AWS CloudHSM is a cloud-based hardware security module (HSM) that enables generation and use of your own encryption keys on the AWS Cloud.
With CloudHSM:
- Manage your own encryption keys using FIPS 140-2 Level 3 validated HSMs.
- Integrate with your applications using industry-standard APIs (such as PKCS#11, Java Cryptography Extensions (JCE), and Microsoft CryptoNG (CNG) libraries).
- Scale quickly by adding and removing HSM capacity on-demand, with no upfront costs.
CloudHSM is standards-compliant and enables exportation of all of your keys to most other commercially-available HSMs, subject to your configurations. It is a fully-managed service that automates time-consuming administrative tasks (such as hardware provisioning, software patching, high-availability, and backups).
Use the AWS public cloud integration to discover and collect metrics against the AWS service.
External reference
Setup
To set up the AWS integration and discover the AWS service, go to AWS Integration Discovery Profile and select AWS Cloud HSM.
Event support
CloudTrail event support
- Supported
- Configurable in OpsRamp AWS Integration Discovery Profile.
CloudWatch alarm support
- Supported
- Configurable in OpsRamp AWS Integration Discovery Profile.
Supported metrics
| OpsRamp Metric | Metric Display Name | Unit | Aggregation Type |
|---|---|---|---|
| aws_cloudhsm_HsmUnhealthy The HSM instance is not performing properly. AWS CloudHSM automatically replaces unhealthy instances. The cluster size can be proactively expanded to reduce performance impact while the HSM is being replaced. | HSM Unhealthy | None | Sum |
| aws_cloudhsm_HsmTemperature Junction temperature of the hardware processor. The system shuts down if the temperature reaches 110 degrees Centigrade. | HSM Temperature | None | Average |
| aws_cloudhsm_HsmKeysSessionOccupied Number of session keys being used by the HSM instance. | HSM Keys Session Occupied | None | Sum |
| aws_cloudhsm_HsmKeysTokenOccupied Number of token keys being used by the HSM instance and the cluster. | HSM Keys Token Occupied | None | Sum |
| aws_cloudhsm_HsmSslCtxsOccupied Number of end-to-end encrypted channels currently established for the HSM instance. | HSM Ssl Ctxs Occupied | None | Average |
| aws_cloudhsm_HsmSessionCount Number of open connections to the HSM instance. | HSM Session Count | None | Sum |
| aws_cloudhsm_HsmUsersAvailable Number of additional users that can be created. | HSM Users Available | None | Sum |
| aws_cloudhsm_HsmUsersMax Maximum number of users that can be created on the HSM instance. | HSM Users Max | None | Maximum |
| aws_cloudhsm_InterfaceEth2ErrorsInput Interface Eth2 Errors Input. | Interface Eth2 Errors Input | None | Average |
| aws_cloudhsm_InterfaceEth2ErrorsOutput Interface Eth2 Errors Input. | Interface Eth2 Errors Output | None | Average |
| aws_cloudhsm_InterfaceEth2PacketsInput Interface Eth2 Packets Input. | Interface Eth2 Packets Input | None | Average |
| aws_cloudhsm_InterfaceEth2PacketsOutput Interface Eth2 Packets Output. | Interface Eth2 Packets Output | None | Average |
| aws_cloudhsm_InterfaceEth2DroppedInput Interface Eth2 Packets Input. | Interface Eth2 Packets Input | None | Average |
| aws_cloudhsm_InterfaceEth2DroppedOutput Interface Eth2 Packets Output. | Interface Eth2 Packets Output | None | Average |
| aws_cloudhsm_InterfaceEth2OctetsInput Interface Eth2 Octets Input. | Interface Eth2 Octets Input | None | Sum |
| aws_cloudhsm_InterfaceEth2OctetsOutput Interface Eth2 Octets Output. | Interface Eth2 Octets Output | None | Sum |