Introduction

AWS CloudHSM is a cloud-based hardware security module (HSM) that enables generation and use of your own encryption keys on the AWS Cloud. With CloudHSM:

  • Manage your own encryption keys using FIPS 140-2 Level 3 validated HSMs.
  • Integrate with your applications using industry-standard APIs
    (such as PKCS#11, Java Cryptography Extensions (JCE), and Microsoft CryptoNG (CNG) libraries).
  • Scale quickly by adding and removing HSM capacity on-demand, with no up-front costs.

CloudHSM is standards-compliant and enables exportation of all of your keys to most other commercially-available HSMs, subject to your configurations. It is a fully-managed service that automates time-consuming administrative tasks (such as hardware provisioning, software patching, high-availability, and backups).

Setup

To set up the OpsRamp AWS integration and discover the AWS service, go to AWS Integration Discovery Profile and select AWS Cloud HSM.

Metrics

OpsRamp MetricMetric Display NameUnitAggregation TypeDescription
aws_cloudhsm_HsmUnhealthyHSM UnhealthyNoneAverageThe HSM instance is not performing properly. AWS CloudHSM automatically replaces unhealthy instances. The cluster size can be proactively expanded to reduce performance impact while the HSM is being replaced.
aws_cloudhsm_HsmTemperatureHSM TemperatureNoneAverageJunction temperature of the hardware processor. The system shuts down if the temperature reaches 110 degrees Centigrade.
aws_cloudhsm_HsmKeysSessionOccupiedHSM Keys Session OccupiedNoneAverageNumber of session keys being used by the HSM instance.
aws_cloudhsm_HsmKeysTokenOccupiedHSM Keys Token OccupiedNoneAverageNumber of token keys being used by the HSM instance and the cluster.
aws_cloudhsm_HsmSslCtxsOccupiedHSM Ssl Ctxs OccupiedNoneAverageNumber of end-to-end encrypted channels currently established for the HSM instance.
aws_cloudhsm_HsmSessionCountHSM Session CountNoneAverageNumber of open connections to the HSM instance.
aws_cloudhsm_HsmUsersAvailableHSM Users AvailableNoneAverageNumber of additional users that can be created.
aws_cloudhsm_HsmUsersMaxHSM Users MaxNoneAverageMaximum number of users that can be created on the HSM instance.
aws_cloudhsm_InterfaceEth2ErrorsInputInterface Eth2 Errors InputNoneAverageInterface Eth2 Errors Input.
aws_cloudhsm_InterfaceEth2ErrorsOutputInterface Eth2 Errors OutputNoneAverageInterface Eth2 Errors Input.
aws_cloudhsm_InterfaceEth2PacketsInputInterface Eth2 Packets InputNoneAverageInterface Eth2 Packets Input.
aws_cloudhsm_InterfaceEth2PacketsOutputInterface Eth2 Packets OutputNoneAverageInterface Eth2 Packets Output.
aws_cloudhsm_InterfaceEth2DroppedInputInterface Eth2 Packets InputNoneAverageInterface Eth2 Packets Input.
aws_cloudhsm_InterfaceEth2DroppedOutputInterface Eth2 Packets OutputNoneAverageInterface Eth2 Packets Output.
aws_cloudhsm_InterfaceEth2OctetsInputInterface Eth2 Octets InputNoneAverageInterface Eth2 Octets Input.
aws_cloudhsm_InterfaceEth2OctetsOutputInterface Eth2 Octets OutputNoneAverageInterface Eth2 Octets Output.

Event support

CloudTrail event support

  • Supported
  • Configurable in OpsRamp AWS Integration Discovery Profile.

CloudWatch alarm support

  • Supported
  • Configurable in OpsRamp AWS Integration Discovery Profile.

External reference