Each customer master key (CMK) that you create in Amazon Key Management Service (KMS) costs ¥6.88/month until you delete it. If you opt-in to have the CMK automatically rotated each year, each newly rotated version will raise the cost of the CMK by ¥6.88/month. You are not charged for the following:
- Creation and storage of Amazon Web Services managed CMKs, which are automatically created on your behalf when you first attempt to encrypt data in another Amazon Web Services service.
- CMKs that are scheduled for deletion. If you cancel the deletion during the waiting period, the CMK will incur charges as though it was never scheduled for deletion.
- Data keys, which are created by GenerateDataKey and GenerateDataKeyWithoutPlaintext API requests. You are charged for these API requests per the usage pricing discussed below whether you make these API requests directly or they are made on your behalf by an integrated Amazon Web Services service. You are not charged an ongoing monthly fee for the data keys themselves as they are neither stored nor managed by KMS.
Each API request to the Amazon Key Management Service costs:
- ¥0.20/ per 10,000 requests
Amazon EBS Example
1 CMK used as a master key when creating 250 encrypted EBS volumes per month via the Amazon KMS CLI or APIs.
- 1 CMK
- 3 X 250 API requests to create and provision a unique data encryption key for each of 250 volumes
|¥0.015||750 requests (750 requests at ¥0.2 per 10000 API requests)|
Amazon CloudTrail logging
If you enable Amazon CloudTrail on your account, you can obtain logs of API calls made to or by Amazon KMS. See the Amazon CloudTrail pricing page for more information.
Find links to our developer's guide, helpful videos, and console guides.
Instantly get access to the Amazon Free Tier.
Get started building with Amazon Key Management Service in the Amazon Web Services Console.