Understanding user management Download CloudHSM CLI

Using CloudHSM CLI to manage users

This topic provides step-by-step instruction on managing hardware security module (HSM) users with CloudHSM CLI. For more information about CloudHSM CLI or HSM users, see CloudHSM CLI and Using CloudHSM CLI.

Sections

Understanding user management
Download CloudHSM CLI
How to

Understanding HSM user management with CloudHSM CLI

To manage HSM users, you must log in to the HSM with the user name and password of an admin. Only admins can manage users. The HSM contains a default admin named admin. You set the password for admin when you activated the cluster.

To use CloudHSM CLI, you must use the configure tool to update the local configuration. For instructions on running the configure tool with CloudHSM CLI, see Getting started with CloudHSM Command Line Interface (CLI). The -a parameter requires you to add the IP address of an HSM in your cluster. If you have multiple HSMs, you can use any IP address. This ensures CloudHSM CLI can propagate any changes you make across the entire cluster. Remember that CloudHSM CLI uses its local file to track cluster information. If the cluster has changed since the last time you used CloudHSM CLI from a particular host, you must add those changes to the local configuration file stored on that host. Never remove an HSM while you're using CloudHSM CLI.

To get an IP address for an HSM (console)

Open the AWS CloudHSM console at https://console.aws.amazon.com/cloudhsm/home.
To change the AWS Region, use the Region selector in the upper-right corner of the page.
To open the cluster detail page, in the cluster table, choose the cluster ID.
To get the IP address, on the HSMs tab, choose one of the IP addresses listed under ENI IP address.

To get an IP address for an HSM (AWS CLI)

Get the IP address of an HSM by using the describe-clusters command from the AWS CLI. In the output from the command, the IP address of the HSMs are the values of EniIp.


$  aws cloudhsmv2 describe-clusters
	

{
    "Clusters": [
        { ... }
            "Hsms": [
                {
...
                    "EniIp": "10.0.0.9",
...
                },
                {
...
                    "EniIp": "10.0.1.6",
...

Download CloudHSM CLI

The latest version of CloudHSM CLI is available for HSM user management tasks for Client SDK 5. To download and install CloudHSM CLI, follow the instructions in Install and configure CloudHSM CLI.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Using CloudHSM CLI

How to