AWS re:Post을(를) 사용하면 다음에 동의하게 됩니다. AWS re:Post 이용 약관
AWS re:Postre:Post

KMS Limits and free-tier

0

Hi forum;

     Today I received aws email, alert about 85% of my AWS Key Menagement Service limit is near to end it's free-tier.  

 So, as I deploy some extra AWS Services to production environment late Dez/2019, I'm having difficulties to isolate what service is consuming extra KMS requests;  

  Here list of some new services started Dez/2019 examples:  
     Android AWS-SDK  (lambda calls)   
     Cognito  
      SQS sending messages and reading by lambda trigger  
      RDS Performance insight   
      Pinpoint push features  
     **Also I've created and immediately deleted one code commit repository**

Searching this group , I've noticed that cod commit and kms requests, has some issues.

Please; I'll appreciate some help to drive me for answer two questions

      Service(s) who are consuming extra requests  
      What level of pricing (I saw,  doc for  extra 10.000 requests ) will be charged

Advanced Thanks;

Edited by: mortega on Jan 24, 2020 5:24 AM

주제
보안, 신원 및 규정 준수
태그
AWS 키 관리 서비스
언어
English
mortega
질문됨 4년 전374회 조회
2개 답변
0
수락된 답변

AWS KMS pricing is listed here: https://aws.amazon.com/kms/pricing/

One way to know which service is using KMS is to go to CloudTrail in your account. Then click on "Event History" on the left hand side of your screen.
In the Filter, select "Event Source" and search for "kms" in "Enter event source" and select "kms.amazonaws.com". Adjust the time range for December. This will give you a list of events. You can then look at which services might be calling KMS on your behalf.

Another way is to start with the services you mentioned and look at which services have been configured to use either customer managed CMKs or AWS managed CMKs. That will also tell you if those services might be calling KMS.

From your list, Amazon SQS and AWS Lambda might be the ones making KMS calls.

AWS
AWS-User-1849807
답변함 4년 전
0

You Rocks;

I Realize that lambda's environment variables are been encrypted ; and as each lambda has a set of then, they are been decrypted on each invoke call;  

Environment variables are been used in new deployment at Jan/2020;  

As I do not set any encryption option for then, it appears that my development framework does it for me !  

Thanks so much !
mortega
답변함 4년 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠