Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

Over charged in AWS KMS Customer managed key

0

I have a multi-regional account which has KMS keys in different regions. Recently I found that I got double charged in a few of the regions. For example in Frankfurt: $1 per customer managed KMS key version in EU (Frankfurt) 13.207 Keys USD 13.21. I checked the Customer managed keys section in my Frankfurt account, there are only 5 enabled keys and 1 pending-deletion key. But I got billed for 13.207 keys in last month. Same thing also happens in other regions as well, while in us-east-1, I have 32 Customer managed keys, but were billed for 63.207 keys. $1 per customer managed KMS key version in US East (N. Virginia) 63.702 Keys USD 63.70

Themen
Sicherheit, Identität & KonformitätCloud-FinanzmanagementManagement & Unternehmensführung
Tags
AWS-SchlüsselverwaltungsserviceAWS AbrechnungAWS Kontoverwaltung
Sprache
English
rePost-User-2223182
gefragt vor einem Jahr468 Aufrufe
3 Antworten
2

Hi,

have you enabled automatic key rotation?

In that case an additional $1/month for each newly generated backing key,, as mentioned above

profile picture
EXPERTE
Antonio_Lagrotteria
beantwortet vor einem Jahr
  • rePost-User-2223182
    vor einem Jahr

    Key Rotation is enabled as Automatically rotate this KMS key every year. Could you please let me know how to check if I have 'newly generated backing key'? I looked at the Creation Date, they are far before this month.

  • kumo-hiyori
    vor einem Jahr

    You can check CloudTrail to see when the rotation occurred. As others mentioned, you are charged $1/month each time key rotates.

1

Hi,

Seems like there are additional features active in the Frankfurt region or there is increased usage.

KMS charges $1/month (prorated hourly) and an additional $1/month for each newly generated backing key if you have enabled automatic key rotation. The other cost can be the API-related charges.

You can use the AWS Cost Explorer to get a breakdown by usage in the Frankfurt region to better identify what types of usage these charges relate to.

Cost Explorer (Filtering data) -> https://docs.aws.amazon.com/cost-management/latest/userguide/ce-filtering.html

KMS Pricing -> https://aws.amazon.com/kms/pricing/

profile picture
Bisina
beantwortet vor einem Jahr
  • rePost-User-2223182
    vor einem Jahr

    What could the additional active feature be? It is over billed under $1 per customer managed KMS key version in EU (Frankfurt) section. I checked AWS Key Management Service eu-central-1-KMS-Requests, $0.03 per 10000 KMS requests in EU (Frankfurt) 22,965 Requests USD 0.07, the API calls are billed separately I think.

  • rePost-User-2223182
    vor einem Jahr

    Also checked Cost Explorer, seems there's no more detailed data than the billing that I provided above.

0

Hi,

I just had the same issue on one account. For me, it was due to automatic rotation being enabled on certain Customer managed keys: when AWS rotates a CMK, it doesn't delete the previous one and begins charging for the new one.

So if you have only one CMK created 3 years ago with automatic rotation enabled, you'll get charged for 3 CMKs, and this will continue to increase year after year.

Yann P
beantwortet vor 8 Monaten

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt