AWS CloudHSM provides secure cryptographic key storage to customers by making hardware security modules (HSMs) available in the AWS cloud

Dedicated HSM (hardware security module) appliances within the AWS cloud.

3500 keys in only one HSM.

1024 users in one appliance.

CloudHSM allows encryption keys protection within HSMs, designed and validated to government standards for secure key management.

CloudHSM uses SafeNet Luna SA HSM appliances

AWS can’t help recover the key material if the credentials are lost

CloudHSM provides single tenant dedicated access to each HSM appliance

Placing HSM appliances near your EC2 instances decreases network latency, which can improve application performance

Integrated with Amazon Redshift and Amazon RDS for Oracle.

Other use cases like EBS volume encryption and S3 object encryption and key management can be handled by writing custom applications and integrating them with CloudHSM .

Hardware appliance that provides secure key storage and cryptographic operations within a tamper-resistant hardware module.

Designed with physical and logical mechanisms, to securely store cryptographic key material and use the key material without exposing it outside the cryptographic boundary of the appliance.

Include tamper detection and tamper response, is designed to securely destroy the keys rather than risk compromise.

Logical protections include role-based access controls that provide separation of duties.

Content