Understanding AWS CloudHSM Architecture & Implementation
HSM stands for Hardware Security Module, but what is a hardware security module? It’s a physical tamper-resistant hardware appliance that is used to protect and safeguard cryptographic material and encryption keys.
The AWS CloudHSM service provides HSMs that are validated to Federal Information Processing Standards (FIPS) 140-2 Level 3, which is often required if you are going to be using your CloudHSM for document signing or if you intend to operate a public certificate authority for SSL certificates.
Learning Objectives
The objectives of this lesson are to explain:
- What AWS CloudHSM is and does
- The architecture of CloudHSM and its implementation
- Access Control of your HSM Cluster
- How to use CloudHSM as a custom key store in KMS, the Key Management Service
- Monitoring and Logging
Intended Audience
This lesson is intended for anyone who is:
- Responsible for protecting data stored within AWS
- Looking to utilize a managed service to help perform cryptographic operations
- Preparing for an AWS certification that requires you to have knowledge of securing data
Prerequisites
To get the most out of this lesson, you should have a basic awareness of the fundamentals of AWS and some of its core services, such as VPC architecture. Some basic cryptography knowledge would also be beneficial, but not essential.
Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data center and network infrastructure design, to cloud architecture and implementation.
To date, Stuart has created 250+ courses relating to cloud computing reaching over 1 million+ students.
Stuart is a member of the AWS Community Builders Program for his contributions towards AWS.
He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.
Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.