CreateHsm - AWS CloudHSM Service
Request SyntaxRequest ParametersResponse SyntaxResponse ElementsErrorsSee Also

CreateHsm

This is documentation for AWS CloudHSM Classic. For more information, see AWS CloudHSM Classic FAQs, the AWS CloudHSM Classic User Guide, and the AWS CloudHSM Classic API Reference.

For information about the current version of AWS CloudHSM, see AWS CloudHSM, the AWS CloudHSM User Guide, and the AWS CloudHSM API Reference.

Creates an uninitialized HSM instance.

There is an upfront fee charged for each HSM instance that you create with the CreateHsm operation. If you accidentally provision an HSM and want to request a refund, delete the instance using the DeleteHsm operation, go to the AWS Support Center, create a new case, and select Account and Billing Support.

Important

It can take up to 20 minutes to create and provision an HSM. You can monitor the status of the HSM with the DescribeHsm operation. The HSM is ready to be initialized when the status changes to RUNNING.

Request Syntax

{
   "ClientToken": "string",
   "EniIp": "string",
   "ExternalId": "string",
   "IamRoleArn": "string",
   "SshKey": "string",
   "SubnetId": "string",
   "SubscriptionType": "string",
   "SyslogIp": "string"
}

Request Parameters

The request accepts the following data in JSON format.

ClientToken

A user-defined token to ensure idempotence. Subsequent calls to this operation with the same token will be ignored.

Type: String

Pattern: [a-zA-Z0-9]{1,64}

Required: No

EniIp

The IP address to assign to the HSM's ENI.

If an IP address is not specified, an IP address will be randomly chosen from the CIDR range of the subnet.

Type: String

Pattern: \d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}

Required: No

ExternalId

The external ID from IamRoleArn, if present.

Type: String

Pattern: [\w :+=./-]*

Required: No

IamRoleArn

The ARN of an IAM role to enable the AWS CloudHSM service to allocate an ENI on your behalf.

Type: String

Pattern: arn:aws(-iso)?:iam::[0-9]{12}:role/[a-zA-Z0-9_\+=,\.\-@]{1,64}

Required: Yes

SshKey

The SSH public key to install on the HSM.

Type: String

Pattern: [a-zA-Z0-9+/= ._:\\@-]*

Required: Yes

SubnetId

The identifier of the subnet in your VPC in which to place the HSM.

Type: String

Pattern: subnet-[0-9a-f]{8}

Required: Yes

SubscriptionType

Specifies the type of subscription for the HSM.

  • PRODUCTION - The HSM is being used in a production environment.

  • TRIAL - The HSM is being used in a product trial.

Type: String

Valid Values: PRODUCTION

Required: Yes

SyslogIp

The IP address for the syslog monitoring server. The AWS CloudHSM service only supports one syslog monitoring server.

Type: String

Pattern: \d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}

Required: No

Response Syntax

{
   "HsmArn": "string"
}

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

HsmArn

The ARN of the HSM.

Type: String

Pattern: arn:aws(-iso)?:cloudhsm:[a-zA-Z0-9\-]*:[0-9]{12}:hsm-[0-9a-f]{8}

Errors

For information about the errors that are common to all actions, see Common Errors.

CloudHsmInternalException

Indicates that an internal error occurred.

HTTP Status Code: 500

CloudHsmServiceException

Indicates that an exception occurred in the AWS CloudHSM service.

HTTP Status Code: 400

InvalidRequestException

Indicates that one or more of the request parameters are not valid.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: