Why am I receiving a ThrottlingExceptions error when making requests to AWS KMS?
Last updated: 2021-02-12
I received a ThrottlingException error when making requests to AWS Key Management Service (AWS KMS) similar to the following:
You have exceeded the rate at which you may call KMS. Reduce the frequency of your calls. (Service: AWSKMS; Status Code: 400; Error Code: ThrottlingException; Request ID: EXAMPLEID
The ThrottlingException error code indicates that the rate of requests to AWS KMS is exceeding the request quotas for your AWS account. As a result, the AWS KMS service throttles the request.
Use the following best practices to troubleshoot ThrottlingException errors:
- Review AWS KMS usage metrics from the service quotas service to identify the maximum and average rate of requests per second. AWS KMS publishes usage metrics to Amazon CloudWatch for different AWS KMS request quotas. For example, Encrypt and Decrypt operations use shared quotas for cryptographic operations.
- Reduce the rate of requests and consider using or modifying the backoff and retry logic.
- For server-side encryption using AWS KMS CMKs (SSE-KMS) with Amazon Simple Storage Service (Amazon S3) buckets, use an S3 Bucket Key. For instructions, see Reducing the cost of SSE-KMS with Amazon S3 Bucket Keys.
- Use the data key caching feature with the AWS Encryption SDK encryption library. Data key caching reduces the rate of API requests by caching and reusing the data keys for encryption to meet cost and performance requirements.
- Request an AWS KMS quota increase to exceed the request quota.
- Create an Amazon CloudWatch alarm to alert you when a utilization percentage is reached before you reach the request quota.