Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

Preferences
Contact Us
Feedback
AWS Documentation
Create an AWS Account

Use the CloudHSM CLI

PDF
RSS
Focus mode
Use the CloudHSM CLI - AWS CloudHSM

Use the following commands to start and use the CloudHSM CLI.

  1. Use the following command to start CloudHSM CLI.

    Linux
    $ /opt/cloudhsm/bin/cloudhsm-cli interactive
    Windows
    C:\Program Files\Amazon\CloudHSM\bin\> .\cloudhsm-cli.exe interactive
    anchoranchor
    $ /opt/cloudhsm/bin/cloudhsm-cli interactive

  2. Use the login command to log in to the cluster. All users can use this command.

    The command in the following example logs in admin, which is the default admin account. You set this user's password when you activated the cluster.

    aws-cloudhsm > login --username admin --role admin

    The system prompts you for your password. You enter the password, and the output shows that the command was successful.

    Enter password:
{
  "error_code": 0,
  "data": {
    "username": "admin",
    "role": "admin"
  }
}

  3. Run the user list command to list all the users on the cluster.

    aws-cloudhsm > user list
{
  "error_code": 0,
  "data": {
    "users": [
      {
        "username": "admin",
        "role": "admin",
        "locked": "false",
        "mfa": [],
        "cluster-coverage": "full"
      },
      {
        "username": "app_user",
        "role": "internal(APPLIANCE_USER)",
        "locked": "false",
        "mfa": [],
        "cluster-coverage": "full"
      }
    ]
  }
}

  4. Use user create to create a CU user named example_user.

    You can create CUs because in a previous step you logged in as an admin user. Only admin users can perform user management tasks, such as creating and deleting users and changing the passwords of other users. 

    aws-cloudhsm > user create --username example_user --role crypto-user     
Enter password:
Confirm password:
{
 "error_code": 0,
 "data": {
   "username": "example_user",
   "role": "crypto-user"
 }
}

  5. Use user list to list all the users on the cluster. 

    aws-cloudhsm > user list
{
  "error_code": 0,
  "data": {
    "users": [
      {
        "username": "admin",
        "role": "admin",
        "locked": "false",
        "mfa": [],
        "cluster-coverage": "full"
      },
      {
        "username": "example_user",
        "role": "crypto_user",
        "locked": "false",
        "mfa": [],
        "cluster-coverage": "full"
      },
      {
        "username": "app_user",
        "role": "internal(APPLIANCE_USER)",
        "locked": "false",
        "mfa": [],
        "cluster-coverage": "full"
      }
    ]
  }
}

  6. Use the logout command to log out of AWS CloudHSM cluster.

    aws-cloudhsm > logout
{
  "error_code": 0,
  "data": "Logout successful"
}

  7. Use the quit command to stop the CLI.

    aws-cloudhsm > quit
PrivacySite termsCookie preferences
© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved.