The AWS CloudHSM service helps you meet corporate, contractual and regulatory compliance requirements for data security by using dedicated Hardware Security Module (HSM) appliances within the AWS cloud. With CloudHSM, you control the encryption keys and cryptographic operations performed by the HSM.nAWS and AWS Marketplace partners offer a variety of solutions for protecting sensitive data within the AWS platform, but for applications and data subject to rigorous contractual or regulatory requirements for managing cryptographic keys, additional protection is sometimes necessary. Until now, your only option was to store the sensitive data (or the encryption keys protecting the sensitive data) in your on-premises datacenters. Unfortunately, this either prevented you from migrating these applications to the cloud or significantly slowed their performance. The AWS CloudHSM service allows you to protect your encryption keys within HSMs designed and validated to government standards for secure key management. You can securely generate, store, and manage the cryptographic keys used for data encryption such that they are accessible only by you. AWS CloudHSM helps you comply with strict key management requirements without sacrificing application performance.nThe AWS CloudHSM service works with Amazon Virtual Private Cloud (VPC). CloudHSM instances are provisioned inside your VPC with an IP address that you specify, providing simple and private network connectivity to your Amazon Elastic Compute Cloud (EC2) instances. Placing CloudHSM instances near your EC2 instances decreases network latency, which can improve application performance. AWS provides dedicated and exclusive (single tenant) access to CloudHSM instances, isolated from other AWS customers. Available in multiple Regions and Availability Zones (AZs), AWS CloudHSM allows you to add secure and durable key storage to your applications.

Key Links

API Paths

Add Tags To Resource (GET) /?Action=AddTagsToResource OpenAPI
Create Hapg (GET) /?Action=CreateHapg OpenAPI
Create HSM (GET) /?Action=CreateHsm OpenAPI
Create Luna Client (GET) /?Action=CreateLunaClient OpenAPI
Delete HAPG (GET) /?Action=DeleteHapg OpenAPI
Delete HSM (GET) /?Action=DeleteHsm OpenAPI
Delete Luna Client (GET) /?Action=DeleteLunaClient OpenAPI
Describe HAPG (GET) /?Action=DescribeHapg OpenAPI
Describe HSM (GET) /?Action=DescribeHsm OpenAPI
Describe Luna Client (GET) /?Action=DescribeLunaClient OpenAPI
Get Config (GET) /?Action=GetConfig OpenAPI
List Available Zones (GET) /?Action=ListAvailableZones OpenAPI
List HAPG (GET) /?Action=ListHapgs OpenAPI
List HSM (GET) /?Action=ListHsms OpenAPI
List Luna Clients (GET) /?Action=ListLunaClients OpenAPI
List Tags For Resource (GET) /?Action=ListTagsForResource OpenAPI
Modify HAPG (GET) /?Action=ModifyHapg OpenAPI
Modify HSM (GET) /?Action=ModifyHsm OpenAPI
Modify Luna Client (GET) /?Action=ModifyLunaClient OpenAPI
Remove Tags From Resource (GET) /?Action=RemoveTagsFromResource OpenAPI