Manage single-tenant hardware security modules (HSMs) on AWS

What is CloudHSM?

AWS CloudHSM lets you manage and access your keys on FIPS-validated hardware, protected with customer-owned, single-tenant HSM instances that run in your own Virtual Private Cloud (VPC).

Benefits

Generate and use cryptographic keys

Generate and use cryptographic keys on dedicated FIPS 140-2 Level 3 single-tenant HSM instances

Deploy workloads with high reliability

Deploy workloads with high reliability and low latency, and help meet regulatory compliance

Manage HSM capacity

Manage HSM capacity and control your costs by adding and removing HSMs from your cluster

Pay by the hour

Pay by the hour, and backup and shut down HSMs when they’re not needed

Use cases

Encrypt data at rest

Protect data and achieve regulatory compliance.

Offload SSL processing for web servers

Confirm web service identities and establish secure HTTPS connections over the internet using SSL and TLS.

Protect private keys for an issuing CA

Secure and house your private keys, and sign certificate requests, so you can act securely as an issuing certificate authority (CA).

Activate TDE for Oracle databases

Store the transparent data encryption (TDE) encryption key for supported Oracle database servers.