CreateCluster - AWS CloudHSM

CreateCluster

Creates a new AWS CloudHSM cluster.

Cross-account use: Yes. To perform this operation with an AWS CloudHSM backup in a different AWS account, specify the full backup ARN in the value of the SourceBackupId parameter.

Request Syntax

{ "BackupRetentionPolicy": { "Type": "string", "Value": "string" }, "HsmType": "string", "Mode": "string", "NetworkType": "string", "SourceBackupId": "string", "SubnetIds": [ "string" ], "TagList": [ { "Key": "string", "Value": "string" } ] }

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.

BackupRetentionPolicy

A policy that defines how the service retains backups.

Type: BackupRetentionPolicy object

Required: No

HsmType

The type of HSM to use in the cluster. The allowed values are hsm1.medium and hsm2m.medium.

Type: String

Length Constraints: Maximum length of 32.

Pattern: ((p|)hsm[0-9][a-z.]*\.[a-zA-Z]+)

Required: Yes

Mode

The mode to use in the cluster. The allowed values are FIPS and NON_FIPS.

Type: String

Valid Values: FIPS | NON_FIPS

Required: No

NetworkType

The NetworkType to create a cluster with. The allowed values are IPV4 and DUALSTACK.

Type: String

Valid Values: IPV4 | DUALSTACK

Required: No

SourceBackupId

The identifier (ID) or the Amazon Resource Name (ARN) of the cluster backup to restore. Use this value to restore the cluster from a backup instead of creating a new cluster. To find the backup ID or ARN, use DescribeBackups. If using a backup in another account, the full ARN must be supplied.

Type: String

Pattern: ^(arn:aws(-(us-gov))?:cloudhsm:([a-z]{2}(-(gov|isob|iso))?-(east|west|north|south|central){1,2}-[0-9]{1}):[0-9]{12}:backup/)?backup-[2-7a-zA-Z]{11,16}

Required: No

SubnetIds

The identifiers (IDs) of the subnets where you are creating the cluster. You must specify at least one subnet. If you specify multiple subnets, they must meet the following criteria:

  • All subnets must be in the same virtual private cloud (VPC).

  • You can specify only one subnet per Availability Zone.

Type: Array of strings

Array Members: Minimum number of 1 item. Maximum number of 10 items.

Pattern: subnet-[0-9a-fA-F]{8,17}

Required: Yes

TagList

Tags to apply to the AWS CloudHSM cluster during creation.

Type: Array of Tag objects

Array Members: Minimum number of 1 item. Maximum number of 50 items.

Required: No

Response Syntax

{ "Cluster": { "BackupPolicy": "string", "BackupRetentionPolicy": { "Type": "string", "Value": "string" }, "Certificates": { "AwsHardwareCertificate": "string", "ClusterCertificate": "string", "ClusterCsr": "string", "HsmCertificate": "string", "ManufacturerHardwareCertificate": "string" }, "ClusterId": "string", "CreateTimestamp": number, "Hsms": [ { "AvailabilityZone": "string", "ClusterId": "string", "EniId": "string", "EniIp": "string", "EniIpV6": "string", "HsmId": "string", "State": "string", "StateMessage": "string", "SubnetId": "string" } ], "HsmType": "string", "Mode": "string", "NetworkType": "string", "PreCoPassword": "string", "SecurityGroup": "string", "SourceBackupId": "string", "State": "string", "StateMessage": "string", "SubnetMapping": { "string" : "string" }, "TagList": [ { "Key": "string", "Value": "string" } ], "VpcId": "string" } }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

Cluster

Information about the cluster that was created.

Type: Cluster object

Errors

For information about the errors that are common to all actions, see Common Errors.

CloudHsmAccessDeniedException

The request was rejected because the requester does not have permission to perform the requested operation.

HTTP Status Code: 400

CloudHsmInternalFailureException

The request was rejected because of an AWS CloudHSM internal failure. The request can be retried.

HTTP Status Code: 500

CloudHsmInvalidRequestException

The request was rejected because it is not a valid request.

HTTP Status Code: 400

CloudHsmResourceNotFoundException

The request was rejected because it refers to a resource that cannot be found.

HTTP Status Code: 400

CloudHsmServiceException

The request was rejected because an error occurred.

HTTP Status Code: 400

CloudHsmTagException

The request was rejected because of a tagging failure. Verify the tag conditions in all applicable policies, and then retry the request.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: