Creates a
custom key store that is associated with an
CloudHSM cluster that you own and manage.
This operation is part of the
Custom Key Store feature feature in KMS, which combines the convenience and extensive integration of KMS with the isolation and control of a single-tenant key store.
Before you create the custom key store, you must assemble the required elements, including an CloudHSM cluster that fulfills the requirements for a custom key store. For details about the required elements, see
Assemble the Prerequisites in the
Key Management Service Developer Guide.
When the operation completes successfully, it returns the ID of the new custom key store. Before you can use your new custom key store, you need to use the
ConnectCustomKeyStore operation to connect the new key store to its CloudHSM cluster. Even if you are not going to use your custom key store immediately, you might want to connect it to verify that all settings are correct and then disconnect it until you are ready to use it.
For help with failures, see
Troubleshooting a Custom Key Store in the
Key Management Service Developer Guide.
Cross-account use: No. You cannot perform this operation on a custom key store in a different Amazon Web Services account.
Required permissions:
kms:CreateCustomKeyStore (IAM policy).
Related operations: