Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

Preferences
Contact Us
Feedback
AWS Documentation
Create an AWS Account

Replicate a user with CloudHSM CLI

PDF
RSS
Focus mode
Replicate a user with CloudHSM CLI - AWS CloudHSM
User typeRequirementsSyntaxExamplesArgumentsRelated topics

Use the user replicate command in CloudHSM CLI to replicate a user from a source AWS CloudHSM cluster to a destination AWS CloudHSM cluster.

User type

The following types of users can run this command.

  • Admins (COs)

Requirements

  • The source and destination clusters must be clones. This means one was created from a backup of the other, or they were both created from a common backup. See Creating clusters from backups for more information.

  • To run this command, you must be logged in as an admin on both the source and destination clusters.

    • In single command mode, the command will use the CLOUDHSM_PIN and CLOUDHSM_ROLE environmental variables to authenticate on the source cluster. See Single Command mode for more information. To provide credentials for the destination cluster, you need to set two additional environmental variables: DESTINATION_CLOUDHSM_PIN and DESTINATION_CLOUDHSM_ROLE:

      $ export DESTINATION_CLOUDHSM_ROLE=role
      $ export DESTINATION_CLOUDHSM_PIN=username:password

    • In interactive mode, users will need to explicitly log into both the source and destination clusters.

Syntax

aws-cloudhsm > help user replicate
Replicate a user from a source to a destination cluster

Usage: user replicate --username <USERNAME> --role <ROLE> --source-cluster-id <SOURCE_CLUSTER_ID> --destination-cluster-id <DESTINATION_CLUSTER_ID>

Options:
      --username <USERNAME>
          Username of the user to replicate

      --role <ROLE>
          Role the user has in the cluster

          Possible values:
          - crypto-user: A CryptoUser has the ability to manage and use keys
          - admin:       An Admin has the ability to manage user accounts

      --source-cluster-id <SOURCE_CLUSTER_ID>
          Source cluster ID

      --destination-cluster-id <DESTINATION_CLUSTER_ID>
          Destination cluster ID

  -h, --help
          Print help (see a summary with '-h')

Examples

Example: Replicate user

This command replicates a user from a source cluster with to a cloned destination cluster. The example below demonstrates the output when logged in as an admin on both clusters.

admin-user@cluster-1234abcdefg > user replicate \
      --username example-admin \
      --role admin \
      --source-cluster-id cluster-1234abcdefg \
      --destination-cluster-id cluster-2345bcdefgh
{
  "error_code": 0,
  "data": {
    "user": {
      "username": "example-admin",
      "role": "admin",
      "locked": "false",
      "mfa": [],
      "quorum": [],
      "cluster-coverage": "full"
    },
    "message": "Successfully replicated user"
  }
}

Arguments

<USERNAME>

Specifies the username of the user to replicate in the source cluster.

Required: Yes

<ROLE>

Specifies the role assigned to this user. This parameter is required. Valid values are admin, crypto-user.

To get the user’s role, use the user list command. For detailed information about the user types on an HSM, see Understanding HSM users.

Required: Yes

<SOURCE_CLUSTER_ID>

The source cluster ID.

Required: Yes

<DESTINATION_CLUSTER_ID>

The destination cluster ID.

Required: Yes

Related topics

On this page

PrivacySite termsCookie preferences
© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved.