Create an HSM in AWS CloudHSM - AWS CloudHSM

Create an HSM in AWS CloudHSM

After you create a cluster in AWS CloudHSM, you can create a hardware security module (HSM). However, before you can create an HSM in your cluster, the cluster must be in the uninitialized state. To determine the cluster's state, view the clusters page in the AWS CloudHSM console, use the AWS CLI to run the describe-clusters command, or send a DescribeClusters request in the AWS CloudHSM API. You can create an HSM from the AWS CloudHSM console, the AWS CLI, or the AWS CloudHSM API.

Console
To create an HSM (console)

  1. Open the AWS CloudHSM console at https://console.aws.amazon.com/cloudhsm/home.

  2. Select the radio button next to the ID of the cluster you want to create an HSM for.

  3. Select Actions. From the drop down menu, choose Initialize.

  4. Choose an Availability Zone (AZ) for the HSM that you are creating.

  5. Select Create.

After you create a cluster and HSM, you can optionally verify the identity of the HSM, or proceed directly to Initialize the cluster.

AWS CLI
To create an HSM (AWS CLI)

  • At a command prompt, run the create-hsm command. Specify the cluster ID of the cluster that you created previously and an Availability Zone for the HSM. Specify the Availability Zone in the form of us-west-2a, us-west-2b, etc.

    $ aws cloudhsmv2 create-hsm --cluster-id <cluster ID> --availability-zone <Availability Zone>

{
    "Hsm": {
        "HsmId": "hsm-ted36yp5b2x",
        "EniIp": "10.0.1.12",
        "EniIpV6": "2600:113f:404:be09:310e:ed34:3412:f733",
        "AvailabilityZone": "us-west-2a",
        "ClusterId": "cluster-igklspoyj5v",
        "EniId": "eni-5d7ade72",
        "SubnetId": "subnet-fd54af9b",
        "State": "CREATE_IN_PROGRESS"
    }
}

After you create a cluster and HSM, you can optionally verify the identity of the HSM, or proceed directly to Initialize the cluster.

AWS CloudHSM API
To create an HSM (AWS CloudHSM API)

  • Send a CreateHsm request. Specify the cluster ID of the cluster that you created previously and an Availability Zone for the HSM.

After you create a cluster and HSM, you can optionally verify the identity of the HSM, or proceed directly to Initialize the cluster.