Creating, initializing, and activating a CloudHSM cluster
In this recipe, we will create an AWS CloudHSM cluster. CloudHSM is a dedicated hardware security module (HSM) on the AWS cloud that we can use to generate and use encryption keys. AWS KMS, on the other hand, uses shared HSM. CloudHSM is ideal for scenarios demanding the highest level of isolation and control.
Getting ready
We’ll need the following to complete this recipe:
- A working AWS account,
awsseccb-sandbox-1, and a user,awsseccbadmin1, as described in the Technical requirements section. - Knowledge of VPCs and EC2. If you are new to EC2 or want to refresh the concepts, you may first practice the recipes in Chapter 5, and then come back to this recipe.
Important note
AWS CloudHSM typically incurs higher costs compared to AWS KMS, and it does not offer a free tier option. For those utilizing CloudHSM for educational or learning purposes, it is crucial to promptly delete the resources you...
