Alexa skills, Lambda and weird AWS Key Management Service requests
I'm starting with Alexa development and AWS in general. I've subscribed for the free tier, created my skill, set a AWS Lambda function and done some little testing. I got nothing more running on AWS.
What I've noticed that except for AWS Lambda and Cloudwatch usage I got requests to AWS Key Management Service on my Billing Dashboard. I'm not using any environment variables as this was one of the reasons for KMS requests suggested by Google.
From my billing management report I got 3 times more KMS requests than to my Lambda (30 vs 9). I know this is small number but KMS got 20k requests in the free tier and Lambda got 1000000 and I just don't understand how this connects to each other.
Is AWS KMS required for Lambda operation? What is it used for?
Many AWS services are using KMS to manage keys and access to keys while keeping them under your control.
The full list is documented here https://docs.aws.amazon.com/kms/latest/developerguide/service-integration.html
Pricing of KMS is per keys that you create and manage. https://aws.amazon.com/kms/pricing/
Keys automatically created by AWS Services are for free.
I just checked my bill and I am not charged for KMS at all.
I do suggest you to enable CloudTrail logs on your account to understand where the KMS calls you're seeing are originated from.
To query Cloudtrail logs, you can make a simple SQL query on Athena.
Doc to setup Athena for Cloudtrail : https://docs.aws.amazon.com/athena/latest/ug/cloudtrail-logs.html
SQL Query to analyze kms calls :
SELECT eventtime,
useridentity.type,
eventsource,
eventname,
sourceipaddress,
eventtime
FROM "default"."cloudtrail_logs_logs_sst_cloudtrail"
WHERE eventsource = 'kms.amazonaws.com' AND
eventtime BETWEEN '2018-07-01' AND '2018-07-31' ;
- Is it possible to enrich a message on an sqs queue
- Does EKS Auto Mode use AWS Load Balancer Controller?
- kubectl error You must be logged in to the server (Unauthorized) when accessing EKS cluster
- AWS Elasticache -- How to flush node from console?
- How to parameterize prevent_destroy lifecycle configuration in Terraform?
- RDS instance start: which subnet/AZ is selected?
- Connection refused error (127.0.0.1:4566) for Localstack S3
- Problem with file directory link in amazon s3
- Can I use aws-advanced-jdbc-wrapper with MySQL?
- Creating Lambda Snapstart with Typescript CDK
- How to force SQL Server container to immediately update MDF file in Docker volume?
- AWS Cloudwatch agent config file removed after startup
- AWS lambda SQS does not allow to process 1 message per 1 invocation
- How can I create a TLS/SSL connection to a mongodb instance on AWS with a certificate made by certificate manager? Health check failed
- Cloudfront redirect when signed cookies not present
- AWS Lambda and DynamoDB - updatetItem is not a function
- AWS ElasticBeanstalk EC2 Termination Protection
- Allowing AWS Cognito Users to authentication to JIRA via SAML/SSO (Domain Not found)
- Install pgAgent on AWS RDS for Postgres
- Row was updated or deleted by another transaction (or unsaved-value mapping was incorrect)
- List all parameters in AWS SSM Parameter Store
- AWS push_down_predicate not working with DynamoDb
- localstack AWS S3 javascript error : getaddrinfo ENOTFOUND bucketname.localhost
- AWS ECS agent won't start
- AWS VPC (Virtual Private Cloud), rapidly increasing expenses
- SemaphoreCI OIDC AWS connection
- Can't delete AWS internet Gateway
- How to provide multiple StringNotEquals conditions in AWS policy?
- Not able to get ECS fargate metrics on Datadog
- 502 "Internal Server Error" with API Gateway + Lambda when deploying