AWS CloudHSM
User Guide

Launch an Amazon EC2 Client Instance

To interact with and manage your AWS CloudHSM cluster and HSM instances, you must be able to communicate with the elastic network interfaces of your HSMs. The easiest way to do this is to use an Amazon EC2 instance in the same VPC as your cluster (see below). You can also use the following AWS resources to connect to your cluster:

Launch an EC2 Client

The AWS CloudHSM documentation typically assumes that you are using an EC2 instance in the same VPC and Availability Zone (AZ) in which you create your cluster.

To create an Amazon EC2 client instance

  1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

  2. Choose Launch instance on the EC2 Dashboard.

  3. Select an Amazon Machine Image (AMI). Choose a Linux AMI or a Windows Server AMI.

  4. Choose an instance type and then choose Next: Configure Instance Details.

  5. For Network, choose the VPC that you previously created for your cluster.

  6. For Subnet, choose the public subnet that you created for the VPC.

  7. For Auto-assign Public IP, choose Enable.

  8. Choose Next: Add Storage and configure your storage.

  9. Choose Next: Add Tags and add any name–value pairs that you want to associate with the instance. We recommend that you at least add a name. Choose Add Tag and type a name for the Key and up to 255 characters for the Value.

  10. Choose Next: Configure Security Group.

  11. Select a security group. You can select the default security group that was created for you when you created your cluster. Or, you can select a different existing security group or create a new security group.

    Note

    To connect to a Windows Server EC2 instance, you must set one of your Inbound Rules to RDP(3389) to allow incoming TCP traffic on port 3389. To connect to a Linux EC2 instance, you must set one of your Inbound Rules to SSH(22) to allow incoming TCP traffic on port 22. Specify the source IP addresses that can connect to your instance. You should not specify 0.0.0.0/0 because that will open your instance to access by anyone.

    If you want your EC2 instance to be able to connect to the internet, set the Outbound Rules on your security group to allow ALL Traffic on all ports to a destination of 0.0.0.0/0.

    You cannot edit security groups on this page. To set inbound and outbound rules, create a new security group or use the Amazon EC2 console to update your security group rules.

  12. Choose Review and Launch.

For more information about creating a Linux Amazon EC2 client, see Getting Started with Amazon EC2 Linux Instances. For information about connecting to the running client, see the following topics:

For more information about creating a Windows Amazon EC2 client, see Getting Started with Amazon EC2 Windows Instances. For more information about connecting to your Windows client, see Connect to Your Windows Instance.

Note that you can use your EC2 instance to run all of the AWS CLI commands contained in this guide. If the AWS CLI is not installed, you can download it from AWS Command Line Interface. If you are using Windows, you can download and run a 64-bit or 32-bit Windows installer. If you are using Linux or macOS, you can install the CLI using pip.

To communicate with the HSMs in your cluster, you must install the AWS CloudHSM client software on your instance. For more information if you are using Linux, see Install the Client (Linux). For more information if you are using Windows, see Install the Client (Windows).

On this page: