The Overview page provides monitoring information about Key Management Service (KMS) instances. The information includes instance specifications, status, and metrics. You can also configure alert rules to monitor metrics. This topic describes how to view the monitoring information about a KMS instance and configure CloudMonitor alert rules.
Overview
If the page displays "The current instance version is outdated. To view all monitoring metrics, submit a ticket to confirm the upgrade time", you need to upgrade the image version of your KMS instance.
KMS is integrated with CloudMonitor. On the Overview page, you can view the trend charts of metrics. For more information about CloudMonitor, see What is CloudMonitor.
You can configure CloudMonitor alert rules based on your business requirements to identify and resolve issues in advance. Common alert rule settings:
The average number of requests per second has reached 90% of the threshold. For more information about performance data, see Performance data.
For example: If you purchase a software key management instance with a Computing Performance specification of 1000 (operations/second), you can set an alert when the total number of requests per minute reaches 54,000 (1000 operations/second × 60 seconds × 90%) for three consecutive cycles. This indicates that the average value of this metric has exceeded 90% of the instance's performance capacity. In this case, we recommend upgrading the instance specifications to expand performance.
HTTP status code 4XX or HTTP status code 5XX is returned for three consecutive cycles.
HTTP status code 4XX indicates that the request is invalid or the specified resource does not exist. You can troubleshoot this error based on the error message. HTTP status code 5XX indicates that the service is unavailable. You can try again later or contact technical support.
Prerequisites
If the logged-in user is a RAM user, you need to grant the read-only permission on CloudMonitor (AliyunCloudMonitorReadOnlyAccess) to the RAM user in the RAM console. For more information, see Grant permissions to a RAM user.
View KMS instance overview and monitoring data
Log on to the KMS console. In the top navigation bar, select a region. In the left-side navigation pane, click Overview.
Select an Instance ID to view the KMS instance overview and monitoring data.
NoteYou can view metrics data in the last 30 days.
(Optional) Turn on Auto-refresh, and KMS will automatically refresh the monitoring data every minute.
Configure metric alerts
Solution 1: Configure Initiative Alert in KMS
KMS has built-in general alert rules, which are disabled by default. This solution only supports setting alerts for 4xx Error Requests, 5xx Error Requests, and Request Latency. If you want to configure alert rules for other metrics, refer to Solution 2.
The alert recipient for this method is set to the system-created Alibaba Cloud Account Alert Contact by default. If you need to modify it, go to the CloudMonitor console. For more information, see Modify an alert contact or alert contact group.
Log on to the KMS console. In the top navigation bar, select a region. In the left-side navigation pane, click Overview.
Select an instance, click Initiative Alert, and turn on the switch.
NoteAfter you turn on Initiative Alert, alert rules take effect for all KMS instances within the current Alibaba Cloud account.
If you previously turned on Initiative Alert and modified alert rules and you turn on Initiative Alert again, the built-in alert rules are used.
(Optional) Disable, modify, or delete a built-in alert rule.
If you want to set alerts for only specific metrics or need to configure more fine-grained alert rules, you can disable or modify alert rules.
Solution 2: Configure alerts in CloudMonitor
Log on to the KMS console. In the top navigation bar, select a region. In the left-side navigation pane, click Overview.
On the Overview page, click Set Alert Rule to go to the CloudMonitor console.
On the Alert Rules page, click Create Alert Rule to complete the configuration. For more information, see Create an alert rule.
When you create an alert rule, select Key Management Service for Product.
Supported CloudMonitor metrics
Metric | Description | Alert supported | Dimensions | Statistics |
request_total_1m | The total number of requests per minute. | Yes | userId, regionId, instanceId | Value |
request_symmetric_1m | The number of encryption and decryption requests per minute by using symmetric keys. | Yes | userId, regionId, instanceId | Value |
request_asymmetric_encrypt_1m | The number of encryption requests per minute by using asymmetric keys. | Yes | userId, regionId, instanceId | Value |
request_asymmetric_decrypt_1m | The number of decryption requests per minute by using asymmetric keys. | Yes | userId, regionId, instanceId | Value |
request_asymmetric_sign_1m | The number of signing requests per minute by using asymmetric keys. | Yes | userId, regionId, instanceId | Value |
request_asymmetric_verify_1m | The number of signature verification requests per minute by using asymmetric keys. | Yes | userId, regionId, instanceId | Value |
request_secret_1m | The number of secret requests per minute. | Yes | userId, regionId, instanceId | Value |
request_other_1m | The number of requests for other operations. | Yes | userId, regionId, instanceId | Value |
code_5xx_1m | The number of requests for which HTTP status code 5XX is returned per minute. | Yes | userId, regionId, instanceId | Value |
code_4xx_1m | The number of requests for which HTTP status code 4XX is returned per minute. | Yes | userId, regionId, instanceId | Value |
latency_1m | The average latency of all requests per minute. | Yes | userId, regionId, instanceId | Value |
Configuration example: KMS instance QPS monitoring alert
If you want to monitor the QPS usage of your KMS instance and receive alerts for potential performance bottlenecks to determine whether you need to upgrade the instance specifications, you can set dynamic threshold alerts for QPS-related metrics (request_total_1m). CloudMonitor will send an alert when the number of requests per minute reaches 90% of the specification.
For example, if the QPS of your KMS instance is 2000, the threshold for the number of requests per minute should be set to 2000 (operations/second) × 60 (seconds) × 90% = 108,000 requests. Follow these steps for detailed configuration:
Log on to the KMS console. In the top navigation bar, select a region. In the left-side navigation pane, click Overview.
On the Overview page, click Set Alert Rule to go to the CloudMonitor console.
On the Alert Rules page, click Create Alert Rule, configure the alert rule according to the following table, and then click OK.
Parameter
Description
Product
Select Key Management Service.
Resource Range
Select Instance.
Associated Resources
Click Add Resource, select the KMS instances you want to monitor, and then click OK.
Rule Description
Rule Name: Customize a rule name.
Metric Type: Select Simple Metric.
Monitoring Metric: Select Request_total_1m, set it to Warning, and set the condition to monitoring value ≥ 108,000 for three consecutive cycles.
Mute Period
Set according to your needs. The default value of 24 hours is usually sufficient.
If the metric continues to exceed the alert threshold during the mute period, no repeated alert notifications will be sent during this period. If the metric still does not return to normal after the mute period, CloudMonitor will send another alert notification.
Effective Period, Tags, Alert Contact Group
Fill in according to your actual situation.
Advanced Settings
Keep the default settings for Alert Callback, Push Channels, Recovery Notification, and No Data Processing Method.