AWS has already deployed post-quantum cryptography across several key services. AWS Key Management Service (AWS KMS), AWS Secrets Manager, and AWS Certificate Manager have implemented post-quantum hybrid key establishment combining Elliptic Curve Diffie-Hellman (ECDH) with ML-KEM to protect against "harvest now, decrypt later" attacks. At the foundation of these implementations is AWS-LC, our FIPS-140-3-validated cryptographic library, which was the first open-source cryptographic module to include ML-KEM in its FIPS validation.

(https://aws.amazon.com/security/post-quantum-cryptography/)