As a user I am required to change my KMS once in a while and I am charged twice once for the new key and once for the old key till it is deleted.
-
Many keys are not being deleted even when they are no longer used since no one knows about them.
-
As long as the old key is not deleted the charges continue.
-
Disabled key are still being charged.
-
Invoice CUE file does not include any details on KMS which makes it more difficult.
-
Finally, KMS record does not include usage details, so cannot tell when was the key last used.
Although the cost of a KMS key is about 1$ a month as with any cloud costs the totals could get quite large as your business grows.
We offer two kind of recommendations for KMS:
1. Listing all disabled keys and suggesting their deletion.
2. Listing all Keys that were created over a year ago (subject to preferences).
To enable KMS recommendations , make sure to add the following permissions to each of the linked account:
"kms:ListKeys", "kms:DescribeKey", "kms:ListResourceTags"