Introduction
AWS Key Management Service (AWS KMS) is a managed service that makes it easy to create and control the encryption keys used to encrypt data. The customer master keys that are created in AWS KMS are protected by hardware security modules (HSMs). The HSMs are validated by the FIPS 140-2 Cryptographic Module Validation Program except in the China (Beijing) and China (Ningxia) Regions.
AWS KMS is integrated with most other AWS services that encrypt data with encryption keys.
AWS KMS is also integrated with AWS CloudTrail to provide encryption key usage logs
to help meet auditing, regulatory and compliance needs.
Note
Use the OpsRamp AWS public cloud integration to discover and collect metrics against the AWS service.Setup
To set up the OpsRamp AWS integration and discover the AWS service,
go to AWS Integration Discovery Profile and select Kms.
Metrics
| OpsRamp Metric | Metric Display Name | Unit | Aggregation Type | Description |
|---|---|---|---|---|
| aws_kms_SecondsUntilKeyMaterialExpiration | SecondsUntilKeyMaterialExpiration | Seconds | Minimum | Number of seconds remaining until imported key material expires. |
Event support
CloudTrail event support
- Supported (CreateKey)
- Configurable in OpsRamp AWS Integration Discovery Profile.
CloudWatch alarm support
- Supported
- Configurable in OpsRamp AWS Integration Discovery Profile.