Secrets Manager can deliver rotation events of dynamic Elastic Compute Service (ECS) secrets to CloudMonitor. You can query the rotation events and create event-triggered alert rules in the CloudMonitor console. This allows you to receive alert notifications for the events and automate the event handling process.
Query rotation events
- Log on to the CloudMonitor console.
- In the left-side navigation pane, click Event Monitoring.
- On the Event Monitoring page, click the Query Event tab.
- Select Key Management Service from the drop-down list, and then set the event type, event name, and time period to query.
- Find the event that you want to view in the event list and click View the Detail in the Operation column to view the event details.
Create an event-triggered alert rule
You can create event-triggered alert rules to monitor the rotation of dynamic ECS secrets and automate the event handling process. For example, you can monitor failed rotation of dynamic ECS secrets and use Function Compute to automatically resolve the failure.
Alert notification content
<Resource type>:<Operation that was performed on the resource>:<Result>
. After you create an event-triggered alert rule for rotation events of dynamic ECS
secrets, the system sends alert notifications based on the rotation result.
Secret:RotateSecret:Failure
: the failed rotation of dynamic ECS secrets.You can view the information about rotation of dynamic ECS secrets in thecontent
field of the event. For example, you can obtain the failure cause by viewing the failureInfo field. Sample code:{ "product": "KMS", "eventTime": "20180816T135935.689+0800", "level": "CRITICAL", "name": "Secret:RotateSecret:Failure", "regionId": "cn-hangzhou", "resourceId": "acs:kms:cn-hangzhou:188989715694****:secret/secretName", "status": "Failed", "content": { "eventId": "eventId", "secretName": "SecretName", "secretType": "ECS", "RotationEntityArn": "acs:kms:cn-hangzhou:188989715694****:secret/secretName", "rotationStatus": "Invalid", "rotationSubType": "Password", "failureInfo": { "errorCode": "Kms:ErrorCode", "errorMessage": "errorMessage" }, "failureTime": "2012-03-12T05:55:36Z" }, "ver": "1.0" }
Secret:RotateSecret:Success
: the successful rotation of dynamic ECS secrets.Sample code:
{ "product":"KMS", "instanceName":"secretId", "level":"INFO", "name":"Secret:RotateSecret:Success", "regionId":"cn-hangzhou", "resourceId":"acs:kms:cn-hangzhou:188989715694****:secret/secretName", "status":"Normal", "content":{ "eventId": "eventId", "secretName": "SecretName", "secretType": "ECS", "RotationEntityArn": "acs:kms:cn-hangzhou:188989715694****:secret/secretName", "rotationStatus": "Enabled", "secretSubType": "Password", "successTime": "2012-03-12T05:55:36Z" }, "ver":"1.0" }