Billing

0.0.201

important

This topic contains important information on necessary precautions. We recommend that you read this topic carefully before proceeding.

Alibaba Cloud Key Management Service (KMS) offers server-side encryption with default keys at no extra cost. If the default keys meet your needs, you do not need to purchase a separate KMS instance. However, if you require custom encryption solutions, secrets management, or key lifecycle control, you will need to acquire a software or hardware KMS instance. This guide details the billing methods, cycles, items, expiration, and renewal of KMS instances.

Note

This topic only covers the subscription billing method. For information on pay-as-you-go fees, see Pay-as-you-go.

Billing description

Billing method

Subscription

Billing cycle

Billing cycles are based on UTC+8, starting immediately upon purchase or renewal of a KMS instance and concluding at midnight on the expiration date.

Billable items

The fees for KMS instances are as follows:

Software Key Management Instance	Hardware Key Management Instance

Software Key Management Instance	Hardware Key Management Instance
USD 500 per month	USD 1,799 per month

Default specifications for KMS instances are as follows:

Billable item	Description	Software Key Management Instance	Hardware Key Management Instance

Billable item	Description	Software Key Management Instance	Hardware Key Management Instance
Deployment Mode	KMS instances support dual-zone and multi-zone configurations, offering high availability, disaster recovery, and load balancing. Note The Philippines (Manila) and Thailand (Bangkok) regions have only one zone each, so for KMS instances deployed there only single-zone deployment is available. When you select multi-zone, you can configure up to three zones. For the number of zones in each region, see Regions and access addresses.	Dual-Zone	Dual-Zone
Computing Performance	The QPS for encryption and decryption operations processed by the KMS instance. For QPS data of different cryptographic operations, see Performance data.	1,000	2,000
Number of Keys	The key quota for the KMS instance. If a key supports rotation, each version generated by the rotation also consumes quota. For example, a key with two versions consumes two quotas.	1,000	1,000
Number of Secrets	The secret quota for the KMS instance. If a secret supports rotation, each version generated by the rotation does not consume quota. For example, a secret with two versions consumes one quota.	0	0
Access Management Quantity	This quota includes two parts: The number of VPCs that are associated with the KMS instance. The number of Alibaba Cloud accounts with which the KMS instance is shared. For example, if you want to associate the KMS instance with three VPCs and share the instance with two Alibaba Cloud accounts, specify a value of 5 to meet your business requirements. The default quota is one, allowing only the VPC bound to the KMS instance access to KMS resources.	1	1
Log Service	Based on Alibaba Cloud Simple Log Service, the KMS log service provides log query and analysis for KMS instances, and supports storing access logs for up to 180 days. Typically, each request log occupies about 1 KB of storage. So, for example, if your average request volume is 100 QPS, then the storage space required for one day's logs is about 8.2 GB (100 × 60 × 60 × 24 × 1 = 8,640,000 KB). With a default retention period of 180 days, the log storage capacity would be 1,476 GB (8.2 × 180). When you enable the log service, you can choose a log storage capacity of up to 2,000 GB.	Disable	Disable

If the default specifications do not meet your requirements, you can purchase additional resources. These include enhanced computing performance, additional keys, secrets, access management, and log service. Additional resource fees are as follows:

Billable Item	Software Key Management Instance	Hardware Key Management Instance

Billable Item	Software Key Management Instance	Hardware Key Management Instance
Deployment Mode	Dual-Zone: Included in the default fee. Multi-Zone: USD 120 per month.	Dual-Zone: Included in the default fee. Multi-Zone: USD 120 per month.
Computing Performance (QPS)	1,000: Included in the default fee. 2,000: USD 100 per month. 4,000: USD 300 per month.	2,000: Included in the default fee. 4,000: USD 200 per month. 6,000: USD 400 per month.
Number of Keys	Every 10 keys: USD 9 per month. Incremental purchase: 10. Maximum quota: 100,000.	Not available.
Number of Secrets	Every 100 secrets: USD 50 per month. Incremental purchase: 100. Maximum quota: 100,000.	Every 100 secrets: USD 50 per month. Incremental purchase: 100. Maximum quota: 100,000.
Access Management	Each multi-account: USD 125 per month. Incremental purchase: 1. Maximum quota: 1,000.	Each multi-account: USD 125 per month. Incremental purchase: 1. Maximum quota: 1,000.
Log Service	Each 1,000 GB of storage: USD 80 per month. Incremental purchase: 1,000. Maximum quota: 500,000.	Each 1,000 GB of storage: USD 80 per month. Incremental purchase: 1,000. Maximum quota: 500,000.

Overdue payments

Since the subscription billing method involves prepaid plans, either annual or monthly, overdue payments do not apply. Ensure your account balance is topped up in advance to facilitate operations such as purchasing new instances, upgrading configurations, or renewing existing instances.

Ensure your account balance is topped so that you can purchase, renew instances or upgrade configurations.

Expiration description

Visit the Instances page to check the Remaining Subscription Period date of your KMS instance. We recommend renewing your instance before its expiration to avoid any disruption to your services.

Instance Expiration Status	Description

Instance Expiration Status	Description
Before expiration	Alibaba Cloud sends you email notifications 7 days, 3 days, and 1 day before your KMS instance expires, reminding you to renew it.
Within 15 calendar days after expiration	The configurations of the KMS instance are retained, including keys and secrets, but the keys and secrets can no longer be used. After you renew the instance, you can use the keys and secrets again.
16 days after expiration	The KMS instance is released. Your keys and secrets are deleted and cannot be restored. We recommend that you back up data in advance and take note of the backup's expiration time. For more information, see Backup Management. Warning If you do not back up your keys and secrets, or if the backup data expires, then the keys and secrets will be permanently lost after expiration and deletion. Therefore, make sure to back up your data to avoid any impact on your business.

Refunds

Partial refunds are available for KMS instances if they are in the Disabled or Enabled state. Pending renewal orders may also be canceled.

Before canceling a KMS instance, familiarize yourself with the unsubscription rules, precautions, and cases. For more information, see Rules for unsubscribing from resources (International site).

To unsubscribe from a KMS instance, use the Expenses and Costs console or submit a ticket. For details on the unsubscription process, see Methods for unsubscribing resources. For information on the refund process after unsubscription, see Refund flow.

View billing and usage details

To review and export KMS billing and usage details, access the Expenses and Costs console. For more information, see Billing details and Usage records.

Renewal description

For instructions on renewing a resource via the Expenses and Costs console, see Renewal guide. To renew an instance in the KMS console, follow these steps:

Log on to the KMS console. In the top navigation bar, select a region. In the left-side navigation pane, choose Resource > Instances.
Select the Software Key Management or Hardware Key Management tab, locate the instance you want to renew, and click Actions in the Renew column.
On the KMS (International) | Renew page, set the Duration, agree to the Terms of Service, and proceed.
Click Buy Now and complete the payment.