使用AWS re:Post即您表示您同意 AWS re:Post 使用条款
AWS re:Postre:Post

KMS Limits and free-tier

0

Hi forum;

     Today I received aws email, alert about 85% of my AWS Key Menagement Service limit is near to end it's free-tier.  

 So, as I deploy some extra AWS Services to production environment late Dez/2019, I'm having difficulties to isolate what service is consuming extra KMS requests;  

  Here list of some new services started Dez/2019 examples:  
     Android AWS-SDK  (lambda calls)   
     Cognito  
      SQS sending messages and reading by lambda trigger  
      RDS Performance insight   
      Pinpoint push features  
     **Also I've created and immediately deleted one code commit repository**

Searching this group , I've noticed that cod commit and kms requests, has some issues.

Please; I'll appreciate some help to drive me for answer two questions

      Service(s) who are consuming extra requests  
      What level of pricing (I saw,  doc for  extra 10.000 requests ) will be charged

Advanced Thanks;

Edited by: mortega on Jan 24, 2020 5:24 AM

主题
安全、身份和合规性
标签
AWS 智能钥匙管理服务
语言
English
mortega
已提问 4 年前374 查看次数
2 回答
0
已接受的回答

AWS KMS pricing is listed here: https://aws.amazon.com/kms/pricing/

One way to know which service is using KMS is to go to CloudTrail in your account. Then click on "Event History" on the left hand side of your screen.
In the Filter, select "Event Source" and search for "kms" in "Enter event source" and select "kms.amazonaws.com". Adjust the time range for December. This will give you a list of events. You can then look at which services might be calling KMS on your behalf.

Another way is to start with the services you mentioned and look at which services have been configured to use either customer managed CMKs or AWS managed CMKs. That will also tell you if those services might be calling KMS.

From your list, Amazon SQS and AWS Lambda might be the ones making KMS calls.

AWS
AWS-User-1849807
已回答 4 年前
0

You Rocks;

I Realize that lambda's environment variables are been encrypted ; and as each lambda has a set of then, they are been decrypted on each invoke call;  

Environment variables are been used in new deployment at Jan/2020;  

As I do not set any encryption option for then, it appears that my development framework does it for me !  

Thanks so much !
mortega
已回答 4 年前

您未登录。 登录 发布回答。

一个好的回答可以清楚地解答问题和提供建设性反馈,并能促进提问者的职业发展。

回答问题的准则

相关内容