Alarm Rules Have Been Configured for Key Disablement and Deletion
Rule Details
|
Parameter |
Description |
|---|---|
|
Rule Name |
alarm-kms-disable-or-delete-key |
|
Identifier |
Alarm Rules Have Been Configured for Key Disablement and Deletion |
|
Description |
If there are no alarm rules configured for disabling or deleting KMS keys, the check result is non-compliant. |
|
Tag |
ces, kms |
|
Trigger Type |
Periodic |
|
Filter Type |
Account |
|
Rule Parameters |
None |
Application Scenarios
You can set alarm rules for key metrics of cloud services. When the conditions in the alarm rule are met, Cloud Eye sends email, or text message, or sends HTTP/HTTPS messages, enabling you to quickly respond to resource changes. For details, see Alarm Overview.
For details about the events supported by Cloud Eye, seeEvents Supported by Event Monitoring. You need to pay special attention to the "disableKey" and "scheduleKeyDeletion" events for KMS. If the key is disabled, data encrypted using the key cannot be decrypted, and the data will be permanently unavailable.
Solution
Create related alarm rules.
Rule Logic
- If there are no alarm rules configured for disabling KMS or deleting keys, this rule is non-compliant.
- If there are alarm rules configured for disabling KMS or deleting keys, this rule is compliant.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
