All Products
Search
Document Center

Key Management Service:Alert events

更新時間:Jun 19, 2024

Key Management Service (KMS) can be integrated with Cloud Monitor (CMS) to provide the monitoring and alerting features for system events. This way, you can stay informed about and handle system events at the earliest opportunity. This topic describes how to query system events and configure alert rules.

Important

If the If you want to use advanced features such as bring your own key (BYOK), cross-region synchronization, and monitoring, submit a ticket to confirm the time when your instance image is upgraded to the latest version. message is displayed in the KMS console, contact us. For more information, see Contact us

System event types

You do not need to configure system events. When conditions are met, system events are automatically displayed in the KMS console and the CloudMonitor console.

System event

Severity

Description

Client Key Expiration Notification

Critical

The event is triggered 180 days, 90 days, 30 days, and 7 days before a client key expires.

For more information about client keys, see Overview of AAPs.

Key Synchronization Failed

Critical

The event is triggered when a key in a KMS instance fails to be synchronized across regions.

For more information, see Cross-region synchronization.

Key Synchronization Succeeded

Info

The event is triggered when a key in a KMS instance is synchronized across regions.

For more information, see Cross-region synchronization.

Failed Rotation of Managed Secrets

Critical

The event is triggered when secret rotation fails.

Successful Rotation of Managed Secrets

Info

The event is triggered when secret rotation succeeds.

Scheduled Secret Deletion

Warning

The event is triggered when a secret is scheduled to be deleted.

Secret Deletion

Warning

The event is triggered when a secret is deleted.

Query system events

You can query system events within the last 90 days.

  • Method 1: Use the KMS console

    1. Log on to the KMS console. In the top navigation bar, select a region. In the left-side navigation pane, choose Security Operations > Alert Events.

    2. On the CloudMonitor Alerts tab, select a system event type and a time range for your query.image.png

    3. Find the event that you want to query and click Details in the Actions column to view the details of the event.

  • Method 2: Use the CloudMonitor console

    1. Log on to the CloudMonitor console.

    2. In the left-side navigation pane, choose Event Center > System Event.

    3. On the Event Monitoring tab, select Key Management Service, select a severity level, an event name, and a time range, and then click Search.

    4. In the event list, find the event that you want to view and click Details in the Actions column.

Configure alert rules for system events

You can configure alert rules for system events. When an exception occurs, you can receive alert notifications at the earliest opportunity. This allows you to quickly analyze and troubleshoot the exceptions. You can configure alert rules only in the CloudMonitor console.

  1. Log on to the CloudMonitor console.

  2. In the left-side navigation pane, choose Event Center > System Event.

  3. On the Event Monitoring tab, click Save as Alert Rule.image.png

  4. In the Create/Modify Event-triggered Alert Rule panel, configure parameters for the alert rule.

    For more information about parameters, see Manage system event-triggered alert rules.