CreateCluster
Creates a new AWS CloudHSM cluster.
Cross-account use: Yes. To perform this operation with an AWS CloudHSM backup in a different AWS account, specify the full backup ARN in the value of the SourceBackupId parameter.
Request Syntax
{
"BackupRetentionPolicy": {
"Type": "string
",
"Value": "string
"
},
"HsmType": "string
",
"Mode": "string
",
"NetworkType": "string
",
"SourceBackupId": "string
",
"SubnetIds": [ "string
" ],
"TagList": [
{
"Key": "string
",
"Value": "string
"
}
]
}
Request Parameters
For information about the parameters that are common to all actions, see Common Parameters.
The request accepts the following data in JSON format.
- BackupRetentionPolicy
-
A policy that defines how the service retains backups.
Type: BackupRetentionPolicy object
Required: No
- HsmType
-
The type of HSM to use in the cluster. The allowed values are
hsm1.medium
andhsm2m.medium
.Type: String
Length Constraints: Maximum length of 32.
Pattern:
((p|)hsm[0-9][a-z.]*\.[a-zA-Z]+)
Required: Yes
- Mode
-
The mode to use in the cluster. The allowed values are
FIPS
andNON_FIPS
.Type: String
Valid Values:
FIPS | NON_FIPS
Required: No
- NetworkType
-
The NetworkType to create a cluster with. The allowed values are
IPV4
andDUALSTACK
.Type: String
Valid Values:
IPV4 | DUALSTACK
Required: No
- SourceBackupId
-
The identifier (ID) or the Amazon Resource Name (ARN) of the cluster backup to restore. Use this value to restore the cluster from a backup instead of creating a new cluster. To find the backup ID or ARN, use DescribeBackups. If using a backup in another account, the full ARN must be supplied.
Type: String
Pattern:
^(arn:aws(-(us-gov))?:cloudhsm:([a-z]{2}(-(gov|isob|iso))?-(east|west|north|south|central){1,2}-[0-9]{1}):[0-9]{12}:backup/)?backup-[2-7a-zA-Z]{11,16}
Required: No
- SubnetIds
-
The identifiers (IDs) of the subnets where you are creating the cluster. You must specify at least one subnet. If you specify multiple subnets, they must meet the following criteria:
-
All subnets must be in the same virtual private cloud (VPC).
-
You can specify only one subnet per Availability Zone.
Type: Array of strings
Array Members: Minimum number of 1 item. Maximum number of 10 items.
Pattern:
subnet-[0-9a-fA-F]{8,17}
Required: Yes
-
- TagList
-
Tags to apply to the AWS CloudHSM cluster during creation.
Type: Array of Tag objects
Array Members: Minimum number of 1 item. Maximum number of 50 items.
Required: No
Response Syntax
{
"Cluster": {
"BackupPolicy": "string",
"BackupRetentionPolicy": {
"Type": "string",
"Value": "string"
},
"Certificates": {
"AwsHardwareCertificate": "string",
"ClusterCertificate": "string",
"ClusterCsr": "string",
"HsmCertificate": "string",
"ManufacturerHardwareCertificate": "string"
},
"ClusterId": "string",
"CreateTimestamp": number,
"Hsms": [
{
"AvailabilityZone": "string",
"ClusterId": "string",
"EniId": "string",
"EniIp": "string",
"EniIpV6": "string",
"HsmId": "string",
"State": "string",
"StateMessage": "string",
"SubnetId": "string"
}
],
"HsmType": "string",
"Mode": "string",
"NetworkType": "string",
"PreCoPassword": "string",
"SecurityGroup": "string",
"SourceBackupId": "string",
"State": "string",
"StateMessage": "string",
"SubnetMapping": {
"string" : "string"
},
"TagList": [
{
"Key": "string",
"Value": "string"
}
],
"VpcId": "string"
}
}
Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
Errors
For information about the errors that are common to all actions, see Common Errors.
- CloudHsmAccessDeniedException
-
The request was rejected because the requester does not have permission to perform the requested operation.
HTTP Status Code: 400
- CloudHsmInternalFailureException
-
The request was rejected because of an AWS CloudHSM internal failure. The request can be retried.
HTTP Status Code: 500
- CloudHsmInvalidRequestException
-
The request was rejected because it is not a valid request.
HTTP Status Code: 400
- CloudHsmResourceNotFoundException
-
The request was rejected because it refers to a resource that cannot be found.
HTTP Status Code: 400
- CloudHsmServiceException
-
The request was rejected because an error occurred.
HTTP Status Code: 400
- CloudHsmTagException
-
The request was rejected because of a tagging failure. Verify the tag conditions in all applicable policies, and then retry the request.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following: