本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
# 開始使用 AWS CloudHSM 命令列界面 (CLI)
使用 CloudHSM CLI 命令列界面 (CLI),您可以管理 AWS CloudHSM 叢集中的使用者。使用此主題來開始使用基本硬體安全模組 (HSM) 使用者管理任務,例如建立使用者、列出使用者,以及將 CloudHSM CLI 連線至叢集。
**Topics**
+ [安裝 CloudHSM CLI](w2aac23c15c13b7.md)
+ [使用 CloudHSM CLI](cloudhsm_cli-getting-started-use.md)
# 安裝 CloudHSM CLI
使用下列命令來下載並安裝 的 CloudHSM CLI AWS CloudHSM。
------
#### [ Amazon Linux 2023 ]
x86\$164 架構上的 Amazon Linux 2023:
```
$ wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/Amzn2023/cloudhsm-cli-latest.amzn2023.x86_64.rpm
```
```
$ sudo yum install ./cloudhsm-cli-latest.amzn2023.x86_64.rpm
```
ARM64 架構上的 Amazon Linux 2023:
```
$ wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/Amzn2023/cloudhsm-cli-latest.amzn2023.aarch64.rpm
```
```
$ sudo yum install ./cloudhsm-cli-latest.amzn2023.aarch64.rpm
```
------
#### [ Amazon Linux 2 ]
Amazon Linux 2 (x86\$164 架構):
```
$ wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL7/cloudhsm-cli-latest.el7.x86_64.rpm
```
```
$ sudo yum install ./cloudhsm-cli-latest.el7.x86_64.rpm
```
Amazon Linux 2 (ARM64 架構):
```
$ wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL7/cloudhsm-cli-latest.el7.aarch64.rpm
```
```
$ sudo yum install ./cloudhsm-cli-latest.el7.aarch64.rpm
```
------
#### [ RHEL 10 (10.0\$1) ]
x86\$164 架構上的 RHEL 10:
```
$ wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL10/cloudhsm-cli-latest.el10.x86_64.rpm
```
```
$ sudo yum install ./cloudhsm-cli-latest.el10.x86_64.rpm
```
ARM64 架構上的 RHEL 10:
```
$ wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL10/cloudhsm-cli-latest.el10.aarch64.rpm
```
```
$ sudo yum install ./cloudhsm-cli-latest.el10.aarch64.rpm
```
------
#### [ RHEL 9 (9.2\$1) ]
x86\$164 架構上的 RHEL 9:
```
$ wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL9/cloudhsm-cli-latest.el9.x86_64.rpm
```
```
$ sudo yum install ./cloudhsm-cli-latest.el9.x86_64.rpm
```
ARM64 架構上的 RHEL 9:
```
$ wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL9/cloudhsm-cli-latest.el9.aarch64.rpm
```
```
$ sudo yum install ./cloudhsm-cli-latest.el9.aarch64.rpm
```
------
#### [ RHEL 8 (8.3\$1) ]
RHEL 8 (x86\$164 架構):
```
$ wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL8/cloudhsm-cli-latest.el8.x86_64.rpm
```
```
$ sudo yum install ./cloudhsm-cli-latest.el8.x86_64.rpm
```
ARM64 架構上的 RHEL 8:
```
$ wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL8/cloudhsm-cli-latest.el8.aarch64.rpm
```
```
$ sudo yum install ./cloudhsm-cli-latest.el8.aarch64.rpm
```
------
#### [ Ubuntu 24.04 LTS ]
x86\$164 架構上的 Ubuntu 24.04 LTS:
```
$ wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/Noble/cloudhsm-cli_latest_u24.04_amd64.deb
```
```
$ sudo apt install ./cloudhsm-cli_latest_u24.04_amd64.deb
```
ARM64 架構上的 Ubuntu 24.04 LTS:
```
$ wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/Noble/cloudhsm-cli_latest_u24.04_arm64.deb
```
```
$ sudo apt install ./cloudhsm-cli_latest_u24.04_arm64.deb
```
------
#### [ Ubuntu 22.04 LTS ]
Ubuntu 22.04 LTS (x86\$164 架構):
```
$ wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/Jammy/cloudhsm-cli_latest_u22.04_amd64.deb
```
```
$ sudo apt install ./cloudhsm-cli_latest_u22.04_amd64.deb
```
ARM64 架構上的 Ubuntu 22.04 LTS:
```
$ wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/Jammy/cloudhsm-cli_latest_u22.04_arm64.deb
```
```
$ sudo apt install ./cloudhsm-cli_latest_u22.04_arm64.deb
```
------
#### [ Windows Server 2022 ]
對於 x86\$164 架構上的 Windows Server 2022,請以管理員身分開啟 PowerShell,並執行下列命令:
```
PS C:\> wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/Windows/AWSCloudHSMCLI-latest.msi -Outfile C:\AWSCloudHSMCLI-latest.msi
```
```
PS C:\> Start-Process msiexec.exe -ArgumentList '/i C:\AWSCloudHSMCLI-latest.msi /quiet /norestart /log C:\client-install.txt' -Wait
```
------
#### [ Windows Server 2019 ]
對於 Windows Server 2019 (x86\$164 架構),請以系統管理員身分開啟 PowerShell,然後執行下列命令:
```
PS C:\> wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/Windows/AWSCloudHSMCLI-latest.msi -Outfile C:\AWSCloudHSMCLI-latest.msi
```
```
PS C:\> Start-Process msiexec.exe -ArgumentList '/i C:\AWSCloudHSMCLI-latest.msi /quiet /norestart /log C:\client-install.txt' -Wait
```
------
#### [ Windows Server 2016 ]
對於 Windows Server 2016 (x86\$164 架構),請以系統管理員身分開啟 PowerShell,然後執行下列命令:
```
PS C:\> wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/Windows/AWSCloudHSMCLI-latest.msi -Outfile C:\AWSCloudHSMCLI-latest.msi
```
```
PS C:\> Start-Process msiexec.exe -ArgumentList '/i C:\AWSCloudHSMCLI-latest.msi /quiet /norestart /log C:\client-install.txt' -Wait
```
------
使用下列命令來設定 CloudHSM CLI。
**為用戶端 SDK 5 引導 Linux EC2 執行個體**
+ 使用設定工具指定叢集中 HSM 的 IP 地址。
```
$ sudo /opt/cloudhsm/bin/configure-cli -a
```
**為用戶端 SDK 5 引導 Windows EC2 執行個體**
+ 使用設定工具指定叢集中 HSM 的 IP 地址。
```
PS C:\> & "C:\Program Files\Amazon\CloudHSM\bin\configure-cli.exe" -a
```
# 使用 CloudHSM CLI
使用下列命令來啟動和使用 CloudHSM CLI。
1. 使用下列命令來啟動 CloudHSM CLI。
------
#### [ Linux ]
```
$ /opt/cloudhsm/bin/cloudhsm-cli interactive
```
------
#### [ Windows ]
```
PS C:\> & "C:\Program Files\Amazon\CloudHSM\bin\cloudhsm-cli.exe" interactive
```
------
1. 使用 **login** 命令登入叢集。所有使用者都可以使用此命令。
以下範例中的命令將 *admin* 登入,這是預設的[管理員](understanding-users.md)賬戶。您已在[啟用叢集](activate-cluster.md)時設定此使用者的密碼。
```
aws-cloudhsm > login --username admin --role admin
```
系統會提示您輸入密碼。您輸入密碼,然後輸出顯示命令已成功。
```
Enter password:
{
"error_code": 0,
"data": {
"username": "admin",
"role": "admin"
}
}
```
1. 執行 **user list** 命令以列出叢集上的所有使用者。
```
aws-cloudhsm > user list
{
"error_code": 0,
"data": {
"users": [
{
"username": "admin",
"role": "admin",
"locked": "false",
"mfa": [],
"cluster-coverage": "full"
},
{
"username": "app_user",
"role": "internal(APPLIANCE_USER)",
"locked": "false",
"mfa": [],
"cluster-coverage": "full"
}
]
}
}
```
1. 用於 **user create** 建立名為 **example\$1user** 的 CU 使用者。
您可以建立 CU,因為在上一個步驟中,您以系統管理員使用者身分登入。只有管理員使用者可以執行使用者管理工作,例如建立和刪除使用者,以及變更其他使用者的密碼。
```
aws-cloudhsm > user create --username example_user --role crypto-user
Enter password:
Confirm password:
{
"error_code": 0,
"data": {
"username": "example_user",
"role": "crypto-user"
}
}
```
1. 用 **user list** 來列出叢集上的所有使用者。
```
aws-cloudhsm > user list
{
"error_code": 0,
"data": {
"users": [
{
"username": "admin",
"role": "admin",
"locked": "false",
"mfa": [],
"cluster-coverage": "full"
},
{
"username": "example_user",
"role": "crypto_user",
"locked": "false",
"mfa": [],
"cluster-coverage": "full"
},
{
"username": "app_user",
"role": "internal(APPLIANCE_USER)",
"locked": "false",
"mfa": [],
"cluster-coverage": "full"
}
]
}
}
```
1. 使用 **logout**命令登出 AWS CloudHSM 叢集。
```
aws-cloudhsm > logout
{
"error_code": 0,
"data": "Logout successful"
}
```
1. 使用 **quit** 命令停止 CLI。
```
aws-cloudhsm > quit
```