Supported Platforms - AWS CloudHSM

Supported Platforms

This topic lists platform support for Client SDK 5 and Client SDK 3 from AWS CloudHSM.

Understanding Platform Support

AWS CloudHSM supports only 64-bit operating systems.

Base support is different for each version of the SDK. Typically platform support for components in an SDK matches base support, but not always. To determine platform support for a given component, first make sure the platform you want appears in the base section for the SDK, then check for an exclusions or any other pertinent information in the component section.

Platform support changes over time. Earlier versions of the CloudHSM Client SDK may not support all the operating systems listed here. Use release notes to determine the operating system support for previous versions of the CloudHSM Client SDK. For more information, see Download AWS CloudHSM Client SDK.

Client SDK 5 Platform Support

Client SDK 5 does not require a client daemon. Base support for Client SDK 5 includes the following platforms.

Linux Support for Client SDK 5

  • Amazon Linux1

  • Amazon Linux 21

  • CentOS 7.8+1

  • CentOS 8.3+

  • Red Hat Enterprise Linux (RHEL) 7.8+1

  • Red Hat Enterprise Linux (RHEL) 8.3+

  • Ubuntu 18.04 LTS

Windows Support for Client SDK 5

  • Microsoft Windows Server 2016

  • Microsoft Windows Server 2019

Serverless Support for Client SDK 5

  • AWS Lambda

  • Docker/ECS

Base support annotations

The PKCS #11 library is a cross-platform component that matches Linux and Windows Client SDK 5 base support. For more information, see Linux Support for Client SDK 5 and Windows Support for Client SDK 5.

The OpenSSL Dynamic Engine is Linux only component that does not match Linux base support. See the exclusions below.

  • Requires OpenSSL 1.1.1

Unsupported platforms:

  • Amazon Linux

  • Amazon Linux 2

  • CentOS 7

  • Red Hat Enterprise Linux (RHEL) 7

  • Ubuntu 16.04 LTS

These platforms ship with a version of OpenSSL incompatible with OpenSSL Dynamic Engine for Client SDK 5. AWS CloudHSM supports these platforms with OpenSSL Dynamic Engine for Client SDK 3.

Client SDK 3 Platform Support

Client SDK 3 requires a client daemon and offers command-line tools including, CloudHSM Management Utility (CMU), key management utility (KMU), and the configure tool.

Base support for Client SDK 3 includes the following platforms.

Linux Support for Client SDK 3

  • Amazon Linux

  • Amazon Linux 2 1

  • CentOS 6.10+ 3

  • CentOS 7.3+

  • CentOS 8 2

  • Red Hat Enterprise Linux (RHEL) 6.10+ 3

  • Red Hat Enterprise Linux (RHEL) 7.3+

  • Red Hat Enterprise Linux (RHEL) 8 2

  • Ubuntu 16.04 LTS 4

  • Ubuntu 18.04 LTS 2

Windows Support Client SDK 3

  • Microsoft Windows Server 2012

  • Microsoft Windows Server 2012 R2

  • Microsoft Windows Server 2016

Base support annotations

The PKCS #11 library is a Linux only component that matches Linux base support. For more information, see Linux Support for Client SDK 3.

The JCE provider is a Linux only component that matches Linux base support. For more information, see Linux Support for Client SDK 3.

  • Requires OpenJDK 1.8

The OpenSSL Dynamic Engine is Linux only component that does not match Linux base support. See the exclusions below.

  • Requires OpenSSL 1.0.2[f+]

Unsupported platforms:

  • CentOS 8

  • Red Hat Enterprise Linux (RHEL) 8

  • Ubuntu 18.04 LTS

These platforms ship with a version of OpenSSL incompatible with OpenSSL Dynamic Engine for Client SDK 3. AWS CloudHSM supports these platforms with OpenSSL Dynamic Engine for Client SDK 5.

The CNG and KSP providers is a Windows only component that matches Windows base support. For more information, see Windows Support Client SDK 3.

CloudHSM Management Utility Platform Support

CloudHSM Management Utility (CMU) supports all platforms for Client SDK 5 and Client SDK 3, unless specified below.

Unsupported platforms:

  • Windows 2019