Posted On: Apr 14, 2024
Amazon Key Management Service (Amazon KMS), the managed service for creating and managing cryptographic keys, today announced new flexibility, visibility, and pricing improvements for KMS automatic key rotation. You can now customize the frequency period for rotation (between 90 days to 7 years (2560 days)) as well as rotate any key on-demand to invoke immediate rotation of any customer managed KMS key. Lastly, we’ve added new console and API options to list all previous key rotations for any KMS key that has been rotated.
We’re also introducing a new price cap for KMS automatic key rotation. Previously, each rotation of a KMS key added ¥6.88/month per rotation to a KMS customer managed key. Now, for KMS keys that you rotate automatically or on-demand, the first and second rotation of the key adds ¥6.88/month (prorated hourly) in cost, but this price increase is capped at the second rotation, and all rotations after your second rotation are not billed. For existing customers that have keys with 3 or more rotations, all of these keys will see a price reduction to ¥20.64/month (prorated) starting in first week of May, 2024.
Flexible key rotation capabilities are now available in all Amazon Regions, including the China regions. To learn more about this new capability, see the Rotating KMS Keys topic in the KMS developer guide.