Manage Your Own Encryption Keys Using AWS CloudHSM

HSM stands for Hardware Security Module, but what is a hardware security module? It’s a physical tamper-resistant hardware appliance that is used to protect and safeguard cryptographic material and encryption keys.

The AWS CloudHSM service provides HSMs that are validated to Federal Information Processing Standards (FIPS) 140-2 Level 3, which is often required if you are going to be using your CloudHSM for document signing or if you intend to operate a public certificate authority for SSL certificates.

Learning Objectives

The objectives of this lesson are to explain:

• What AWS CloudHSM is and does
• The architecture of CloudHSM and its implementation
• Access Control of your HSM Cluster
• How to use CloudHSM as a custom key store in KMS, the Key Management Service
• Monitoring and Logging

Intended Audience

This lesson is intended for anyone who is:

• Responsible for protecting data stored within AWS
• Looking to utilize a managed service to help perform cryptographic operations
• Preparing for an AWS certification that requires you to have knowledge of securing data

Prerequisites

To get the most out of this lesson, you should have a basic awareness of the fundamentals of AWS and some of its core services, such as VPC architecture. Some basic cryptography knowledge would also be beneficial, but not essential.