Is AWS Quantum Safe?
Not yet. AWS is actively investing in post-quantum cryptography but most services still rely on classical TLS with RSA and ECDSA. AWS Key Management Service (KMS) and AWS Certificate Manager do not yet support PQC key types in production.
Key Takeaway: AWS is NOT quantum safe. Scan your AWS infrastructure with QScout to identify all TLS endpoints and key exchange mechanisms. Enable hybrid PQC TLS on s2n-tls-based services where available. Monitor AWS security bulletins for PQC rollout timelines per service.
- Modality
- Cloud Platform
- Vulnerability
- TLS key exchanges (RSA, ECDH) used by AWS services are vulnerable to Shor's algorithm. AES-256 data-at-rest encryption is quantum-resistant.
- NIST status
- AWS is aligning with NIST FIPS 203/204/205 standards. AWS-LC library includes ML-KEM and ML-DSA implementations but production service rollout is ongoing.
- Replaced by
- AWS services will migrate to ML-KEM (FIPS 203) for key exchange and ML-DSA (FIPS 204) for signatures within TLS
- Deprecation
- AWS has not published a firm PQC migration deadline. NIST recommends completing migration by 2035. NSA CNSA 2.0 mandates CNSA 2.0 for affected National Security Systems by December 31, 2031 unless a program-specific exception applies.
Technical Analysis
AWS is NOT fully quantum safe today.
Current State
AWS uses TLS 1.2/1.3 with RSA-2048, RSA-4096, and ECDSA for the vast majority of service-to-service and customer-facing encryption. These are vulnerable to Shor's algorithm on a cryptographically relevant quantum computer (CRQC).
PQC Progress
AWS has been one of the more proactive cloud providers. Key milestones:
- s2n-tls: AWS's open-source TLS library added experimental support for NIST PQC key exchange (ML-KEM, formerly CRYSTALS-Kyber) in hybrid mode since 2019.
- AWS KMS: Announced exploration of PQC but production KMS keys remain RSA and ECC as of early 2026.
- AWS CloudFront and ALB: No PQC cipher suite support in production.
- AWS-LC (libcrypto): AWS's fork of BoringSSL includes ML-KEM and ML-DSA implementations.
Harvest Now, Decrypt Later Risk
Data encrypted with AWS services today (S3 server-side encryption, RDS encryption, EBS encryption) uses AES-256, which is quantum-resistant for data at rest. However, TLS key exchanges protecting data in transit are vulnerable to harvest-now-decrypt-later (HNDL) attacks.
What Organizations Should Do
Inventory all AWS services in use and identify which rely on TLS-protected data in transit with long confidentiality requirements. Prioritize migrating API Gateway, ALB, and CloudFront endpoints to PQC-capable TLS when AWS releases support. Use QScout to map your complete AWS cryptographic surface.
At a glance
| Full Name | Amazon Web Services |
| Category | cloud |
| Quantum Vulnerability | TLS key exchanges (RSA, ECDH) used by AWS services are vulnerable to Shor's algorithm. AES-256 data-at-rest encryption is quantum-resistant. |
| NIST Status | AWS is aligning with NIST FIPS 203/204/205 standards. AWS-LC library includes ML-KEM and ML-DSA implementations but production service rollout is ongoing. |
| Deprecation Timeline | AWS has not published a firm PQC migration deadline. NIST recommends completing migration by 2035. NSA CNSA 2.0 mandates CNSA 2.0 for affected National Security Systems by December 31, 2031 unless a program-specific exception applies. |
| Replaced By | AWS services will migrate to ML-KEM (FIPS 203) for key exchange and ML-DSA (FIPS 204) for signatures within TLS |
Migration Guidance
Scan your AWS infrastructure with QScout to identify all TLS endpoints and key exchange mechanisms. Enable hybrid PQC TLS on s2n-tls-based services where available. Monitor AWS security bulletins for PQC rollout timelines per service.
How Qtonic Quantum Can Help
Don’t Know Where AWS Lives in Your Stack?
QScout discovers instances of AWS across your infrastructure in 7 days — designed to minimize operational disruption. 72-hour time to first findings.