Menu
AWS Identity and Access Management
User Guide

Actions, Resources, and Condition Keys for AWS CloudHSM

AWS CloudHSM (service prefix: cloudhsm) provides the following service-specific resources, actions, and condition context keys for use in IAM permission policies.

References:

Actions Defined by AWS CloudHSM

You can specify the following actions in the Action element of an IAM policy statement. By using policies, you define the permissions for anyone performing an operation in AWS. When you use an action in a policy, you usually allow or deny access to the API operation or CLI command with the same name. However, in some cases, a single action controls access to more than one operation. Alternatively, some operations require several different actions. For details about the columns in the following table, see The Actions Table.

Actions Description Access Level Resource Types (*required) Condition Keys Dependent Actions
AddTagsToResource Adds or overwrites one or more tags for the specified AWS CloudHSM resource

Write

Tagging

CreateHapg Creates a high-availability partition group

Write

CreateHsm Creates an uninitialized HSM instance

Write

CreateLunaClient Creates an HSM client

Write

DeleteHapg Deletes a high-availability partition group

Write

DeleteHsm Deletes an HSM. After completion, this operation cannot be undone and your key material cannot be recovered

Write

DeleteLunaClient Deletes a client

Write

DescribeHapg Retrieves information about a high-availability partition group

Read

Write

DescribeHsm Retrieves information about an HSM. You can identify the HSM by its ARN or its serial number

Read

Write

DescribeLunaClient Retrieves information about an HSM client

Read

Write

GetConfig Gets the configuration files necessary to connect to all high availability partition groups the client is associated with

Read

Write

ListAvailableZones Lists the Availability Zones that have available AWS CloudHSM capacity

Read

Write

List

ListHapgs Lists the high-availability partition groups for the account

Read

Write

List

ListHsms Retrieves the identifiers of all of the HSMs provisioned for the current customer

Read

Write

List

ListLunaClients Lists all of the clients

Read

Write

List

ListTagsForResource Returns a list of all tags for the specified AWS CloudHSM resource

Read

Write

ModifyHapg Modifies an existing high-availability partition group

Write

ModifyHsm Modifies an HSM

Write

ModifyLunaClient Modifies the certificate used by the client

Write

RemoveTagsFromResource Removes one or more tags from the specified AWS CloudHSM resource

Write

Tagging

Resources Defined by CloudHSM

CloudHSM has no service-defined resources that can be used as the Resource element of an IAM policy statement.

Condition Keys for AWS CloudHSM

CloudHSM has no service-specific context keys that can be used in the Condition element of policy statements. For the list of the global context keys that are available to all services, see Available Keys for Conditions in the IAM Policy Reference.