Key Management Service (KMS) can be integrated with Cloud Monitor (CMS) to provide the monitoring and alerting features for system events. This way, you can stay informed about and handle system events at the earliest opportunity. This topic describes how to query system events and configure alert rules.
If the If you want to use advanced features such as bring your own key (BYOK), cross-region synchronization, and monitoring, submit a ticket to confirm the time when your instance image is upgraded to the latest version. message is displayed in the KMS console, contact us. For more information, see Contact us
System event types
You do not need to configure system events. When conditions are met, system events are automatically displayed in the KMS console and the CloudMonitor console.
System event | Severity | Description |
Client Key Expiration Notification | Critical | The event is triggered 180 days, 90 days, 30 days, and 7 days before a client key expires. For more information about client keys, see Overview of AAPs. |
Key Synchronization Failed | Critical | The event is triggered when a key in a KMS instance fails to be synchronized across regions. For more information, see Cross-region synchronization. |
Key Synchronization Succeeded | Info | The event is triggered when a key in a KMS instance is synchronized across regions. For more information, see Cross-region synchronization. |
Failed Rotation of Managed Secrets | Critical | The event is triggered when secret rotation fails. |
Successful Rotation of Managed Secrets | Info | The event is triggered when secret rotation succeeds. |
Scheduled Secret Deletion | Warning | The event is triggered when a secret is scheduled to be deleted. |
Secret Deletion | Warning | The event is triggered when a secret is deleted. |
Query system events
You can query system events within the last 90 days.
Method 1: Use the KMS console
Log on to the KMS console. In the top navigation bar, select a region. In the left-side navigation pane, choose .
On the CloudMonitor Alerts tab, select a system event type and a time range for your query.
Find the event that you want to query and click Details in the Actions column to view the details of the event.
Method 2: Use the CloudMonitor console
Log on to the CloudMonitor console.
In the left-side navigation pane, choose .
On the Event Monitoring tab, select Key Management Service, select a severity level, an event name, and a time range, and then click Search.
In the event list, find the event that you want to view and click Details in the Actions column.
Configure alert rules for system events
You can configure alert rules for system events. When an exception occurs, you can receive alert notifications at the earliest opportunity. This allows you to quickly analyze and troubleshoot the exceptions. You can configure alert rules only in the CloudMonitor console.
Log on to the CloudMonitor console.
In the left-side navigation pane, choose .
On the Event Monitoring tab, click Save as Alert Rule.
In the Create/Modify Event-triggered Alert Rule panel, configure parameters for the alert rule.
For more information about parameters, see Manage system event-triggered alert rules.