Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Got charged for KMS

0

Hi! I'm wondering why i got charged for KMS while i don't have any API requests? I don't event have any active services. Could you please help check and clarify?

Thank you!

Topics
Cloud Financial ManagementSecurity, Identity, & Compliance
Tags
AWS Key Management ServiceAWS Billing
Language
English
asked 2 years ago405 views
2 Answers
2

re:Post is a community forum -- no one here can look at your account and give a decisive answer on the charges. However, if you share more details of the charges, we can help provide some insight. For instance, if you have a KMS CMK (Customer Managed Key), there is a charge every month for the key, whether it is used or not. I believe this is $1/key.

For authoritative information on the bill, I suggest you open a support case.

Hope this helps!

AWS
EXPERT
answered 2 years ago
EXPERT
reviewed 2 years ago
0

Based on the information provided in the AWS KMS pricing page and the AWS KMS documentation, there could be a few reasons why you were charged for KMS even without any active services or API requests:

  1. AWS KMS Key Storage: AWS KMS charges a monthly fee for storing your Customer Master Keys (CMKs). This fee is based on the number of CMKs you have in your account, regardless of whether you're actively using them or not. The pricing page mentions a charge of $1 per CMK per month.

  2. AWS KMS API Requests: While you may not have any active services or applications making API requests to KMS, there could be other AWS services or resources in your account that are using KMS behind the scenes. For example, if you have encrypted EBS volumes, S3 buckets, or RDS instances, they may be using KMS for encryption and decryption operations, which would incur charges based on the number of API requests made.

  3. CloudTrail Logging: According to the documentation, AWS KMS integrates with AWS CloudTrail, and CloudTrail log entries are generated for all KMS API requests. If you have CloudTrail enabled in your account, it could be generating log entries for KMS operations, which may incur charges based on the number of log entries generated.

To investigate further, you can follow these steps:

  1. Check the AWS Cost Explorer or your billing details to see if the charges are specifically for KMS key storage or API requests - Apply Filters - KeyManagement Service, and Dimensions : API Operation
  2. Review your CloudTrail logs for KMS events, as mentioned in the documentation link you provided. You can filter the logs to see which services or resources are making requests to KMS.
  3. Check if you have any encrypted resources (e.g., EBS volumes, S3 buckets, RDS instances) that may be using KMS behind the scenes.
  4. If you have CMKs that you're not using, consider deleting them to avoid the monthly storage charges.

If you still cannot identify the source of the KMS charges after investigating, you may want to reach out to AWS Support for further assistance.

AWS
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content