Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

Preferences
Contact Us
Feedback
AWS Documentation
Create an AWS Account

Supported AWS CloudHSM service names and types for quorum authentication with CloudHSM CLI

PDF
RSS
Focus mode
Supported AWS CloudHSM service names and types for quorum authentication with CloudHSM CLI - AWS CloudHSM

Admin Services: Quorum authentication is used for admin privileged services like creating users, deleting users, changing user passwords, setting quorum values, and deactivating quorum and MFA capabilities.

Crypto User Services: Quorum authentication is used for crypto-user privileged services associated with a specific key like signing with a key, sharing/unsharing a key, wrapping/unwrapping a key, and setting a key's attribute. The quorum value of an associated key is configured when the key is generated, imported, or unwrapped. The quorum value must be equal to or less than the number of users that the key is associated with, which includes users that the key is shared with and the key owner.

Each service type is further broken down into a qualifying service name, which contains a specific set of quorum supported service operations that can be performed.

Service name Service type Service operations
user Admin

  • user create

  • user delete

  • user change-password

  • user change-mfa
quorum Admin

  • quorum token-sign set-quorum-value
cluster1 Admin

  • cluster mtls register-trust-anchor

  • cluster mtls deregister-trust-anchor

  • cluster mtls set-enforcement
key-management Crypto User

  • key wrap

  • key unwrap

  • key share

  • key unshare

  • key set-attribute
key-usage Crypto User

  • key sign

[1] Cluster service is exclusively available on hsm2m.medium

PrivacySite termsCookie preferences
© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved.