Introduction

AWS Key Management Service (AWS KMS) is a managed service that makes it easy to create and control the encryption keys used to encrypt data. The customer master keys that are created in AWS KMS are protected by hardware security modules (HSMs). The HSMs are validated by the FIPS 140-2 Cryptographic Module Validation Program except in the China (Beijing) and China (Ningxia) Regions.

AWS KMS is integrated with most other AWS services that encrypt data with encryption keys.
AWS KMS is also integrated with AWS CloudTrail to provide encryption key usage logs to help meet auditing, regulatory and compliance needs.

Setup

To set up the OpsRamp AWS integration and discover the AWS service, go to AWS Integration Discovery Profile and select Kms.

Metrics

OpsRamp MetricMetric Display NameUnitAggregation TypeDescription
aws_kms_SecondsUntilKeyMaterialExpirationSecondsUntilKeyMaterialExpirationSecondsMinimumNumber of seconds remaining until imported key material expires.

Event support

CloudTrail event support

  • Supported (CreateKey)
  • Configurable in OpsRamp AWS Integration Discovery Profile.

CloudWatch alarm support

  • Supported
  • Configurable in OpsRamp AWS Integration Discovery Profile.

External reference