <p><a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateServiceLinkedRole.html">iam:CreateServiceLinkedRole</a> is required to create multi-Region primary keys. For details, see <a href="./multi-region-keys-auth.html">Control access to multi-Region keys</a>.</p> </li></ul></div> <p>The <a href="https://docs.aws.amazon.com/kms/latest/APIReference/API_PutKeyPolicy.html">kms:PutKeyPolicy</a> permission is not required to create the KMS key. The <code class="code">kms:CreateKey</code> permission includes permission to set the initial key policy. But you must add this permission to the key policy while creating the KMS key to ensure that you can control access to the KMS key. The alternative is using the <a href="https://docs.aws.amazon.com/kms/latest/APIReference/API_CreateKey.html#KMS-CreateKey-request-BypassPolicyLockoutSafetyCheck">BypassLockoutSafetyCheck</a> parameter, which is not recommended.</p> <p>KMS keys belong to the AWS account in which they were created. The IAM user who creates a KMS key is not considered to be the key owner and they don't automatically have permission to use or manage the KMS key that they created. Like any other principal, the key creator needs to get permission through a key policy, IAM policy, or grant. However, principals who have the <code class="code">kms:CreateKey</code> permission can set the initial key policy and give themselves permission to use or manage the key.</p> <h2 id="symm-asymm-choose">Choosing what type of KMS key to create</h2> <p>The type of KMS key that you create depends largely on how you plan to <em>use</em> the KMS key, your security requirements, and your authorization requirements. The key type and key usage of a KMS key determine what cryptographic operations the key can perform. Each KMS key has only one key usage. Using a KMS key for more than one type of operation makes the product of all operations more vulnerable to attack.</p> <p>To allow principals to create KMS keys only for a particular key usage, use the <a href="./conditions-kms.html#conditions-kms-key-usage">kms:KeyUsage</a> condition key. You can also use the <code class="code">kms:KeyUsage</code> condition key to allow principals to call API operations for a KMS key based on its key usage. For example, you can allow permission to disable a KMS key only if its key usage is SIGN_VERIFY. </p> <p>Use the following guidance to determine which type of KMS key you need based on your use case.</p> <div class="variablelist"> <dl> <dt><b><span class="term">Encrypt and decrypt data</span></b></dt> <dd> <p>Use a <a href="./symm-asymm-choose-key-spec.html#symmetric-cmks">symmetric KMS key</a> for most use cases that require encrypting and decrypting data. The symmetric encryption algorithm that AWS KMS uses is fast, efficient, and assures the confidentiality and authenticity of data. It supports authenticated encryption with additional authenticated data (AAD), defined as an <a href="./encrypt_context.html">encryption context</a>. This type of KMS key requires both the sender and recipient of encrypted data to have valid AWS credentials to call AWS KMS.</p> <p>If your use case requires encryption outside of AWS by users who cannot call AWS KMS, <a href="./symmetric-asymmetric.html">asymmetric KMS keys</a> are a good choice. You can distribute the public key of the asymmetric KMS key to allow these users to encrypt data. And your applications that need to decrypt that data can use the private key of the asymmetric KMS key within AWS KMS.</p> </dd> <dt><b><span class="term">Sign messages and verify signatures</span></b></dt> <dd> <p>To sign messages and verify signatures, you must use an <a href="./symmetric-asymmetric.html">asymmetric KMS key</a>. You can use a KMS key with a <a href="./symm-asymm-choose-key-spec.html">key spec</a> that represents an RSA key pair, an elliptic curve (ECC) key pair, or an SM2 key pair (China Regions only). The key spec you choose is determined by the signing algorithm that you want to use. The ECDSA signing algorithms that ECC key pairs support are recommended over the RSA signing algorithms. However, you might need to use a particular key spec and signing algorithm to support users who verify signatures outside of AWS.</p> </dd> <dt><b><span class="term">Encrypt with asymmetric key pairs</span></b></dt> <dd> <p>To encrypt data with an asymmetric key pair, you must use an <a href="./symmetric-asymmetric.html">asymmetric KMS key</a> with an <a href="./symm-asymm-choose-key-spec.html#key-spec-rsa-encryption">RSA key spec</a> or an <a href="./symm-asymm-choose-key-spec.html#key-spec-sm">SM2 key spec</a> (China Regions only). To encrypt data in AWS KMS with the public key of a KMS key pair, use the <a href="https://docs.aws.amazon.com/kms/latest/APIReference/API_Encrypt.html">Encrypt</a> operation. You can also <a href="./download-public-key.html">download the public key</a> and share it with the parties that need to encrypt data outside of AWS KMS.</p> <p>When you download the public key of an asymmetric KMS key, you can use it outside of AWS KMS. But it is no longer subject to the security controls that protect the KMS key in AWS KMS. For example, you cannot use AWS KMS key policies or grants to control use of the public key. Nor can you control whether the key is used only for encryption and decryption using the encryption algorithms that AWS KMS supports. For more details, see <a href="./offline-public-key.html#download-public-key-considerations">Special Considerations for Downloading Public Keys</a>.</p> <p>To decrypt data that was encrypted with the public key outside of AWS KMS, call the <a href="https://docs.aws.amazon.com/kms/latest/APIReference/API_Decrypt.html">Decrypt</a> operation. The <code class="code">Decrypt</code> operation fails if the data was encrypted under a public key from a KMS key with a key usage of <code class="code">SIGN_VERIFY</code>. It will also fail if it was encrypted by using an algorithm that AWS KMS does not support for the key spec you selected. For more information on key specs and supported algorithms, see <a href="./symm-asymm-choose-key-spec.html">Key spec reference</a>.</p> <p>To avoid these errors, anyone using a public key outside of AWS KMS must store the key configuration. The AWS KMS console and the <a href="https://docs.aws.amazon.com/kms/latest/APIReference/API_GetPublicKey.html">GetPublicKey</a> response provide the information that you must include when you share the public key.</p> </dd> <dt><b><span class="term">Derive shared secrets</span></b></dt> <dd> <p>To derive shared secrets, use a KMS key with <a href="./symm-asymm-choose-key-spec.html#key-spec-ecc">NIST-recommended elliptic curve</a> or <a href="./symm-asymm-choose-key-spec.html#key-spec-sm">SM2</a> (China Regions only) key material. AWS KMS uses the <a href="https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Ar3.pdf#page=60" rel="noopener noreferrer" target="_blank"><span>Elliptic Curve Cryptography Cofactor Diffie-Hellman Primitive</span><awsui-icon class="awsdocs-link-icon" name="external"></awsui-icon></a> (ECDH) to establish a key agreement between two peers by deriving a shared secret from their elliptic curve public-private key pairs. You can use the raw shared secret that the <a href="https://docs.aws.amazon.com/kms/latest/APIReference/API_DeriveSharedSecret.html"> DeriveSharedSecret</a> operation returns to derive a symmetric key that can encrypt and decrypt data that is sent between two parties, or generate and verify HMACs. AWS KMS recommends that you follow <a href="https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Cr2.pdf" rel="noopener noreferrer" target="_blank"><span>NIST recommendations for key derivation</span><awsui-icon class="awsdocs-link-icon" name="external"></awsui-icon></a> when using the raw shared secret to derive a symmetric key.</p> </dd> <dt><b><span class="term">Generate and verify HMAC codes</span></b></dt> <dd> <p>To generate and verify hash-based message authentication codes, use an HMAC KMS key. When you create an HMAC key in AWS KMS, AWS KMS creates and protects your key material and ensures that you use the correct MAC algorithms for your key. HMAC codes can also be used as pseudo-random numbers, and in certain scenarios for symmetric signing and tokenizing.</p> <p>HMAC KMS keys are symmetric keys. When creating an HMAC KMS key in the AWS KMS console, choose the <code class="code">Symmetric</code> key type.</p> </dd> <dt id="cmks-aws-service"><b><span class="term">Use with AWS services</span></b></dt> <dd> <p>To create a KMS key for use with an <a href="./service-integration.html">AWS service that is integrated with AWS KMS</a>, consult the documentation for the service. AWS services that encrypt your data require a <a href="./symm-asymm-choose-key-spec.html#symmetric-cmks">symmetric encryption KMS key</a>.</p> </dd> </dl></div> <p>In addition to these considerations, cryptographic operations on KMS keys with different key specs have different prices and different request quotas. For information about AWS KMS pricing, see <a href="https://aws.amazon.com/kms/pricing/" rel="noopener noreferrer" target="_blank"><span>AWS Key Management Service Pricing</span><awsui-icon class="awsdocs-link-icon" name="external"></awsui-icon></a>. For information about request quotas, see <a href="./requests-per-second.html">Request quotas</a>.</p> <awsdocs-copyright class="copyright-print"></awsdocs-copyright><awsdocs-thumb-feedback right-edge="{{$ctrl.thumbFeedbackRightEdge}}"></awsdocs-thumb-feedback></div><noscript><div><div><div><div id="js_error_message"><p><img src="https://d1ge0kk1l5kms0.cloudfront.net/images/G/01/webservices/console/warning.png" alt="Warning" /> <strong>Javascript is disabled or is unavailable in your browser.</strong></p><p>To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.</p></div></div></div></div></noscript><div id="main-col-footer" class="awsui-util-font-size-0"><div id="doc-conventions"><a target="_top" href="/general/latest/gr/docconventions.html">Document Conventions</a></div><div class="prev-next"><div id="previous" class="prev-link" accesskey="p" href="./access-glossary.html">Glossary</div><div id="next" class="next-link" accesskey="n" href="./create-symmetric-cmk.html">Create a symmetric encryption KMS key</div></div></div><awsdocs-page-utilities></awsdocs-page-utilities></div><div id="quick-feedback-yes" style="display: none;"><div class="title">Did this page help you? - Yes</div><div class="content"><p>Thanks for letting us know we're doing a good job!</p><p>If you've got a moment, please tell us what we did right so we can do more of it.</p><p><awsui-button id="fblink" rel="noopener noreferrer" target="_blank" text="Feedback" click="linkClick($event)" href="https://docs.aws.amazon.com/forms/aws-doc-feedback?hidden_service_name=Key Management Service (KMS)&amp;topic_url=https://docs.aws.amazon.com/en_us/kms/latest/developerguide/create-keys.html"></awsui-button></p></div></div><div id="quick-feedback-no" style="display: none;"><div class="title">Did this page help you? - No</div><div class="content"><p>Thanks for letting us know this page needs work. We're sorry we let you down.</p><p>If you've got a moment, please tell us how we can make the documentation better.</p><p><awsui-button id="fblink" rel="noopener noreferrer" target="_blank" text="Feedback" click="linkClick($event)" href="https://docs.aws.amazon.com/forms/aws-doc-feedback?hidden_service_name=Key Management Service (KMS)&amp;topic_url=https://docs.aws.amazon.com/en_us/kms/latest/developerguide/create-keys.html"></awsui-button></p></div></div></div></body></div></awsdocs-view><div class="page-loading-indicator" id="page-loading-indicator"><awsui-spinner size="large"></awsui-spinner></div></div><div id="tools-panel" dom-region="tools"><awsdocs-tools-panel id="awsdocs-tools-panel"></awsdocs-tools-panel></div></awsui-app-layout><awsdocs-cookie-banner class="doc-cookie-banner"></awsdocs-cookie-banner></div></body></html>

Pages: 1 2 3 4 5 6 7 8 9 10