MFA key pair requirements for AWS CloudHSM using CloudHSM CLI

To enable multi-factor authentication (MFA) for a hardware security moducle (HSM) user in AWS CloudHSM, you can create a new key pair or use an existing key that meets the following requirements:

Key type: Asymmetric
Key usage: Sign and verify
Key spec: RSA_2048
Signing algorithm includes: sha256WithRSAEncryption

Note

If you are using quorum authentication or plan to use quorum authentication, see Quorum authentication and MFA in AWS CloudHSM clusters using CloudHSM CLI

You can use CloudHSM CLI and the key pair to create a new admin user with MFA enabled.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Quorum authentication

Set up MFA