Amazon CloudHSM
AWS CloudHSM is a cloud-based hardware security module (HSM) that enables you to manage cryptographic keys on dedicated FIPS 140-2 Level 3 validated, single-tenant HSM instances running within your own VPC for regulatory compliance and data security.
APIs
Amazon CloudHSM API
API for creating and managing CloudHSM clusters and HSM instances for dedicated hardware-based cryptographic key management.
Capabilities
Amazon CloudHSM Cryptographic Key Management
Workflow for cryptographic key management using Amazon CloudHSM for Security Engineer personas.
Run with NaftikoFeatures
Dedicated single-tenant HSM instances meeting the highest FIPS validation levels.
Complete control over cryptographic keys with no AWS access to key material.
Add or remove HSMs from clusters as needed, paying only for active resources hourly.
Multi-AZ HSM clusters provide redundancy and automatic failover.
Supports PKCS#11, Java JCE, and Microsoft CNG APIs for application integration.
Use Cases
Protect sensitive data with hardware-backed encryption keys.
Manage SSL/TLS certificates and private keys in dedicated HSMs.
Secure private CA keys for organizations issuing their own certificates.
Support transparent data encryption (TDE) for Oracle and SQL Server databases.
Meet PCI DSS, HIPAA, and other regulatory requirements for key management.
Integrations
Use CloudHSM keys for Oracle TDE and SQL Server TDE in RDS.
Use CloudHSM as a custom key store for AWS KMS operations.
HSM instances run inside your VPC for network isolation.
Control access to HSM cluster management operations.
Audit HSM management API calls via CloudTrail.