Skip to content

AWS Notes

Cloudhsm

AWS Notes

Table of Contents
Identity
Identity
Compute
Compute
- Containers
  Containers
  - Basics
  - Ecr
  - Ecs
  - Eks
- Ec2
  Ec2
- Elasticbeanstalk
  Elasticbeanstalk
  - TOC
  - Basics
  - Deployment
  - Docker
- Lambda
  Lambda
  - Basics
  - Execution
  - Networking
  - Stepfunctions
  - TOC
Databases
Databases
- Athena
- Elasticcache
- Redshift
- Aurora
  Aurora
  - Index
- Dynamodb
  Dynamodb
  - TOC
  - Basics
  - Dax
  - Globaltables
  - Indexes
  - Operating
  - Streams
- Rds
  Rds
  - Index
  - Basics
  - Multiaz
  - Backups
  - Readreplicas
  - Rdssecurity
  - Aurorabasics
  - Auroraserverless
  - Rdsproxy
  - Dms
Networking
Networking
- Toc
- Apigateway
  Apigateway
  - Basics
- Hybrid
  Hybrid
- Scaling
  Scaling
  - Asg
  - Loadbalancer
- Vpc
  Vpc
Storage
Storage
- Efs
- Fsx
- Transferfamily
Security
Security
- Cloudhsm Cloudhsm
  Table of contents
  - Basics
- Guardduty
- Inspector
- Neworkfirewall
- Trustedadvisor
- Waf
- Key management service
  Key management service
  - KMS Basics
Monitoring
Monitoring
- Awsconfig
- Cloudtrail
- Vpcflowlogs
- X ray
- Cloudwatch
  Cloudwatch
  - Basics
  - Cwlogs
  - Toc
Devops
Devops
- Basics
- Cicd
Costmanagement
Costmanagement
- Basics
Bcpdr
Bcpdr
- Disasterrecovery
Eventdriven
Eventdriven
- Architecture
- Eventbridge
- Kinesis
- Sns
- Sqs
- TOC
Machinelearning
Machinelearning
- Rekognition
- Comprehend
- Devicefarm
- Forecast
- Frauddetector
- Glue
- Kendra
- Kinesisvideostreams
- Lexconnect
- Polly
- Sagemaker
- Textract
- Transcribe
- Translate
Tbd

Cloudhsm

Basics

AWS Provisioned but fully customr managed
Cloud HSM is FIPS 140-2 Level 3 compliant. KMS is overall all Level 2 compliant and partially Level 3 compliant
While KMS is accessed using AWS APIs & governed by IAM, Cloud HSM is less integrated with AWS
For HSM Industry Standard APIS like PKCS#11, Java Croptographic Extensions(JCE), Microsoft CryptoNG(CNG) are used
KMS can use Cloud HSM as a custom keystore.
Cloud HSM is deployed in Cloud HSM VPC which is managed by AWS
HSM is a physical device that runs in one AZ. So for high availability one device needs to be deployed in each AZ and part of a cluster
HSM are injected inside customer VPC as ENI
Cloud HSM clients instance need to be installed on compute instances that want to use Cloud HSM
AWS has no access to areas where Cloud HSM is installed. Only customer administrator has access to it