You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm looking at the cost examples in the documentation. Take the first one, $3.30/month. I believe it's wrong. 10 accounts is 10 keys. That's an extra $10/month.... the first year, then 20, 30 and so on.
Using customer managed keys should be opt-out by parameter.
Or having a shared key on the administrator account.
The text was updated successfully, but these errors were encountered:
Hello, thank you for bringing this to our attention! As of now this is something we can offer in a future release with some caveats — a few remediations depend on this key so you’d be missing functionality for CloudTrail.1, CloudTrail.2, CloudWatch.2, Config.1, SNS.1, and SQS.1. I’ve added this to our backlog internally so we can track this.
I agree with @camitz . I am investigating using this to auto remediate security issues in our AWS Org. We have enabled Control Tower and have about 120 accounts with 4 regions enabled. The automated response solution would cost 120 * 4 * $1 = $480 in KMS keys alone, but outside of the cost of the keys, it would only come in around $55, based on my estimates of the number of checks we have failing.
This means KMS costs would be 90% of the total monthly running cost, meaning the solution wouldn't really stack up for us at the moment.
A solution like this may only be suitable for a Control Tower setup, but it would represent considerable cost savings over the current key per account, per region setup.
KMS Customer Managed Keys are expensive.
I'm looking at the cost examples in the documentation. Take the first one, $3.30/month. I believe it's wrong. 10 accounts is 10 keys. That's an extra $10/month.... the first year, then 20, 30 and so on.
Using customer managed keys should be opt-out by parameter.
Or having a shared key on the administrator account.
The text was updated successfully, but these errors were encountered: