By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

AWS KMS: Receiving a ThrottlingExceptions error when making requests to AWS KMS

0

Hi Team, Since a couple of months, we have been facing issues with throttling on AWS KMS which directly impacts our production application too. On further investigation we have seen that cloudwatch logs are generating a large number of requests on AWS KMS (more than 50,000 requests per day). As a temporary solution we have deactivated kms encryption on cloudwatch logs related to non-prod environments. Now the current AWS KMS requests has come down to around 33000 per day. Request some guidance from your side on mitigating this issue.

Topics
Security, Identity, & Compliance
Tags
AWS Key Management Service
Language
English
AWS-User-4403209
asked 2 years ago392 views
1 Answer
0

Unfortunately there are cases where KMS api calls are just to frequent in production- or load-test loads. You'll hit the quota of the KMS APIs and get throttled.

There are 4 ways to avoid being throttled:

  1. change the quota/limit: Some of the quota's can be increased by filing a support ticket to AWS.
  2. use data key caching: If you are in control of the use of the AWS Encryption SDK (since you log the Throttling error you might be able to use this method)
  3. use different kind of encryption at rest. (Cloudwatch supports encryption at rest by default AWS managed SSE keys are used that will not get throttled)
  4. make less log lines, a good practice is to log one json object that contains everything for one request
profile picture
JaccoPK
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content