Open camitz opened 8 months ago
Hello, thank you for bringing this to our attention! As of now this is something we can offer in a future release with some caveats — a few remediations depend on this key so you’d be missing functionality for CloudTrail.1, CloudTrail.2, CloudWatch.2, Config.1, SNS.1, and SQS.1. I’ve added this to our backlog internally so we can track this.
KMS Customer Managed Keys are expensive.
I'm looking at the cost examples in the documentation. Take the first one, $3.30/month. I believe it's wrong. 10 accounts is 10 keys. That's an extra $10/month.... the first year, then 20, 30 and so on.
Using customer managed keys should be opt-out by parameter.
Or having a shared key on the administrator account.