Key Management Service (KMS) can be integrated with Cloud Monitor (CMS) to provide the monitoring and alerting features for system events. This way, you can stay informed about and handle system events at the earliest opportunity. This topic describes how to query system events and configure alert rules.
System event types
System events do not require configuration. When event trigger conditions are met, system events automatically appear in both the KMS console and the CloudMonitor console. To receive event alert notifications, refer to Configure alert notifications for system events in this topic to configure settings in the CloudMonitor console.
System event | Severity | Trigger condition |
QPS Approaching Limit | Critical | The event is triggered when the real-time QPS of a KMS instance reaches 90% of the quota. |
Scheduled Key Deletion | Warning | The event is triggered when a key is scheduled to be deleted. |
Key Deletion | Warning | The event is triggered when a key is deleted. |
Scheduled Secret Deletion | Warning | The event is triggered when a secret is scheduled to be deleted. |
Secret Deletion | Warning | The event is triggered when a secret is deleted. |
Failed Rotation of Managed Secrets | Critical | The event is triggered when secret rotation fails. |
Successful Rotation of Managed Secrets | Info | The event is triggered when secret rotation succeeds. |
Key Synchronization Failed | Critical | The event is triggered when a key in a KMS instance fails to be synchronized across regions. For more information, see Cross-region synchronization. |
Key Synchronization Succeeded | Info | The event is triggered when a key in a KMS instance is synchronized across regions. For more information, see Cross-region synchronization. |
Client Key Expiration Notification | Critical | The event is triggered 180 days, 90 days, 30 days, and 7 days before a client key expires. For more information about client keys, see Overview of AAPs. |
Query system events
You can query system events within the last 90 days.
Method 1: Use the KMS console
Log on to the KMS console. In the top navigation bar, select a region. In the navigation pane on the left, choose .
On the CloudMonitor Alerts tab, select a system event type and a time range for your query.
Find the event that you want to query and click Details in the Actions column to view the details of the event.
Method 2: Use the CloudMonitor console
Log on to the CloudMonitor console.
In the left-side navigation pane, choose .
On the Event Monitoring tab, select Key Management Service, select a severity level, an event name, and a time range, and then click Search.
In the event list, find the event that you want to view and click Details in the Actions column.
Configure alert notifications for system events
You can configure alert rules for system events. When an exception occurs, you can receive alert notifications at the earliest opportunity. This allows you to quickly analyze and troubleshoot the exceptions. You can configure alert rules only in the CloudMonitor console.
Log on to the CloudMonitor console.
In the left-side navigation pane, choose .
On the Event Monitoring tab, click Save as Alert Rule.
NoteIf you need customized processing for alert notifications such as merging and noise reduction, configure alert notifications on the Event Subscription page. For more information, see Manage event subscriptions (recommended).
In the Create/Modify Event-triggered Alert Rule panel, configure parameters for the alert rule.
For more information about parameters, see Manage system event-triggered alert rules.