Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Certificate not visible in console but charged monthly

0

Im not seeing any certificate and Im charged monthy ~430USD.... how can I know and cancel services im not using and seeing?

Topics
Cloud Financial Management
Tags
AWS Billing
Language
English
asked a month ago57 views
2 Answers
0

I understand your concern about being charged approximately $430 USD monthly for services you cannot see in the console. Here are steps to help you identify and manage these charges:

To identify what you're being charged for:

  1. Check your AWS Cost Explorer - Go to the AWS Billing and Cost Management console to see a detailed breakdown of your charges by service, region, and usage type. This will show you exactly which AWS services are generating costs.

  2. Review your AWS Bills - In the Billing console, examine your detailed monthly bills which itemize all charges by service and region.

  3. Use AWS Cost and Usage Reports - Enable detailed billing reports to get granular information about your resource usage and costs.

Regarding certificates specifically:

If you're referring to AWS Certificate Manager (ACM) certificates, note that public SSL/TLS certificates from ACM are actually free of charge. However, you may be charged for:

  • Private certificates issued through ACM Private Certificate Authority (PCA)
  • Resources associated with the certificates (like load balancers, CloudFront distributions, or API Gateways)

To cancel or stop unwanted services:

  1. Check all AWS regions - Resources may exist in regions you don't typically use
  2. Look for running EC2 instances, RDS databases, load balancers, NAT gateways, or other compute resources
  3. Review any active subscriptions in AWS Marketplace
  4. Delete unused resources through their respective service consoles

If you need help identifying specific charges, AWS Support can provide a detailed analysis of your bill.

answered a month ago
AWS
MODERATOR
reviewed a month ago
EXPERT
reviewed a month ago
0

The actual price tag makes it likely that you've got a general-purpose AWS Private Certificate Authority (ACM PCA) running somewhere, as that costs $400 per month regardless of whether you issue any certificates. This has its own view in the console UI and is a regional service, so you'd only actually see the ACM PCA instance in the console if you look at the right region in the right account.

Easiest way to find it (or disprove the theory) is to use Cost Explorer to identify the account (assuming you've got an AWS Organization) where the charges are occurring, e.g. by

aws ce get-cost-and-usage \
  --time-period Start=2026-03-01,End=2026-04-01 \
  --granularity MONTHLY \
  --metrics "UnblendedCost" \
  --filter '{
    "Dimensions": {
      "Key": "SERVICE",
      "Values": ["AWS Certificate Manager"]
    }
  }' \
  --group-by Type=DIMENSION,Key=LINKED_ACCOUNT

and then, or directly if you already know the account, you could run something like this for the account in question:

for region in $(aws ec2 describe-regions --query 'Regions[].RegionName' --output text); do
  echo "=== $region ==="
  aws acm-pca list-certificate-authorities --region "$region" \
    --query 'CertificateAuthorities[?Status!=`DELETED`].[CertificateAuthorityArn,Status,Type,CreatedAt]' \
    --output table 2>/dev/null
done

Then, once you find it, you can decide to keep or delete depending on whether it's in actual use.

AWS
answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content