Menu
AWS CloudHSM
User Guide

What Is AWS CloudHSM?

A hardware security module (HSM) is a hardware appliance that provides secure key storage and cryptographic operations within a tamper-resistant hardware module. HSMs are designed to securely store cryptographic key material and use the key material without exposing it outside the cryptographic boundary of the appliance.

AWS CloudHSM helps you meet corporate, contractual and regulatory compliance requirements for data security by using dedicated HSM appliances within the AWS cloud. AWS and AWS Marketplace partners offer a variety of solutions for protecting sensitive data within the AWS platform, but additional protection is necessary for some applications and data that are subject to strict contractual or regulatory requirements for managing cryptographic keys.

Until now, your only options were to maintain the sensitive data or the encryption keys protecting the sensitive data in your on-premises data centers. However, those options either prevented you from migrating these applications to the cloud or significantly slowed application performance. AWS CloudHSM allows you to protect your encryption keys within HSMs that are designed and validated to government standards for secure key management. You can securely generate, store, and manage the cryptographic keys used for data encryption in a way that ensures that only you have access to the keys. AWS CloudHSM helps you comply with strict key management requirements within the AWS cloud without sacrificing application performance.  

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance

AWS CloudHSM supports the processing, storage, and transmission of credit card data by a merchant or service provider, and has been validated as being compliant with Payment Card Industry (PCI) Data Security Standard (DSS). For more information about PCI DSS, including how to request a copy of the AWS PCI Compliance Package, see PCI DSS Level 1.

Pricing

For more information about AWS CloudHSM pricing, go to AWS CloudHSM Pricing. If you want to try the AWS CloudHSM service for free, you can request a two week trial. For more information about the free trial, go to Free Trial.

AWS CloudHSM works with Amazon Virtual Private Cloud (Amazon VPC). HSM appliances are provisioned inside your VPC with an IP address that you specify, providing simple and private network connectivity to your EC2 instances. Placing HSM appliances near your EC2 instances decreases network latency, which can improve application performance. Your HSM appliances are dedicated exclusively to you and are isolated from other AWS customers. Available in multiple regions and Availability Zones, AWS CloudHSM can be used to build highly available and durable applications.

For more information about Amazon VPC, see What Is VPC? in the Amazon VPC User Guide.

Where to Get Additional Help

We recommend that you take advantage of the AWS Discussion Forums. These are community-based forums for users to discuss technical questions related to AWS services. For the AWS CloudHSM forum, go to https://forums.aws.amazon.com/forum.jspa?forumID=156.

You can also get help if you subscribe to AWS Premium Support, a one-on-one, fast-response support channel (for more information, go to https://aws.amazon.com/premiumsupport).

About Amazon Web Services

Amazon Web Services (AWS) is a collection of digital infrastructure services that developers can leverage when developing their applications. The services include computing, storage, database, and application synchronization(messaging and queuing). AWS uses a pay-as-you-go service model. You are charged only for the services that you—or your applications—use. Also, to make AWS more approachable as a platform for prototyping and experimentation, AWS offers a free usage tier. On this tier, services are free below a certain level of usage. For more information about AWS costs and the Free Tier, see Test-Driving AWS in the Free Usage Tier. To obtain an AWS account, open the AWS home page and then click Sign Up.