Key Management Services: What is generating requests without my knowledge?

Question

Hi all,

I just noticed a new line in my usage page called "AWS Key Management Service", which shows 8 requests. I don't have any keys or other users, and haven't generated anything new on purpose. I have, however, created one new EC2 instance in the past month, and I have made one snapshot. Does this generate requests and does the number 8 make sense? (Worried about unauthorized activity.)

Thanks so much,

Jack

Answer

Good question!

This could be if you have encryption on for either your EC2 instance or the snapshot itself.

Typically, resources may not be encrypted on creation, but there are some settings that can enable encryption by default.  For example - EC2 snapshots and volumes can be encrypted by default by the following account settings (per region).  In the EC2 Dashboard, under Account Attributes, select Settings.

I would suggest encrypting resources as a general best practice - whether it's AWS-managed keys, AWS-owned keys, or even Customer Managed Keys.  For more information: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-mgmt

Key Management Services: What is generating requests without my knowledge?

相关内容