Getting started with CloudHSM Command Line Interface (CLI)
CloudHSM Command Line Interface (CLI) allows you to manage users in your AWS CloudHSM cluster. Use this topic to get started with basic HSM user management tasks, such as creating users, listing users, and connecting CloudHSM CLI to the cluster.
Install the CloudHSM CLI
Use the following commands to download and install the CloudHSM CLI.
Use the following commands to configure CloudHSM CLI.
To bootstrap a Linux EC2 instance for Client SDK 5
-
Use the configure tool to specify the IP address of the HSM(s) in your cluster.
$
sudo /opt/cloudhsm/bin/configure-cli -a
<The ENI IP addresses of the HSMs>
To bootstrap a Windows EC2 instance for Client SDK 5
-
Use the configure tool to specify the IP address of the HSM(s) in your cluster.
"C:\Program Files\Amazon\CloudHSM\bin\configure-cli.exe" -a
<The ENI IP addresses of the HSMs>
Using CloudHSM CLI
-
Use the following command to start CloudHSM CLI.
-
Use the login command to log in to the cluster. All users can use this command.
The command in the following example logs in admin, which is the default admin account. You set this user's password when you activated the cluster.
aws-cloudhsm >
login --username admin --role admin
The system prompts you for your password. You enter the password, and the output shows that the command was successful.
Enter password: { "error_code": 0, "data": { "username": "admin", "role": "admin" } }
-
Run the user list command to list all the users on the cluster.
aws-cloudhsm >
user list
{ "error_code": 0, "data": { "users": [ { "username": "admin", "role": "admin", "locked": "false", "mfa": [], "cluster-coverage": "full" }, { "username": "app_user", "role": "internal(APPLIANCE_USER)", "locked": "false", "mfa": [], "cluster-coverage": "full" } ] } }
-
Use user create to create a CU user named
example_user
.You can create CUs because in a previous step you logged in as an admin user. Only admin users can perform user management tasks, such as creating and deleting users and changing the passwords of other users.
aws-cloudhsm >
user create --username example_user --role crypto-user
Enter password: Confirm password: { "error_code": 0, "data": { "username": "example_user", "role": "crypto-user" } }
-
Use user list to list all the users on the cluster.
aws-cloudhsm >
user list
{ "error_code": 0, "data": { "users": [ { "username": "admin", "role": "admin", "locked": "false", "mfa": [], "cluster-coverage": "full" }, { "username": "example_user", "role": "crypto_user", "locked": "false", "mfa": [], "cluster-coverage": "full" }, { "username": "app_user", "role": "internal(APPLIANCE_USER)", "locked": "false", "mfa": [], "cluster-coverage": "full" } ] } }
-
Use the logout command to log out of AWS CloudHSM cluster.
aws-cloudhsm >
logout
{ "error_code": 0, "data": "Logout successful" }
-
Use the quit command to stop the CLI.
aws-cloudhsm >
quit