AWS Key Management Service (AWS KMS) is a managed service that makes it easy to create and control the encryption keys used to encrypt data. The customer master keys that are created in AWS KMS are protected by hardware security modules (HSMs). The HSMs are validated by the FIPS 140-2 Cryptographic Module Validation Program except in the China (Beijing) and China (Ningxia) Regions.

AWS KMS is integrated with most other AWS services that encrypt data with encryption keys. AWS KMS is also integrated with AWS CloudTrail to provide encryption key usage logs to help meet auditing, regulatory and compliance needs.

Use the AWS public cloud integration to discover and collect metrics against the AWS service.

External reference

What is AWS Key Management Service?

Setup

To set up the AWS integration and discover the AWS service, go to AWS Integration Discovery Profile and select Kms.

Event support

CloudTrail event support

  • Supported (CreateKey)
  • Configurable in OpsRamp AWS Integration Discovery Profile.

CloudWatch alarm support

  • Supported
  • Configurable in OpsRamp AWS Integration Discovery Profile.

Supported metrics

OpsRamp MetricMetric Display NameUnitAggregation Type
aws_kms_SecondsUntilKeyMaterialExpiration

Number of seconds remaining until imported key material expires.
SecondsUntilKeyMaterialExpirationSecondsMinimum