The Overview page provides monitoring information about Key Management Service (KMS) instances. The information includes instance specifications, status, and metrics. You can also configure alert rules to monitor metrics. This topic describes how to view the monitoring information about a KMS instance and configure CloudMonitor alert rules.
Background information
If the "The version of the instance is outdated. To view all metrics, submit a ticket to confirm the upgrade window" message is displayed on the Overview page, contact technical support to upgrade the instance version.
KMS is integrated with CloudMonitor. On the Overview page, you can view the trend charts of metrics. For more information, see What is CloudMonitor?
You can configure CloudMonitor alert rules based on your business requirements to identify and resolve issues in advance. The following list describes the common alert rule settings:
The average number of requests per second reaches 80% of the threshold. For more information about performance data, see Performance quotas.
For example, you purchase a KMS instance of the software key management type whose computing performance is 1,000 queries per second (QPS). You can configure an alert rule to trigger an alert when the total number of requests per minute for the instance reaches 48,000 (1000 QPS × 60 seconds × 80%) for 3 consecutive minutes. The alert indicates that the average metric value exceeds 80% of the instance performance. In this case, we recommend that you upgrade the instance to improve the performance.
HTTP status code 4XX or HTTP status code 5XX is returned for three consecutive cycles.
HTTP status code 4XX indicates that the request is invalid or the specified resource does not exist. You can troubleshoot this error based on the error message. HTTP status code 5XX indicates that the service is unavailable. You can try again later or contact technical support.
Prerequisites
If you use a Resource Access Management (RAM) user, the AliyunCloudMonitorReadOnlyAccess permission is granted to the RAM user. To grant the permission, log on to the RAM console. For more information, see Grant permissions to a RAM user.
View the overview information and monitoring data of a KMS instance
Log on to the KMS console. In the top navigation bar, select a region. In the left-side navigation pane, click Overview.
Select the ID of the instance that you want to view and view the overview information and monitoring data of the KMS instance.
You can view the metrics data in the last 30 days.
Optional. Turn on Auto Refresh. If you turn on the switch, KMS automatically refreshes the monitoring data every 1 minute.
Configure alert rules for metrics
Solution 1: Configure alert rules in KMS
KMS provides built-in alert rules. By default, the built-in alert rules are disabled. You can configure alert rules only for HTTP status code 4XX, HTTP status code 5XX, and request latency. If you want to configure alert rules for other metrics, refer to Solution 2.
The alert contacts are default alert contacts provided by the system. If you want to change the alert contacts, go to the CloudMonitor console. For more information, see Modify an alert contact or alert contact group.
Log on to the KMS console. In the top navigation bar, select a region. In the left-side navigation pane, click Overview.
Select the required instance and click Proactive Alerting. Then, turn on Proactive Alerting.
After you turn on Proactive Alerting, alert rules take effect for all KMS instances within the current Alibaba Cloud account.
If you previously turned on Proactive Alerting and modified alert rules and you turn on Proactive Alerting again, the built-in alert rules are used.
(Optional) Disable, modify, or delete a built-in alert rule.
If you want to configure alert rules only for specific metrics or you want to configure fine-grained alert rules, you can disable or modify alert rules.
Solution 2: Configure alert rules in CloudMonitor
Log on to the KMS console. In the top navigation bar, select a region. In the left-side navigation pane, click Overview.
On the Overview page, click Configure Alert Rules to go to the CloudMonitor console.
On the Alert Rules page, click Create Alert Rule. For more information, see Create an alert rule.
When you create an alert rule, select Key Management Service for the Product parameter.
Supported CloudMonitor metrics
Metrics | Description | Alerting supported (Yes/No) | Aggregation dimension | Statistical method |
Metrics | Description | Alerting supported (Yes/No) | Aggregation dimension | Statistical method |
request_total_1m | The total number of requests per minute. | Yes | userId, regionId, and instanceId | Value |
request_symmetric_1m | The number of encryption and decryption requests per minute by using symmetric keys. | Yes | userId, regionId, and instanceId | Value |
request_asymmetric_encrypt_1m | The number of encryption requests per minute by using asymmetric keys. | Yes | userId, regionId, and instanceId | Value |
request_asymmetric_decrypt_1m | The number of decryption requests per minute by using asymmetric keys. | Yes | userId, regionId, and instanceId | Value |
request_asymmetric_sign_1m | The number of signing requests per minute by using asymmetric keys. | Yes | userId, regionId, and instanceId | Value |
request_asymmetric_verify_1m | The number of signature verification requests per minute by using asymmetric keys. | Yes | userId, regionId, and instanceId | Value |
request_secret_1m | The number of secret requests per minute. | Yes | userId, regionId, and instanceId | Value |
request_other_1m | The number of requests for other operations. | Yes | userId, regionId, and instanceId | Value |
code_5xx_1m | The number of requests for which HTTP status code 5XX is returned per minute. | Yes | userId, regionId, and instanceId | Value |
code_4xx_1m | The number of requests for which HTTP status code 4XX is returned per minute. | Yes | userId, regionId, and instanceId | Value |
latency_1m | The average latency of all requests per minute. | Yes | userId, regionId, and instanceId | Value |
