By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Over charged in AWS KMS Customer managed key

0

I have a multi-regional account which has KMS keys in different regions. Recently I found that I got double charged in a few of the regions. For example in Frankfurt: $1 per customer managed KMS key version in EU (Frankfurt) 13.207 Keys USD 13.21. I checked the Customer managed keys section in my Frankfurt account, there are only 5 enabled keys and 1 pending-deletion key. But I got billed for 13.207 keys in last month. Same thing also happens in other regions as well, while in us-east-1, I have 32 Customer managed keys, but were billed for 63.207 keys. $1 per customer managed KMS key version in US East (N. Virginia) 63.702 Keys USD 63.70

Topics
Security, Identity, & ComplianceCloud Financial ManagementManagement & Governance
Tags
AWS Key Management ServiceAWS BillingAWS Account Management
Language
English
rePost-User-2223182
asked a year ago465 views
3 Answers
2

Hi,

have you enabled automatic key rotation?

In that case an additional $1/month for each newly generated backing key,, as mentioned above

profile picture
EXPERT
Antonio_Lagrotteria
answered a year ago
  • rePost-User-2223182
    a year ago

    Key Rotation is enabled as Automatically rotate this KMS key every year. Could you please let me know how to check if I have 'newly generated backing key'? I looked at the Creation Date, they are far before this month.

  • kumo-hiyori
    a year ago

    You can check CloudTrail to see when the rotation occurred. As others mentioned, you are charged $1/month each time key rotates.

1

Hi,

Seems like there are additional features active in the Frankfurt region or there is increased usage.

KMS charges $1/month (prorated hourly) and an additional $1/month for each newly generated backing key if you have enabled automatic key rotation. The other cost can be the API-related charges.

You can use the AWS Cost Explorer to get a breakdown by usage in the Frankfurt region to better identify what types of usage these charges relate to.

Cost Explorer (Filtering data) -> https://docs.aws.amazon.com/cost-management/latest/userguide/ce-filtering.html

KMS Pricing -> https://aws.amazon.com/kms/pricing/

profile picture
Bisina
answered a year ago
  • rePost-User-2223182
    a year ago

    What could the additional active feature be? It is over billed under $1 per customer managed KMS key version in EU (Frankfurt) section. I checked AWS Key Management Service eu-central-1-KMS-Requests, $0.03 per 10000 KMS requests in EU (Frankfurt) 22,965 Requests USD 0.07, the API calls are billed separately I think.

  • rePost-User-2223182
    a year ago

    Also checked Cost Explorer, seems there's no more detailed data than the billing that I provided above.

0

Hi,

I just had the same issue on one account. For me, it was due to automatic rotation being enabled on certain Customer managed keys: when AWS rotates a CMK, it doesn't delete the previous one and begins charging for the new one.

So if you have only one CMK created 3 years ago with automatic rotation enabled, you'll get charged for 3 CMKs, and this will continue to increase year after year.

Yann P
answered 8 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content