Introduction
AWS CloudHSM is a cloud-based hardware security module (HSM) that enables generation and use of your own encryption keys on the AWS Cloud. With CloudHSM:
- Manage your own encryption keys using FIPS 140-2 Level 3 validated HSMs.
- Integrate with your applications using industry-standard APIs
(such as PKCS#11, Java Cryptography Extensions (JCE), and Microsoft CryptoNG (CNG) libraries). - Scale quickly by adding and removing HSM capacity on-demand, with no up-front costs.
CloudHSM is standards-compliant and enables exportation of all of your keys to most other commercially-available HSMs, subject to your configurations. It is a fully-managed service that automates time-consuming administrative tasks (such as hardware provisioning, software patching, high-availability, and backups).
Note
Use the OpsRamp AWS public cloud integration to discover and collect metrics against the AWS service.Setup
To set up the OpsRamp AWS integration and discover the AWS service,
go to AWS Integration Discovery Profile and select AWS Cloud HSM.
Metrics
| OpsRamp Metric | Metric Display Name | Unit | Aggregation Type | Description |
|---|---|---|---|---|
| aws_cloudhsm_HsmUnhealthy | HSM Unhealthy | None | Average | The HSM instance is not performing properly. AWS CloudHSM automatically replaces unhealthy instances. The cluster size can be proactively expanded to reduce performance impact while the HSM is being replaced. |
| aws_cloudhsm_HsmTemperature | HSM Temperature | None | Average | Junction temperature of the hardware processor. The system shuts down if the temperature reaches 110 degrees Centigrade. |
| aws_cloudhsm_HsmKeysSessionOccupied | HSM Keys Session Occupied | None | Average | Number of session keys being used by the HSM instance. |
| aws_cloudhsm_HsmKeysTokenOccupied | HSM Keys Token Occupied | None | Average | Number of token keys being used by the HSM instance and the cluster. |
| aws_cloudhsm_HsmSslCtxsOccupied | HSM Ssl Ctxs Occupied | None | Average | Number of end-to-end encrypted channels currently established for the HSM instance. |
| aws_cloudhsm_HsmSessionCount | HSM Session Count | None | Average | Number of open connections to the HSM instance. |
| aws_cloudhsm_HsmUsersAvailable | HSM Users Available | None | Average | Number of additional users that can be created. |
| aws_cloudhsm_HsmUsersMax | HSM Users Max | None | Average | Maximum number of users that can be created on the HSM instance. |
| aws_cloudhsm_InterfaceEth2ErrorsInput | Interface Eth2 Errors Input | None | Average | Interface Eth2 Errors Input. |
| aws_cloudhsm_InterfaceEth2ErrorsOutput | Interface Eth2 Errors Output | None | Average | Interface Eth2 Errors Input. |
| aws_cloudhsm_InterfaceEth2PacketsInput | Interface Eth2 Packets Input | None | Average | Interface Eth2 Packets Input. |
| aws_cloudhsm_InterfaceEth2PacketsOutput | Interface Eth2 Packets Output | None | Average | Interface Eth2 Packets Output. |
| aws_cloudhsm_InterfaceEth2DroppedInput | Interface Eth2 Packets Input | None | Average | Interface Eth2 Packets Input. |
| aws_cloudhsm_InterfaceEth2DroppedOutput | Interface Eth2 Packets Output | None | Average | Interface Eth2 Packets Output. |
| aws_cloudhsm_InterfaceEth2OctetsInput | Interface Eth2 Octets Input | None | Average | Interface Eth2 Octets Input. |
| aws_cloudhsm_InterfaceEth2OctetsOutput | Interface Eth2 Octets Output | None | Average | Interface Eth2 Octets Output. |
Event support
CloudTrail event support
- Supported
- Configurable in OpsRamp AWS Integration Discovery Profile.
CloudWatch alarm support
- Supported
- Configurable in OpsRamp AWS Integration Discovery Profile.