AWS CloudHSM Key Store Resources
Within AWS CloudHSMs, AWS provides cloud-based hardware security modules (HSMs), which are used to perform cryptographic operations and store cryptographic keys securely. Using an AWS CloudHSM, you can create and control your encryption keys within the AWS Cloud. The HSMs reside in a cluster of HSMs, which are automatically synchronized whenever an operation is performed on one. You own and manage these HSMs as a single-tenant user of the device, which you run on your own AWS Virtual Private Cloud (VPC).
In this documentation, AWS CloudHSM is also referred to as AWS CloudHSM key store.
CCKM integration with AWS CloudHSM enables you to perform the following from the CCKM UI:
Create and manage CloudHSM key stores
Connect to a CloudHSM key store
Create and manage CloudHSM keys
Prerequisites for AWS CloudHSM
Prior to creating an AWS CloudHSM key store from CCKM, ensure to perform the prerequisite steps within AWS. For more information, refer to AWS CloudHSM documentation including the AWS Key Management Service Developer Guide and AWS CloudHSM User Guide.
Setting up a CloudHSM Key Store from CCKM
After you have performed the prerequisite steps including creating an AWS CloudHSM cluster, proceed to CCKM to create a CloudHSM key store and then connect it to the cluster you wish to use for this key store.
To set up a CloudHSM key store:
From CCKM, create a key store of type CloudHSM. See Create a CloudHSM Key Store.
From CCKM, connect your CloudHSM key store to its associated AWS CloudHSM cluster. See Connect to a CloudHSM Key Store.