What Is AWS CloudHSM Classic? - AWS CloudHSM Classic

This is the user guide for AWS CloudHSM Classic. For the latest version, see the AWS CloudHSM User Guide.

What Is AWS CloudHSM Classic?

A hardware security module (HSM) is a hardware appliance that provides secure key storage and cryptographic operations within a tamper-resistant hardware module. HSMs are designed to securely store cryptographic key material and use the key material without exposing it outside the cryptographic boundary of the appliance.

AWS CloudHSM Classic helps you meet corporate, contractual and regulatory compliance requirements for data security by using dedicated HSM appliances within the AWS cloud. AWS and AWS Marketplace partners offer a variety of solutions for protecting sensitive data within the AWS platform, but additional protection is necessary for some applications and data that are subject to strict contractual or regulatory requirements for managing cryptographic keys.

Until now, your only options were to maintain the sensitive data or the encryption keys protecting the sensitive data in your on-premises data centers. However, those options either prevented you from migrating these applications to the cloud or significantly slowed application performance. AWS CloudHSM Classic allows you to protect your encryption keys within HSMs that are designed and validated to government standards for secure key management. You can securely generate, store, and manage the cryptographic keys used for data encryption in a way that ensures that only you have access to the keys. AWS CloudHSM Classic helps you comply with strict key management requirements within the AWS cloud without sacrificing application performance.  

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance

AWS CloudHSM Classic supports the processing, storage, and transmission of credit card data by a merchant or service provider, and has been validated as being compliant with Payment Card Industry (PCI) Data Security Standard (DSS). For more information about PCI DSS, including how to request a copy of the AWS PCI Compliance Package, see PCI DSS Level 1.


For information about pricing, see AWS CloudHSM Classic Pricing.

AWS CloudHSM Classic works with Amazon Virtual Private Cloud (Amazon VPC). HSM appliances are provisioned inside your VPC with an IP address that you specify, providing simple and private network connectivity to your EC2 instances. Placing HSM appliances near your EC2 instances decreases network latency, which can improve application performance. Your HSM appliances are dedicated exclusively to you and are isolated from other AWS customers. Available in multiple regions and Availability Zones, AWS CloudHSM Classic can be used to build highly available and durable applications.

For more information about Amazon VPC, see What Is VPC? in the Amazon VPC User Guide.

Where to Get Additional Help

We recommend that you take advantage of the AWS Discussion Forums. These are community-based forums for users to discuss technical questions related to AWS services. You can find the AWS CloudHSM and AWS CloudHSM Classic forum at https://forums.aws.amazon.com/forum.jspa?forumID=156.

You can also get help if you subscribe to AWS Premium Support, a one-on-one, fast-response support channel (for more information, go to https://aws.amazon.com/premiumsupport).