Posted On: Apr 12, 2024
Today, AWS Key Management Service (AWS KMS) announces new flexibility, visibility, and pricing for automatic key rotation. You can now customize the frequency of rotation period between 90 days to 7 years (2560 days) as well as invoke key rotation on demand for customer managed KMS keys. Lastly, you can now see the history of all previous rotations for any KMS key that has been rotated.
We’re also introducing new pricing for KMS automatic key rotation. Previously, each rotation of a KMS key added $1/month per rotation to a KMS customer managed key. Now, for KMS keys that you rotate automatically or on demand, the first and second rotation of the key adds $1/month (prorated hourly) in cost, but this price increase is capped at the second rotation, and all rotations after your second rotation are not billed. For customers that have keys with 3 or more rotations, all of these keys will see a price reduction to $3/month (prorated) starting the first week of May 2024.
These new enhancements are now available in all AWS Regions, including the AWS GovCloud (US) Regions. To learn more about these new enhancements, see the related blog post The curious case of faster AWS KMS symmetric key rotation and the Rotating AWS KMS Keys section of the AWS KMS Developer Guide.