Those 3 questions coming from CloudHSM FAQs will mostly answer all your questions:
Go directly to the page at https://aws.amazon.com/cloudhsm/faqs/ if you're interested by the hyperlinks underlying the text below.
Q: Does my application need to reside in the same VPC as the CloudHSM Cluster?
No, but the server or instance on which your application and the HSM client are
running must have network (IP) reachability to all HSMs in the cluster. You can
establish network connectivity from your application to the HSM in many ways,
including operating your application in the same VPC, with VPC peering, with a
VPN connection, or with Direct Connect. Please see the VPC Peering Guide and
VPC User Guide for more details.
Q: Does CloudHSM work with on-premises HSMs?
Yes. While CloudHSM does not interoperate directly with on-premises HSMs,
you can securely transfer exportable keys between CloudHSM and most commercial
HSMs using one of several supported RSA key wrap methods.
Q: How can my application use CloudHSM?
We have integrated and tested CloudHSM with a number of third-party software
solutions such as Oracle Database 11g and 12c and Web servers including Apache and
Nginx for SSL offload. Please see the CloudHSM User Guide for more information.
If you are developing your own custom application, your application can use the
standard APIs supported by CloudHSM, including PKCS#11 and Java JCA/JCE (Java
Cryptography Architecture/Java Cryptography Extensions), or Microsoft CAPI/CNG.
Please refer to the CloudHSM User Guide for code samples and help with getting started.
If you are moving an existing workload from CloudHSM Classic or on-premises HSMs
to CloudHSM, our CloudHSM migration guide provides information on how to plan
and execute your migration.
- Accepted Answerasked 5 years ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated a year ago
- How do I resolve the error "RET_MXN_AUTH_FAILED" that I get when I use the cloudhsm_mgmt_util command for CloudHSM?AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated 3 years ago
- EXPERTpublished a year ago