Questions tagged with AWS Billing

Content language: English

Sort by most recent

Browse through the questions and answers listed below or filter and sort to narrow down your results.

KMS events are not being excluded form CloudTrail Management Events

Hi everyone! I recently struggled with some CloudTrail costs in my account, to give some context, I enabled DynamoDB Global tables for two regions, using encryption with a CMK in the primary region and creating a replica of this key in the second one. The thing is, after setting up the global table, the CloudTrail costs started to significantly increasing, I notice that most of the events recorded were `Decrypt` events with the source IP address `` and the event source was ``. As you might guess, the trail wasn't excluding AWS KMS events for management events, and after changing the configuration I expected those costs to decrease again but they keep the same, also, the event history still shows management events from ``. **Is there something I might be missing?** This is the Terraform configuration I'm using for setting up CloudTrail. ``` resource "aws_cloudtrail" "security" { name = "security" s3_bucket_name = var.supervising_cloudtrail.s3_bucket_name s3_key_prefix = "audit" kms_key_id = var.supervising_cloudtrail.kms_key_arn enable_log_file_validation = true enable_logging = true is_multi_region_trail = true include_global_service_events = true insight_selector { insight_type = "ApiCallRateInsight" } event_selector { read_write_type = "All" include_management_events = true exclude_management_event_sources = [""] data_resource { type = "AWS::Lambda::Function" values = ["arn:aws:lambda"] } data_resource { type = "AWS::S3::Object" values = ["arn:aws:s3:::"] } data_resource { type = "AWS::DynamoDB::Table" values = ["arn:aws:dynamodb"] } } } ```
asked 2 months ago