Adding an HSM to an AWS CloudHSM cluster
The following figure illustrates the events that occur when you add an HSM to a cluster.
-
You add a new HSM to a cluster. The following procedures explain how to do this from the AWS CloudHSM console
, the AWS Command Line Interface (AWS CLI) , and the AWS CloudHSM API. This is the only action that you take. The remaining events occur automatically.
-
AWS CloudHSM makes a backup copy of an existing HSM in the cluster. For more information, see Backups.
-
AWS CloudHSM restores the backup onto the new HSM. This ensures that the HSM is in sync with the others in the cluster.
-
The existing HSMs in the cluster notify the AWS CloudHSM client that there's a new HSM in the cluster.
-
The client establishes a connection to the new HSM.
To add an HSM (console)
Open the AWS CloudHSM console at https://console.aws.amazon.com/cloudhsm/home
. -
Choose a cluster for the HSM that you are adding.
-
On the HSMs tab, choose Create HSM.
-
Choose an Availability Zone (AZ) for the HSM that you are creating. Then choose Create.
To add an HSM (AWS CLI)
-
At a command prompt, issue the create-hsm command, specifying a cluster ID and an Availability Zone for the HSM that you are creating. If you don't know the cluster ID of your preferred cluster, issue the describe-clusters command. Specify the Availability Zone in the form of
us-east-2a,us-east-2b, etc.$aws cloudhsmv2 create-hsm --cluster-id<cluster ID>--availability-zone<Availability Zone>{ "Hsm": { "State": "CREATE_IN_PROGRESS", "ClusterId": "cluster-5a73d5qzrdh", "HsmId": "hsm-lgavqitns2a", "SubnetId": "subnet-0e358c43", "AvailabilityZone": "us-east-2c", "EniId": "eni-bab18892", "EniIp": "10.0.3.10", "EniIpV6": "2600:113f:404:be09:310e:ed34:3412:f733" } }
To add an HSM (AWS CloudHSM API)
-
Send a CreateHsm request, specifying the cluster ID and an Availability Zone for the HSM that you are creating.
