Produce and use encryption keys on FIPS 140-2 level 3 approved HSMs
AWS CloudHSM empowers you to create and utilize your encryption keys on a FIPS 140-2 Level 3 approved equipment. CloudHSM ensures your keys with elite, single-occupant access to alter safe HSM examples in your own Amazon Virtual Private Cloud (VPC).
Convey secure, compliant workloads
Using HSMs as the foundation of trust causes you demonstrate consistence with security, protection and hostile to alter guidelines, for example, HIPAA, FedRAMP and PCI. AWS CloudHSM empowers you to construct secure, compliant workloads with high unwavering quality and low inertness, utilizing HSM occurrences in the AWS cloud.
Use an open HSM built on industry standards
You can utilize AWS CloudHSM to incorporate with custom applications utilizing industry-standard APIs, for example, PKCS#11, Java Cryptography Extensions (JCE), and Microsoft CryptoNG (CNG) libraries. You can likewise exchange your keys to other business HSM answers for make it simple for you to relocate keys on or off of AWS.
Keep control of your encryption keys
AWS CloudHSM gives you access to your HSMs over a safe channel to make clients and set HSM arrangements. The encryption keys that you produce and use with CloudHSM are open just by the HSM clients that you determine. AWS has zero ability to see or access to your encryption keys.
Simple to manage and scale
AWS CloudHSM computerizes time-consuming HSM regulatory errands for you, for example, equipment provisioning, software fixing, high accessibility, and reinforcements. You can scale your HSM limit rapidly by including and expelling HSMs from your group on-request. AWS CloudHSM consequently burden adjusts solicitations and safely copies keys put away in any HSM to the majority of the different HSMs in the group.
Control AWS KMS keys
You can design AWS Key Management Service (KMS) to utilize your AWS CloudHSM bunch as a custom key store as opposed to the default KMS key store. With a KMS custom key store you profit by the reconciliation among KMS and AWS administrations that encode information while holding control of the HSMs that ensure your KMS ace keys. KMS custom key store gives you the best of the two universes, joining single-occupant HSMs under your control without breaking a sweat of utilization and mix of AWS KMS.