AWS Security ChangesHomeSearch

AWS general documentation change

Service: general · 2025-10-28 · Documentation low

File: general/latest/gr/kms.md

Summary

Increased RSA key generation request rate quotas for ca-central-1 region

Security assessment

Quota adjustments for cryptographic operations capacity without evidence of addressing security vulnerabilities or weaknesses

Diff

diff --git a/general/latest/gr/kms.md b/general/latest/gr/kms.md
index b6a2edf5b..c5f509514 100644
--- a//general/latest/gr/kms.md
+++ b//general/latest/gr/kms.md
@@ -87,3 +87,3 @@ GenerateDataKeyPair (ECC_SECG_P256K1) request rate | Each supported Region: 100
-GenerateDataKeyPair (RSA_2048) request rate | Each supported Region: 1 per second |  [Yes](https://console.aws.amazon.com/servicequotas/home/services/kms/quotas/L-77042783) | Maximum requests per second to generate RSA_2048 data key pairs. This shared quota applies to GenerateDataKeyPair and GenerateDataKeyPairWithoutPlaintext requests for RSA_2048 data key pairs. When you reach this quota, KMS rejects this type of request for the remainder of the interval.  
-GenerateDataKeyPair (RSA_3072) request rate | Each supported Region: 0.5 per second |  [Yes](https://console.aws.amazon.com/servicequotas/home/services/kms/quotas/L-AE57B391) | Maximum requests per second to generate RSA_3072 data key pairs. This shared quota applies to GenerateDataKeyPair and GenerateDataKeyPairWithoutPlaintext requests for RSA_3072 data key pairs. By default, KMS allows one request in each 2-second interval. When you reach this quota, KMS rejects this type of request for the remainder of the interval.  
-GenerateDataKeyPair (RSA_4096) request rate | Each supported Region: 0.1 per second |  [Yes](https://console.aws.amazon.com/servicequotas/home/services/kms/quotas/L-FCE4492D) | Maximum requests per second to generate RSA_4096 data key pairs. This shared quota applies to GenerateDataKeyPair and GenerateDataKeyPairWithoutPlaintext requests for RSA_4096 data key pairs. By default, KMS allows one request in each 10-second interval. When you reach this quota, KMS rejects this type of request for the remainder of the interval.  
+GenerateDataKeyPair (RSA_2048) request rate |  ca-central-1: 20 per second Each of the other supported Regions: 1 per second |  [Yes](https://console.aws.amazon.com/servicequotas/home/services/kms/quotas/L-77042783) | Maximum requests per second to generate RSA_2048 data key pairs. This shared quota applies to GenerateDataKeyPair and GenerateDataKeyPairWithoutPlaintext requests for RSA_2048 data key pairs. When you reach this quota, KMS rejects this type of request for the remainder of the interval.  
+GenerateDataKeyPair (RSA_3072) request rate |  ca-central-1: 4 per second Each of the other supported Regions: 0.5 per second |  [Yes](https://console.aws.amazon.com/servicequotas/home/services/kms/quotas/L-AE57B391) | Maximum requests per second to generate RSA_3072 data key pairs. This shared quota applies to GenerateDataKeyPair and GenerateDataKeyPairWithoutPlaintext requests for RSA_3072 data key pairs. By default, KMS allows one request in each 2-second interval. When you reach this quota, KMS rejects this type of request for the remainder of the interval.  
+GenerateDataKeyPair (RSA_4096) request rate |  ca-central-1: 1 per second Each of the other supported Regions: 0.1 per second |  [Yes](https://console.aws.amazon.com/servicequotas/home/services/kms/quotas/L-FCE4492D) | Maximum requests per second to generate RSA_4096 data key pairs. This shared quota applies to GenerateDataKeyPair and GenerateDataKeyPairWithoutPlaintext requests for RSA_4096 data key pairs. By default, KMS allows one request in each 10-second interval. When you reach this quota, KMS rejects this type of request for the remainder of the interval.