ThrottlingException on KMS GetParametersForImport API call

0

I am getting a "ThrottlingException. You have exceeded the rate at which you may call KMS. Reduce the frequency of your calls." on the KMS GetParametersForImport API call.

This is the first call and there is no other KMS activity in the account. I am using the HTTP POST method to call the API.

What could be the reason for this?

asked 3 months ago88 views
2 Answers
0

There are a few potential reasons why you might be experiencing a ThrottlingException on a KMS GetParametersForImport API call, even if it's the first call and there's no other KMS activity in the account:

  1. Request quota exceeded: AWS KMS has request quotas for each account and region. Even though this is your first call, it's possible that you've inadvertently exceeded the quota for GetParametersForImport operations in a short time frame.

  2. Service-side issues: Occasionally, AWS services may experience internal issues that result in throttling, even when the client-side activity is within normal limits.

  3. "Hot key" scenario: If you're repeatedly calling GetParametersForImport for the same KMS key in quick succession, AWS KMS might throttle requests to protect the service, even if it's technically your first successful call.

  4. CloudHSM key store related: If you're working with a KMS key in an AWS CloudHSM key store, throttling might occur at a lower-than-expected rate if the associated AWS CloudHSM cluster is processing numerous commands, even those unrelated to the key store.

To address this issue, you can try the following:

  1. Implement a backoff and retry strategy: Use exponential backoff when retrying the request. This is often automatically implemented in AWS SDKs for HTTP 400 errors.

  2. Check your request rates: Use the Service Quotas console or Amazon CloudWatch to view your request rates and manage quotas.

  3. Request a quota increase: If you find that you're consistently hitting limits, you can request a quota increase through AWS Support.

  4. Optimize your application logic: Ensure that you're only making necessary requests and not inadvertently calling the API more often than needed.

If the issue persists after trying these steps, it may be worth contacting AWS Support for further investigation, as there could be account-specific factors or temporary service issues at play.
Sources
Throttling AWS KMS requests - AWS Key Management Service
GetParametersForImport - AWS Key Management Service

profile picture
answered 3 months ago
  • The answer does not address the question.

0

Hi,

The throttling may be caused by AWS services using KMS concurrently to your call.

For example, S3 will make such calls: look at https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucket-key.html

Amazon S3 Bucket Keys reduce the cost of Amazon S3 server-side encryption 
with AWS Key Management Service (AWS KMS) keys (SSE-KMS). Using a 
bucket-level key for SSE-KMS can reduce AWS KMS request costs by up to 
99 percent by decreasing the request traffic from Amazon S3 to AWS KMS. 
With a few clicks in the AWS Management Console, and without any changes 
to your client applications, you can configure your bucket to use an S3 Bucket Key 
for SSE-KMS encryption on new objects.

So, please, check if KMS is used by services like S3 in your account in order to reduce their usage as above and "get room" for your own calls. You can also ask for KMS Quota increase if you cannot reduce other usages.

Best,

Didier

profile pictureAWS
EXPERT
answered 3 months ago
  • Thank you Didier, Do you think AWS services calling KMS count towards your account Rate Limits? Service to Service calls should not count. GetParametersForImport is unlikely to be called by other AWS Services using KMS, don't think AWS services import key material to KMS. But I have no other services running in this test account anyway. Yes, I could try increasing the KMS Quota but this is the first call so don't see how I am hitting the limit.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions