CloudHSM

  • CloudHSM provides hardware security modules in AWS.

  • A hardware security module (HSM) is a computing device that processes cryptographic operations and provides secure storage for cryptographic keys.

  • When you use a HSM from AWS CloudHSM, you can perform a variety of cryptographic tasks:

    • Generate, store, import, export, and manage cryptographic keys, including symmetric keys and asymmetric key pairs.

    • Use symmetric and asymmetric algorithms to encrypt and decrypt data.

    • Use cryptographic hash functions to compute message digests and hash-based message authentication codes (HMACs).

    • Cryptographically sign data (including code signing) and verify signatures.

    • Generate cryptographically secure random data.

  • A cluster is a collection of individual HSMs that CloudHSM keeps in sync.

  • You can create a cluster that has from 1 to 28 HSMs (the default limit is 6 HSMs per AWS account per AWS Region).

  • You can place the HSMs in different Availability Zones in an AWS Region. Adding more HSMs to a cluster provides higher performance. Spreading clusters across Availability Zones provides redundancy and high availability.

  • If you want a managed service for creating and controlling your encryption keys, but you don't want or need to operate your own HSM, consider using AWS KMS.

PreviousIAM Permission BoundariesNextKey Management Service (KMS)

Last updated

Was this helpful?