CloudHSM

  • CloudHSM is a cloud-based hardware security module (HSM) that enables you to easily generate and use your own encryption keys on AWS.

  • With CloudHSM, you can manage your own encryption keys using FIPS 140-2 Level 3 validated HSMs.

  • CloudHSM offers you the flexibility to integrate with your applications using industry-standard APIs, such as PKCS#11, Java Cryptography Extensions (JCE), and Microsoft CryptoNG (CNG) libraries.

  • CloudHSM is standards-compliant and enables you to export all of your keys to most other commercially-available HSMs, subject to your configurations.

  • It is a fully-managed service that automates time-consuming administrative tasks for you, such as hardware provisioning, software patching, high-availability, and backups.

  • CloudHSM also enables you to scale quickly by adding and removing HSM capacity on-demand, with no up-front costs.

  • CloudHSM provides hardware security modules (HSMs) in a cluster.

    • A cluster is a collection of individual HSMs that CloudHSM keeps in sync.

    • You can think of a cluster as one logical HSM.

    • When you create the HSMs in different AWS Availability Zones, you automatically get high availability.

PreviousSecrets Manager OverviewNextShield

Last updated