The Overview page provides a dashboard that displays key information about your KMS instances, including their instance types, status, and metrics. You can also configure alert rules to monitor these metrics. This topic describes how to view the dashboard for a KMS instance and configure CloudMonitor alerts.
Overview
If the page displays the message "The current instance version is too low. To view all metrics, submit a ticket to confirm the upgrade time", you must upgrade the image version of your KMS instance.
KMS integrates with CloudMonitor to display trend charts for metrics on the Overview page. For more information about CloudMonitor, see What is CloudMonitor?.
You can also set CloudMonitor alerts based on your business needs to proactively identify and resolve issues with KMS. Common alert rule settings include:
-
The average number of requests per second reaches 90% of the threshold. For more information about performance data, see Performance data.
For example, if you purchase a software key management instance with a Computing Performance of 1,000 queries per second (QPS), you can set an alert to trigger when the total number of requests per minute for the instance reaches 54,000 (1,000 QPS * 60 seconds * 90%) for three consecutive periods. This indicates that the average value of the metric has exceeded 90% of the instance's performance capacity. In this case, we recommend that you upgrade the instance type to increase its performance.
-
4xx error requests or 5xx error requests occur for three consecutive periods.
4xx error requests are typically caused by factors such as invalid requests or non-existent resources. You can troubleshoot these errors based on the error messages. 5xx errors generally indicate that the service is unavailable. Try again later or submit a ticket to contact Alibaba Cloud technical support.
Prerequisites
If you log on as a RAM user (sub-account), you must grant the RAM user read-only permissions on CloudMonitor (AliyunCloudMonitorReadOnlyAccess) in the RAM console. For more information, see Manage RAM user permissions.
View instance overview and monitoring data
Log on to the Key Management Service console. In the top navigation bar, select a region. In the left-side navigation pane, click Overview.
-
On the Instance Gateway tab, select an Instance ID to view the overview and monitoring data of the KMS instance.
NoteYou can view metrics for the last 30 days.
-
(Optional) Turn on the Auto Refresh switch to automatically refresh the monitoring data every minute. At the top of the monitoring data page, you can select a time range by using the quick select options, such as 1 Hour, 3 Hours, 6 Hours, 12 Hours, 1 Day, 3 Days, 7 Days, and 14 Days, or by specifying a Custom range. The right side of the page provides a link to Configure Alert Rules, the Auto Refresh switch, and a manual refresh button.
Configure alerts for metrics
Method 1: Use one-click alerting in KMS
KMS provides built-in general alert rules that are disabled by default. You can set alerts only for 4xx Error Requests, 5xx Error Requests, and Request Latency. To set alerts for other metrics, use Method 2.
By default, alert notifications are sent to the system-created cloud account alert contact. To change the contact, go to the CloudMonitor console. For more information, see Modify an alert contact or alert contact group.
Log on to the Key Management Service console. In the top navigation bar, select a region. In the left-side navigation pane, click Overview.
-
Select an instance, click Proactive Alerting, and then turn on the switch.
Note-
After you enable One-click Alerting, the alert rules apply to all KMS instances under your Alibaba Cloud account.
-
If you previously enabled One-click Alerting and modified the alert rules, enabling the feature again restores the rules to their default settings.
-
-
(Optional) Disable, modify, or delete the default alert rules.
If you want to set alerts only for specific metrics or configure more granular alert rules, you can use the buttons in the Actions column of the alert rule list to disable, modify, or delete alert rules.
Method 2: Configure alerts in CloudMonitor
Log on to the Key Management Service console. In the top navigation bar, select a region. In the left-side navigation pane, click Overview.
-
On the Overview page, click Configure Alert Rules to go to the CloudMonitor console.
-
On the Alert Rules page, click Create Alert Rule to complete the configuration. For more information, see Create an alert rule.
When you create an alert rule, select Key Management Service for the Product parameter.
Supported CloudMonitor metrics
|
Metric |
Description |
Alerting supported |
Dimensions |
Statistics |
|
Requests per minute for an instance |
The total number of requests the instance receives per minute. |
Yes |
userId, regionId, instanceId |
Value |
|
Symmetric encryption/decryption requests per minute |
The total number of symmetric operation requests per minute. |
Yes |
userId, regionId, instanceId |
Value |
|
Asymmetric encryption requests per minute |
The total number of asymmetric encryption requests per minute. |
Yes |
userId, regionId, instanceId |
Value |
|
Asymmetric decryption requests per minute |
The total number of asymmetric decryption requests per minute. |
Yes |
userId, regionId, instanceId |
Value |
|
Asymmetric signing requests per minute |
The total number of asymmetric signing requests per minute. |
Yes |
userId, regionId, instanceId |
Value |
|
Asymmetric signature verification requests per minute |
The total number of asymmetric signature verification requests per minute. |
Yes |
userId, regionId, instanceId |
Value |
|
Secret operation requests per minute |
The total number of secret requests per minute. |
Yes |
userId, regionId, instanceId |
Value |
|
Other requests per minute |
The total number of other operation requests per minute. |
Yes |
userId, regionId, instanceId |
Value |
|
5xx error requests |
The number of requests per minute that result in a 5xx error code. |
Yes |
userId, regionId, instanceId |
Value |
|
4xx error requests |
The number of requests per minute that result in a 4xx error code. |
Yes |
userId, regionId, instanceId |
Value |
|
Request latency |
The average latency of all requests in one minute. |
Yes |
userId, regionId, instanceId |
Value |
|
KMS instance CPU utilization |
The instance's CPU utilization as a percentage. |
Yes |
userId, instanceId |
Value |
|
KMS instance symmetric QPS utilization |
The instance's symmetric QPS utilization, as a percentage of its total capacity. |
Yes |
userId, instanceId |
Value |
|
KMS instance asymmetric QPS utilization |
The instance's asymmetric QPS utilization, as a percentage of its total capacity. |
Yes |
userId, instanceId |
Value |
Example: Configure QPS monitoring alerts
If you want to monitor the QPS utilization of a KMS instance and receive alerts for potential performance bottlenecks, you can set a dynamic threshold-based alert rule for the "Requests per minute for an instance" metric. This helps you decide when to upgrade the instance type.
For example, if a KMS instance has a QPS of 2,000, set the threshold for the "Requests per minute for an instance" metric to 108,000 (2,000 QPS * 60 seconds * 90%).
Log on to the Key Management Service console. In the top navigation bar, select a region. In the left-side navigation pane, click Overview.
-
Click Configure Alert Rules to go to the CloudMonitor console.
-
On the Alert Rules page, click Create Alert Rule, configure the parameters as described in the following table, and then click OK.
Parameter
Description
Product
Select Key Management Service.
Resource Range
Select Instance.
Associated Resources
Click Add Instance, select the KMS instance that you want to monitor, and then click OK.
Rule Description
-
Rule Name: Enter a name for the rule.
-
Metric Type: Select Simple Metric.
-
Metric: Select Requests per minute for an instance. Set the alert level to Warning, and the condition to trigger an alert when the value is >= 108,000 for 3 consecutive periods.
Mute Period
Set this parameter as needed. The default of 24 hours is usually sufficient.
If the metric value continuously exceeds the alert threshold during the Mute Period, CloudMonitor does not send repeated alert notifications. If the metric value does not return to a normal level after the Mute Period ends, CloudMonitor sends another alert notification.
Alert Contact Group
If no alert contact is available, see Create an alert contact or an alert contact group.
Advanced Settings
Leave the default settings.
-
Related documents
KMS integrates with Cloud Monitor (CMS) to monitor system events and trigger alerts. For more information, see Alert events.