All Products
Search

This Product

    Key Management Service:Overview

    Document Center

    Key Management Service:Overview

    Last Updated:Dec 02, 2025

    The Overview page provides a dashboard that displays key information about your Key Management Service (KMS) instances, including their instance types, status, and metrics. You can also configure alert rules to monitor these metrics. This topic describes how to view the dashboard of a KMS instance and configure CloudMonitor alerts.

    Overview

    Important

    If the page prompts "The current instance version is too low. To view all metrics, submit a ticket to confirm the upgrade time", you must upgrade the image version of your KMS instance.

    KMS integrates with CloudMonitor to display trend graphs of metrics on the Overview page. For more information about CloudMonitor, see What is CloudMonitor?.

    You can also set CloudMonitor alerts to proactively identify and resolve issues in KMS. Common alert rule settings include the following:

    • The average number of requests per second reaches 90% of the threshold. For more information about performance data, see Performance data.

      For example, if you purchase a software key management instance with a Computing Performance of 1,000 queries per second (QPS), you can set an alert to be triggered when the total number of requests per minute reaches 54,000 (1,000 QPS × 60 seconds × 90%) for three consecutive statistical periods. This indicates that the average value of the metric has exceeded 90% of the instance's performance capacity. In this case, upgrade the instance type to improve performance.

    • 4xx or 5xx error requests occur for three consecutive statistical periods.

      A 4xx error request is usually caused by an invalid request or a non-existent resource. You can troubleshoot the error based on the error message. A 5xx error generally indicates that the service is temporarily unavailable. You can try again later or contact Alibaba Cloud technical support.

    Prerequisites

    If you log on as a Resource Access Management (RAM) user, you must grant that user the read-only permission for CloudMonitor (AliyunCloudMonitorReadOnlyAccess) in the RAM console. For more information, see Grant permissions to a RAM user.

    View KMS instance overview and monitoring data

    1. Log on to the KMS console. In the top navigation bar, select a region. In the navigation pane on the left, click Overview.

    2. Select an Instance ID to view the overview and monitoring data of the KMS instance.

      Note

      You can view metrics for the last 30 days.

    3. (Optional) Turn on the Auto Refresh switch. KMS automatically refreshes the monitoring data every minute.image

    Configure alert rules for metrics

    1. Log on to the KMS console. In the top navigation bar, select a region. In the navigation pane on the left, click Overview.

    2. On the Overview page, click Configure Alert Rules to go to the CloudMonitor console.image

    3. On the Alert Rules page, click Create Alert Rule and complete the configuration. For more information, see Create an alert rule.

      When you create an alert rule, set the Product parameter to Key Management Service.

    Supported CloudMonitor metrics

    Metric

    Description

    Alerting supported

    Dimensions

    Statistics

    Requests per minute for an instance

    Number of requests per minute.

    Yes

    userId, regionId, instanceId

    Value

    Symmetric encryption/decryption requests per minute

    Number of symmetric operation requests per minute.

    Yes

    userId, regionId, instanceId

    Value

    Asymmetric encryption requests per minute

    Number of asymmetric encryption requests per minute.

    Yes

    userId, regionId, instanceId

    Value

    Asymmetric decryption requests per minute

    Number of asymmetric decryption requests per minute.

    Yes

    userId, regionId, instanceId

    Value

    Asymmetric signing requests per minute

    Number of asymmetric signing requests per minute.

    Yes

    userId, regionId, instanceId

    Value

    Asymmetric signature verification requests per minute

    Number of asymmetric signature verification requests per minute.

    Yes

    userId, regionId, instanceId

    Value

    Credential operation requests per minute

    Number of credential requests per minute.

    Yes

    userId, regionId, instanceId

    Value

    Other requests per minute

    Number of other operation requests per minute.

    Yes

    userId, regionId, instanceId

    Value

    5xx error requests

    Number of requests with 5xx error codes per minute.

    Yes

    userId, regionId, instanceId

    Value

    4xx error requests

    Number of requests with 4xx error codes per minute.

    Yes

    userId, regionId, instanceId

    Value

    Request latency

    Average latency of all requests per minute.

    Yes

    userId, regionId, instanceId

    Value

    KMS instance CPU utilization

    CPU utilization of the instance.

    Yes

    user_id,instance_id

    Value

    KMS instance symmetric QPS utilization

    Symmetric QPS utilization of the instance.

    Yes

    user_id,instance_id

    Value

    KMS instance asymmetric QPS utilization

    Asymmetric QPS utilization of the instance.

    Yes

    user_id,instance_id

    Value

    Configuration example: Monitor KMS instance QPS and configure alerts

    If you want to monitor the QPS utilization of a KMS instance and receive alerts for potential performance bottlenecks, you can set a dynamic threshold-based alert rule for the "Requests per minute for an instance" metric. This helps you determine when to upgrade the instance type. CloudMonitor sends an alert notification when the number of requests per minute for the instance reaches 90% of the instance type's capacity.

    For example, if a KMS instance has a QPS of 2,000, the threshold for the number of requests per minute is 108,000 (2,000 QPS × 60 seconds × 90%). The following steps describe how to configure the alert rule.

    1. Log on to the KMS console. In the top navigation bar, select a region. In the navigation pane on the left, click Overview.

    2. On the Overview page, click Configure Alert Rules to go to the CloudMonitor console.

    3. On the Alert Rules page, click Create Alert Rule, configure the alert rule as described in the following table, and then click Confirm.

      Parameter

      Description

      Product

      Set to Key Management Service.

      Resource Range

      Set to Instances.

      Associated Resources

      Click Add Instance, select the KMS instance that you want to monitor, and then click OK.

      Rule Description

      Click Add Rule and select Simple Metric. On the Configure Rule Description panel, configure the following parameters:

      • Alert Rule: Enter a custom name for the rule.

      • Metric Type: Select Simple Metric.

      • Metric: Select Instance Dimensions / Requests per Minute, set the condition to Warn, and set the threshold to >= 108,000 for 3 consecutive statistical periods.

      Mute Period

      Set this parameter as needed. The default value is 24 hours.

      If the metric value continuously exceeds the alert threshold during the mute period, CloudMonitor does not send repeated alert notifications. If the metric value is not restored to the normal range after the mute period ends, CloudMonitor sends another alert notification.

      Effective Period, Tag, Alert Contact Group

      Please provide the required information.

      Advanced Settings

      Keep the default settings for Alert Callback, Push Channel, Recovery Notification, and Method to handle alerts when no monitoring data is found.

    Reference

    KMS integrates with Cloud Monitor (CMS) to provide monitoring and alerting for system events. For more information, see Alert events.