Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

Preferences
Contact Us
Feedback
AWS Documentation
Create an AWS Account

Change the quorum minimum value for AWS CloudHSM using CloudHSM CLI

PDF
RSS
Focus mode
Change the quorum minimum value for AWS CloudHSM using CloudHSM CLI - AWS CloudHSM

After setting the quorum minimum value for CloudHSM admins, you might need to adjust the quorum minimum value. The HSM allows changes to the quorum minimum value only when the number of approvers meets or exceeds the current value. For example, with a quorum minimum value of two (2), at least two (2) admins must approve any changes.

Note

The quorum value of the user service must always be less than the quorum value of the quorum service. For information on service names, see Supported AWS CloudHSM service names and types for quorum authentication with CloudHSM CLI.

To get quorum approval to change the quorum minimum value, you need a quorum token for the quorum service using the quorum token-sign set-quorum-value command. To generate a quorum token for the for the quorum service using the quorum token-sign set-quorum-value command, the quorum service must be higher than one (1). This means that before you can change the quorum minimum value for user service, you might need to change the quorum minimum value for quorum service.

Steps to change the quorum minimum value for admins

  1. Start the CloudHSM CLI interactive mode.

    Linux
    $ /opt/cloudhsm/bin/cloudhsm-cli interactive
    Windows
    C:\Program Files\Amazon\CloudHSM\bin\> .\cloudhsm-cli.exe interactive
    anchoranchor
    $ /opt/cloudhsm/bin/cloudhsm-cli interactive

  2. Log in to the cluster as an admin:

    aws-cloudhsm>login --username <admin> --role admin

  3. Check current quorum minimum values:

    aws-cloudhsm>quorum token-sign list-quorum-values

  4. If the quorum minimum value for the quorum service is lower than the value for the user service, change the quorum service value:

    aws-cloudhsm>quorum token-sign set-quorum-value --service quorum --value 3

  5. Generate a quorum token for the quorum service.

  6. Get approvals (signatures) from other admins.

  7. Approve the token on the CloudHSM cluster and execute a user management operation..

  8. Change the quorum minimum value for the user service:

    aws-cloudhsm>quorum token-sign set-quorum-value
Example Adjusting quorum service minimum values

  1. Check current values. The example shows that the quorum minimum value for user service is currently two (2).

    aws-cloudhsm > quorum token-sign list-quorum-values
{
  "error_code": 0,
  "data": {
    "user": 2,
    "quorum": 1
  }
}

  2. Change quorum service value. Set the quorum minimum value for quorum service to a value that is the same or higher than the value for user service. This example sets the quorum minimum value for quorum service to two (2), the same value that was set for user service in the previous example.

    aws-cloudhsm > quorum token-sign set-quorum-value --service quorum --value 2
{
  "error_code": 0,
  "data": "Set quorum value successful"
}

  3. Verify the changes. This example shows that the quorum minimum value is now two (2) for user service and quorum service.

    aws-cloudhsm > quorum token-sign list-quorum-values
{
  "error_code": 0,
  "data": {
    "user": 2,
    "quorum": 2
  }
}
PrivacySite termsCookie preferences
© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved.