Once you’ve integrated with AWS CloudWatch, you have access to metrics from AWS Private CA, which enables the creation of private certificate authority (CA) hierarchies without the investment and maintenance costs of on-prem solutions.

All available AWS integrations

To verify metrics are reporting, search for the metrics on the Metric details page in Project settings.

The following table shows the Private CA metrics ingested by Lightstep.

Metric Name Unit Description
aws.privateca.crl_generated unit A certificate revocation list (CRL) was generated
aws.privateca.misconfigured_crl_bucket unit The S3 bucket for the CRL isn't correctly configured.
aws.privateca.time ms The time in millseconds between issuance request and completion (or failure) of the request.
aws.privateca.success unit The certificate was successfully issued.
aws.privateca.failure unit The operation failed. Only applies to IssueCertificate operation.