2025 06 06

AWS – AWS KMS launches on-demand key rotation for imported keys

AWS Key Management Service (KMS) is announcing support for on-demand rotation of symmetric encryption KMS keys with imported key material. This new capability enables you to rotate the cryptographic key material of Bring Your Own Keys (BYOK) keys without changing the key identifier (key ARN). Rotating keys helps you meet compliance requirements and security best practices that mandate periodic key rotation.

Organizations can now better align key rotation with their internal security policies when using imported keys within AWS KMS. This new on-demand rotation capability supports both immediate rotation as well as scheduled rotation. Similar to flexible rotation for standard KMS keys, this new rotation capability offers seamless transition to new key material within an existing KMS key ARN and key alias, with zero downtime and complete backwards compatibility with existing data protected under this key.

On-demand key rotation is available in all AWS Regions, including the AWS GovCloud (US) Regions and in the China Regions. To learn more, see the AWS Security Blog for how to use on demand rotation with imported keys, and the rotate on-demand topic in the AWS KMS developer guide.

AWS – AWS KMS launches on-demand key rotation for imported keys

Related Posts

AWS – AWS Backup is now available in AWS Asia Pacific (Taipei) Region

AWS – Amazon SageMaker AI Training Jobs announces general availability of P6-B200 instances powered by NVIDIA B200 GPUs

AWS – Ingest data from Atlassian Jira and Confluence into Amazon OpenSearch Service