AWS CloudHSM is a cloud-based hardware security module (HSM) that enables generation and use of your own encryption keys on the AWS Cloud.

With CloudHSM:

  • Manage your own encryption keys using FIPS 140-2 Level 3 validated HSMs.
  • Integrate with your applications using industry-standard APIs (such as PKCS#11, Java Cryptography Extensions (JCE), and Microsoft CryptoNG (CNG) libraries).
  • Scale quickly by adding and removing HSM capacity on-demand, with no upfront costs.

CloudHSM is standards-compliant and enables exportation of all of your keys to most other commercially-available HSMs, subject to your configurations. It is a fully-managed service that automates time-consuming administrative tasks (such as hardware provisioning, software patching, high-availability, and backups).

Use the AWS public cloud integration to discover and collect metrics against the AWS service.

External reference

What is AWS CloudHSM?

Setup

To set up the AWS integration and discover the AWS service, go to AWS Integration Discovery Profile and select AWS Cloud HSM.

Event support

CloudTrail event support

  • Supported
  • Configurable in OpsRamp AWS Integration Discovery Profile.

CloudWatch alarm support

  • Supported
  • Configurable in OpsRamp AWS Integration Discovery Profile.

Supported metrics

OpsRamp MetricMetric Display NameUnitAggregation Type
aws_cloudhsm_HsmUnhealthy

The HSM instance is not performing properly. AWS CloudHSM automatically replaces unhealthy instances. The cluster size can be proactively expanded to reduce performance impact while the HSM is being replaced.
HSM UnhealthyNoneSum
aws_cloudhsm_HsmTemperature

Junction temperature of the hardware processor. The system shuts down if the temperature reaches 110 degrees Centigrade.
HSM TemperatureNoneAverage
aws_cloudhsm_HsmKeysSessionOccupied

Number of session keys being used by the HSM instance.
HSM Keys Session OccupiedNoneSum
aws_cloudhsm_HsmKeysTokenOccupied

Number of token keys being used by the HSM instance and the cluster.
HSM Keys Token OccupiedNoneSum
aws_cloudhsm_HsmSslCtxsOccupied

Number of end-to-end encrypted channels currently established for the HSM instance.
HSM Ssl Ctxs OccupiedNoneAverage
aws_cloudhsm_HsmSessionCount

Number of open connections to the HSM instance.
HSM Session CountNoneSum
aws_cloudhsm_HsmUsersAvailable

Number of additional users that can be created.
HSM Users AvailableNoneSum
aws_cloudhsm_HsmUsersMax

Maximum number of users that can be created on the HSM instance.
HSM Users MaxNoneMaximum
aws_cloudhsm_InterfaceEth2ErrorsInput

Interface Eth2 Errors Input.
Interface Eth2 Errors InputNoneAverage
aws_cloudhsm_InterfaceEth2ErrorsOutput

Interface Eth2 Errors Input.
Interface Eth2 Errors OutputNoneAverage
aws_cloudhsm_InterfaceEth2PacketsInput

Interface Eth2 Packets Input.
Interface Eth2 Packets InputNoneAverage
aws_cloudhsm_InterfaceEth2PacketsOutput

Interface Eth2 Packets Output.
Interface Eth2 Packets OutputNoneAverage
aws_cloudhsm_InterfaceEth2DroppedInput

Interface Eth2 Packets Input.
Interface Eth2 Packets InputNoneAverage
aws_cloudhsm_InterfaceEth2DroppedOutput

Interface Eth2 Packets Output.
Interface Eth2 Packets OutputNoneAverage
aws_cloudhsm_InterfaceEth2OctetsInput

Interface Eth2 Octets Input.
Interface Eth2 Octets InputNoneSum
aws_cloudhsm_InterfaceEth2OctetsOutput

Interface Eth2 Octets Output.
Interface Eth2 Octets OutputNoneSum