AWS CloudHSM clusters - AWS CloudHSM

AWS CloudHSM clusters

Making individual HSMs work together in a synchronized, redundant, and highly-available way can be difficult, but AWS CloudHSM does the heavy lifting for you by providing hardware security modules (HSMs) in clusters. A cluster is a collection of individual HSMs that AWS CloudHSM keeps in sync. When you perform a task or operation on one HSM in a cluster, the other HSMs in that cluster are automatically kept up to date.

AWS CloudHSM offers clusters in two modes: FIPS and non-FIPS. In FIPS mode, only keys and algorithms that are approved by the Federal Information Processing Standard (FIPS) can be used. Non-FIPS mode offers all the keys and algorithms that are supported by AWS CloudHSM, regardless of FIPS approval. AWS CloudHSM also offers two types of HSMs: hsm1.medium and hsm2m.medium. For details on the differences between each HSM type and cluster mode, see AWS CloudHSM cluster modes and HSM types.

To meet your availability, durability, and scalability goals, you set the number of HSMs in your cluster across multiple availability zones. You can create a cluster that has 1 to 28 HSMs (the default limit is 6 HSMs per AWS account per AWS Region). You can place the HSMs in different Availability Zones in an AWS region. Adding more HSMs to a cluster provides higher performance. Spreading clusters across Availability Zones provides redundancy and high availability.

For more information about clusters, see Managing AWS CloudHSM clusters.

To create a cluster, see Getting started.