AWS Key Management Service (AWS KMS) is a managed service that makes it easy to create and control the encryption keys used to encrypt data. The customer master keys that are created in AWS KMS are protected by hardware security modules (HSMs). The HSMs are validated by the FIPS 140-2 Cryptographic Module Validation Program except in the China (Beijing) and China (Ningxia) Regions.
AWS KMS is integrated with most other AWS services that encrypt data with encryption keys. AWS KMS is also integrated with AWS CloudTrail to provide encryption key usage logs to help meet auditing, regulatory and compliance needs.
Use the AWS public cloud integration to discover and collect metrics against the AWS service.
External reference
What is AWS Key Management Service?
Setup
To set up the AWS integration and discover the AWS service, go to AWS Integration Discovery Profile and select Kms.
Event support
CloudTrail event support
- Supported (CreateKey)
- Configurable in OpsRamp AWS Integration Discovery Profile.
CloudWatch alarm support
- Supported
- Configurable in OpsRamp AWS Integration Discovery Profile.
Supported metrics
| OpsRamp Metric | Metric Display Name | Unit | Aggregation Type |
|---|---|---|---|
| aws_kms_SecondsUntilKeyMaterialExpiration Number of seconds remaining until imported key material expires. | SecondsUntilKeyMaterialExpiration | Seconds | Minimum |