AWS CloudHSM - AWS GovCloud (US)

AWS CloudHSM

AWS CloudHSM offers secure cryptographic key storage for customers by providing managed hardware security modules in the AWS Cloud.

How AWS CloudHSM Differs for AWS GovCloud (US)

This service has no differences between the AWS GovCloud (US) and the standard AWS Regions.

Documentation for AWS CloudHSM

AWS CloudHSM documentation.

Export-Controlled Content

For AWS Services architected within the AWS GovCloud (US) Regions, the following list explains how certain components of data may leave the AWS GovCloud (US) Regions in the normal course of the service offerings. The list can be used as a guide to help meet applicable customer compliance obligations. Data not included in the following list remains within the AWS GovCloud (US) Regions.

  • AWS CloudHSM metadata is not permitted to contain export-controlled data. This includes all configuration data that you enter when creating and maintaining your AWS CloudHSM config. Audit and syslogs should not contain export-controlled data.

AWS CloudHSM Root Certificate

If you choose to verify the identity of an HSM, be sure to use the root certificate for the AWS GovCloud (US) region rather than the root certificate that is available for commercial regions. You can download the certificate from AWS-US-GOV_CloudHSM_Root_G1.zip. Verification is an optional step that you can perform after you create an HSM. For more information about AWS CloudHSM, see the AWS CloudHSM User Guide. For more information about AWS CloudHSM Classic, see the AWS CloudHSM Classic User Guide.