System resources - AWS CloudHSM

System resources

System resource quotas are quotas on what the AWS CloudHSM client is allowed to use when it runs.

File descriptors are an operating system's mechanism to identify and manage open files on a per-process basis.

The CloudHSM client daemon utilizes file descriptors to manage connections between applications and the client, as well as between the client and the server.

By default, the CloudHSM client configuration will allocate 3000 file descriptors. This default value is designed to yield an optimal session and threading capacity between the client daemon and your HSMs.

In rare circumstances, if you are running your client in a restricted-resource environment, it may become necessary to alter these default values.


By changing these values, your CloudHSM client performance may suffer and/or your application may become inoperable.

  1. Edit the /etc/security/limits.d/cloudhsm.conf file.

    # # DO NOT EDIT THIS FILE # hsmuser soft nofile 3000 hsmuser hard nofile 3000
  2. Edit the numeric values, as needed.


    The soft quota must be less than or equal to the hard quota.

  3. Restart your CloudHSM client daemon process.


This configuration option is not available on Microsoft Windows platforms.