This topic describes the endpoints, protocols, HTTPS request methods, and request parameters of the Key Management Service (KMS) API.


The following table describes the endpoints of the KMS API.

Region RegionId Public endpoint VPC endpoint
Japan (Tokyo) ap-northeast-1
Singapore ap-southeast-1
Australia (Sydney) ap-southeast-2
Malaysia (Kuala Lumpur) ap-southeast-3
Indonesia (Jakarta) ap-southeast-5
India (Mumbai) ap-south-1
China (Hangzhou) cn-hangzhou
China (Shanghai) cn-shanghai
China (Qingdao) cn-qingdao
China (Beijing) cn-beijing
China (Zhangjiakou) cn-zhangjiakou
China (Hohhot) cn-huhehaote
China (Ulanqab) cn-wulanchabu
China (Shenzhen) cn-shenzhen
China (Heyuan) cn-heyuan
China (Guangzhou) cn-guangzhou
China (Chengdu) cn-chengdu
Germany (Frankfurt) eu-central-1
UK (London) eu-west-1
UAE (Dubai) me-east-1
China (Hong Kong) cn-hongkong
US (Virginia) us-east-1
US (Silicon Valley) us-west-1
China East 1 Finance cn-hangzhou-finance N/A
China East 2 Finance cn-shanghai-finance-1
China South 1 Finance cn-shenzhen-finance-1


You must call KMS API operations by sending HTTPS requests.

KMS does not support Secure Sockets Layer (SSL) 2.0 or SSL 3.0. KMS supports only Transport Layer Security (TLS) 1.0 and later.

Request methods

You can call KMS API operations by sending HTTPS POST and GET requests. The request parameters must be included in the request URL.

Request parameters

Each request must specify the operation to be performed. For example, to create a customer master key (CMK), you must set the Action parameter to CreateKey. Request parameters include common request parameters and operation-specific parameters.

For more information about common request parameters, see Common parameters.

Character encoding

All requests and responses are encoded in UTF-8.