AWS CloudHSM command line tools - AWS CloudHSM

AWS CloudHSM command line tools

In addition to the AWS Command Line Interface (AWS CLI) that you use for managing your AWS resources, AWS CloudHSM offers command-line tools for creating and managing hardware security module (HSM) users and keys on your HSMs. In AWS CloudHSM, you use the familiar CLI to manage your cluster, and the CloudHSM command-line tools to manage your HSM.

These are the various command-line tools:

To manage HSMs and clusters

CloudHSMv2 commands in AWS CLI and HSM2 PowerShell cmdlets in the AWSPowerShell module

To manage HSM users

CloudHSM CLI

  • Use CloudHSM CLI to create users, delete users, list users, change user passwords, and update user multi-factor authentication (MFA). It is not included in the AWS CloudHSM client software. For guidance on installing this tool, see Install and configure CloudHSM CLI.

Helper Tools

Two tools help you to use AWS CloudHSM tools and software libraries:

  • The configure tool updates your CloudHSM client configuration files. This allows AWS CloudHSM to synchronize the HSMs in a cluster.

    AWS CloudHSM offers two major versions, and Client SDK 5 is the latest. It offers a variety of advantages over Client SDK 3 (the previous series).

  • pkpspeed measures the performance of your HSM hardware independent of software libraries.

Tools for previous SDKs

Use the key management tool (KMU) create, delete, import, and export symmetric keys and asymmetric key pairs:

  • key_mgmt_util. This tool is included in the AWS CloudHSM client software.

Use the CloudHSM management tool (CMU) to create and delete HSM users, including implementing quorum authentication of user management tasks

The following topics further describe the command-line tools available for managing and using AWS CloudHSM.

Topics