By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

KMS Limits and free-tier

0

Hi forum;

     Today I received aws email, alert about 85% of my AWS Key Menagement Service limit is near to end it's free-tier.  

 So, as I deploy some extra AWS Services to production environment late Dez/2019, I'm having difficulties to isolate what service is consuming extra KMS requests;  

  Here list of some new services started Dez/2019 examples:  
     Android AWS-SDK  (lambda calls)   
     Cognito  
      SQS sending messages and reading by lambda trigger  
      RDS Performance insight   
      Pinpoint push features  
     **Also I've created and immediately deleted one code commit repository**

Searching this group , I've noticed that cod commit and kms requests, has some issues.

Please; I'll appreciate some help to drive me for answer two questions

      Service(s) who are consuming extra requests  
      What level of pricing (I saw,  doc for  extra 10.000 requests ) will be charged

Advanced Thanks;

Edited by: mortega on Jan 24, 2020 5:24 AM

Topics
Security, Identity, & Compliance
Tags
AWS Key Management Service
Language
English
mortega
asked 4 years ago369 views
2 Answers
0
Accepted Answer

AWS KMS pricing is listed here: https://aws.amazon.com/kms/pricing/

One way to know which service is using KMS is to go to CloudTrail in your account. Then click on "Event History" on the left hand side of your screen.
In the Filter, select "Event Source" and search for "kms" in "Enter event source" and select "kms.amazonaws.com". Adjust the time range for December. This will give you a list of events. You can then look at which services might be calling KMS on your behalf.

Another way is to start with the services you mentioned and look at which services have been configured to use either customer managed CMKs or AWS managed CMKs. That will also tell you if those services might be calling KMS.

From your list, Amazon SQS and AWS Lambda might be the ones making KMS calls.

AWS
AWS-User-1849807
answered 4 years ago
0

You Rocks;

I Realize that lambda's environment variables are been encrypted ; and as each lambda has a set of then, they are been decrypted on each invoke call;  

Environment variables are been used in new deployment at Jan/2020;  

As I do not set any encryption option for then, it appears that my development framework does it for me !  

Thanks so much !
mortega
answered 4 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content