- Newest
- Most votes
- Most comments
Note that, you will be charged not for storing KMS Keys, but for API calls to those keys. Refer KMS Key Pricing notes.
AWS Managed keys can't be deleted, customer managed keys only can be deleted.
Note 1: While you are not charged for creation and storage of AWS-managed keys, you will be charged on any API request made to AWS-managed keys. Note 2: When you use a KMS key in a different AWS account, the AWS account that makes the API request is charged for the key use.
I would suggest you to go to cloudtrail and see for KMS key API calls and identify, where those API calls are coming from.
To go further and see, where the charges are coming from:
- Go to Cost Explorer -> Choose Date Range in right pane
- Granularity -> Daily
- Dimension -> Usage Type
- Filter -> Service -> Key Management Service -> Apply
Repeat the same but change Dimension this time to Region and apply, see where it's coming from. This would show you, where the cost is coming from.
Relevant content
- asked 2 months ago
- asked 6 months ago
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated 6 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
API request coming from "mgn.amazonaws.com"