2024/06/28 - AWS CloudHSM V2 - 3 new4 updated api methods
Changes Added 3 new APIs to support backup sharing: GetResourcePolicy, PutResourcePolicy, and DeleteResourcePolicy. Added BackupArn to the output of the DescribeBackups API. Added support for BackupArn in the CreateCluster API.
Deletes an CloudHSM resource policy. Deleting a resource policy will result in the resource being unshared and removed from any RAM resource shares. Deleting the resource policy attached to a backup will not impact any clusters created from that backup.
Cross-account use: No. You cannot perform this operation on an CloudHSM resource in a different Amazon Web Services account.
See also: AWS API Documentation
Request Syntax
client.delete_resource_policy(
ResourceArn='string'
)
string
Amazon Resource Name (ARN) of the resource from which the policy will be removed.
dict
Response Syntax
{
'ResourceArn': 'string',
'Policy': 'string'
}
Response Structure
(dict) --
ResourceArn (string) --
Amazon Resource Name (ARN) of the resource from which the policy was deleted.
Policy (string) --
The policy previously attached to the resource.
Creates or updates an CloudHSM resource policy. A resource policy helps you to define the IAM entity (for example, an Amazon Web Services account) that can manage your CloudHSM resources. The following resources support CloudHSM resource policies:
Backup - The resource policy allows you to describe the backup and restore a cluster from the backup in another Amazon Web Services account.
In order to share a backup, it must be in a 'READY' state and you must own it.
Cross-account use: No. You cannot perform this operation on an CloudHSM resource in a different Amazon Web Services account.
See also: AWS API Documentation
Request Syntax
client.put_resource_policy(
ResourceArn='string',
Policy='string'
)
string
Amazon Resource Name (ARN) of the resource to which you want to attach a policy.
string
The policy you want to associate with a resource.
For an example policy, see Working with shared backups in the CloudHSM User Guide
dict
Response Syntax
{
'ResourceArn': 'string',
'Policy': 'string'
}
Response Structure
(dict) --
ResourceArn (string) --
Amazon Resource Name (ARN) of the resource to which a policy is attached.
Policy (string) --
The policy attached to a resource.
Retrieves the resource policy document attached to a given resource.
Cross-account use: No. You cannot perform this operation on an CloudHSM resource in a different Amazon Web Services account.
See also: AWS API Documentation
Request Syntax
client.get_resource_policy(
ResourceArn='string'
)
string
Amazon Resource Name (ARN) of the resource to which a policy is attached.
dict
Response Syntax
{
'Policy': 'string'
}
Response Structure
(dict) --
Policy (string) --
The policy attached to a resource.
{'Backup': {'BackupArn': 'string'}}
Deletes a specified CloudHSM backup. A backup can be restored up to 7 days after the DeleteBackup request is made. For more information on restoring a backup, see RestoreBackup.
Cross-account use: No. You cannot perform this operation on an CloudHSM backup in a different Amazon Web Services account.
See also: AWS API Documentation
Request Syntax
client.delete_backup(
BackupId='string'
)
string
[REQUIRED]
The ID of the backup to be deleted. To find the ID of a backup, use the DescribeBackups operation.
dict
Response Syntax
{
'Backup': {
'BackupId': 'string',
'BackupArn': 'string',
'BackupState': 'CREATE_IN_PROGRESS'|'READY'|'DELETED'|'PENDING_DELETION',
'ClusterId': 'string',
'CreateTimestamp': datetime(2015, 1, 1),
'CopyTimestamp': datetime(2015, 1, 1),
'NeverExpires': True|False,
'SourceRegion': 'string',
'SourceBackup': 'string',
'SourceCluster': 'string',
'DeleteTimestamp': datetime(2015, 1, 1),
'TagList': [
{
'Key': 'string',
'Value': 'string'
},
],
'HsmType': 'string',
'Mode': 'FIPS'|'NON_FIPS'
}
}
Response Structure
(dict) --
Backup (dict) --
Information on the Backup object deleted.
BackupId (string) --
The identifier (ID) of the backup.
BackupArn (string) --
The Amazon Resource Name (ARN) of the backup.
BackupState (string) --
The state of the backup.
ClusterId (string) --
The identifier (ID) of the cluster that was backed up.
CreateTimestamp (datetime) --
The date and time when the backup was created.
CopyTimestamp (datetime) --
The date and time when the backup was copied from a source backup.
NeverExpires (boolean) --
Specifies whether the service should exempt a backup from the retention policy for the cluster. True exempts a backup from the retention policy. False means the service applies the backup retention policy defined at the cluster.
SourceRegion (string) --
The AWS Region that contains the source backup from which the new backup was copied.
SourceBackup (string) --
The identifier (ID) of the source backup from which the new backup was copied.
SourceCluster (string) --
The identifier (ID) of the cluster containing the source backup from which the new backup was copied.
DeleteTimestamp (datetime) --
The date and time when the backup will be permanently deleted.
TagList (list) --
The list of tags for the backup.
(dict) --
Contains a tag. A tag is a key-value pair.
Key (string) --
The key of the tag.
Value (string) --
The value of the tag.
HsmType (string) --
The HSM type used to create the backup.
Mode (string) --
The mode of the cluster that was backed up.
{'Shared': 'boolean'}
Response {'Backups': {'BackupArn': 'string'}}
Gets information about backups of CloudHSM clusters. Lists either the backups you own or the backups shared with you when the Shared parameter is true.
This is a paginated operation, which means that each response might contain only a subset of all the backups. When the response contains only a subset of backups, it includes a NextToken value. Use this value in a subsequent DescribeBackups request to get more backups. When you receive a response with no NextToken (or an empty or null value), that means there are no more backups to get.
Cross-account use: Yes. Customers can describe backups in other Amazon Web Services accounts that are shared with them.
See also: AWS API Documentation
Request Syntax
client.describe_backups(
NextToken='string',
MaxResults=123,
Filters={
'string': [
'string',
]
},
Shared=True|False,
SortAscending=True|False
)
string
The NextToken value that you received in the previous response. Use this value to get more backups.
integer
The maximum number of backups to return in the response. When there are more backups than the number you specify, the response contains a NextToken value.
dict
One or more filters to limit the items returned in the response.
Use the backupIds filter to return only the specified backups. Specify backups by their backup identifier (ID).
Use the sourceBackupIds filter to return only the backups created from a source backup. The sourceBackupID of a source backup is returned by the CopyBackupToRegion operation.
Use the clusterIds filter to return only the backups for the specified clusters. Specify clusters by their cluster identifier (ID).
Use the states filter to return only backups that match the specified state.
Use the neverExpires filter to return backups filtered by the value in the neverExpires parameter. True returns all backups exempt from the backup retention policy. False returns all backups with a backup retention policy defined at the cluster.
(string) --
(list) --
(string) --
boolean
Describe backups that are shared with you.
boolean
Designates whether or not to sort the return backups by ascending chronological order of generation.
dict
Response Syntax
{
'Backups': [
{
'BackupId': 'string',
'BackupArn': 'string',
'BackupState': 'CREATE_IN_PROGRESS'|'READY'|'DELETED'|'PENDING_DELETION',
'ClusterId': 'string',
'CreateTimestamp': datetime(2015, 1, 1),
'CopyTimestamp': datetime(2015, 1, 1),
'NeverExpires': True|False,
'SourceRegion': 'string',
'SourceBackup': 'string',
'SourceCluster': 'string',
'DeleteTimestamp': datetime(2015, 1, 1),
'TagList': [
{
'Key': 'string',
'Value': 'string'
},
],
'HsmType': 'string',
'Mode': 'FIPS'|'NON_FIPS'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
Backups (list) --
A list of backups.
(dict) --
Contains information about a backup of an CloudHSM cluster. All backup objects contain the BackupId, BackupState, ClusterId, and CreateTimestamp parameters. Backups that were copied into a destination region additionally contain the CopyTimestamp, SourceBackup, SourceCluster, and SourceRegion parameters. A backup that is pending deletion will include the DeleteTimestamp parameter.
BackupId (string) --
The identifier (ID) of the backup.
BackupArn (string) --
The Amazon Resource Name (ARN) of the backup.
BackupState (string) --
The state of the backup.
ClusterId (string) --
The identifier (ID) of the cluster that was backed up.
CreateTimestamp (datetime) --
The date and time when the backup was created.
CopyTimestamp (datetime) --
The date and time when the backup was copied from a source backup.
NeverExpires (boolean) --
Specifies whether the service should exempt a backup from the retention policy for the cluster. True exempts a backup from the retention policy. False means the service applies the backup retention policy defined at the cluster.
SourceRegion (string) --
The AWS Region that contains the source backup from which the new backup was copied.
SourceBackup (string) --
The identifier (ID) of the source backup from which the new backup was copied.
SourceCluster (string) --
The identifier (ID) of the cluster containing the source backup from which the new backup was copied.
DeleteTimestamp (datetime) --
The date and time when the backup will be permanently deleted.
TagList (list) --
The list of tags for the backup.
(dict) --
Contains a tag. A tag is a key-value pair.
Key (string) --
The key of the tag.
Value (string) --
The value of the tag.
HsmType (string) --
The HSM type used to create the backup.
Mode (string) --
The mode of the cluster that was backed up.
NextToken (string) --
An opaque string that indicates that the response contains only a subset of backups. Use this value in a subsequent DescribeBackups request to get more backups.
{'Backup': {'BackupArn': 'string'}}
Modifies attributes for CloudHSM backup.
Cross-account use: No. You cannot perform this operation on an CloudHSM backup in a different Amazon Web Services account.
See also: AWS API Documentation
Request Syntax
client.modify_backup_attributes(
BackupId='string',
NeverExpires=True|False
)
string
[REQUIRED]
The identifier (ID) of the backup to modify. To find the ID of a backup, use the DescribeBackups operation.
boolean
[REQUIRED]
Specifies whether the service should exempt a backup from the retention policy for the cluster. True exempts a backup from the retention policy. False means the service applies the backup retention policy defined at the cluster.
dict
Response Syntax
{
'Backup': {
'BackupId': 'string',
'BackupArn': 'string',
'BackupState': 'CREATE_IN_PROGRESS'|'READY'|'DELETED'|'PENDING_DELETION',
'ClusterId': 'string',
'CreateTimestamp': datetime(2015, 1, 1),
'CopyTimestamp': datetime(2015, 1, 1),
'NeverExpires': True|False,
'SourceRegion': 'string',
'SourceBackup': 'string',
'SourceCluster': 'string',
'DeleteTimestamp': datetime(2015, 1, 1),
'TagList': [
{
'Key': 'string',
'Value': 'string'
},
],
'HsmType': 'string',
'Mode': 'FIPS'|'NON_FIPS'
}
}
Response Structure
(dict) --
Backup (dict) --
Contains information about a backup of an CloudHSM cluster. All backup objects contain the BackupId, BackupState, ClusterId, and CreateTimestamp parameters. Backups that were copied into a destination region additionally contain the CopyTimestamp, SourceBackup, SourceCluster, and SourceRegion parameters. A backup that is pending deletion will include the DeleteTimestamp parameter.
BackupId (string) --
The identifier (ID) of the backup.
BackupArn (string) --
The Amazon Resource Name (ARN) of the backup.
BackupState (string) --
The state of the backup.
ClusterId (string) --
The identifier (ID) of the cluster that was backed up.
CreateTimestamp (datetime) --
The date and time when the backup was created.
CopyTimestamp (datetime) --
The date and time when the backup was copied from a source backup.
NeverExpires (boolean) --
Specifies whether the service should exempt a backup from the retention policy for the cluster. True exempts a backup from the retention policy. False means the service applies the backup retention policy defined at the cluster.
SourceRegion (string) --
The AWS Region that contains the source backup from which the new backup was copied.
SourceBackup (string) --
The identifier (ID) of the source backup from which the new backup was copied.
SourceCluster (string) --
The identifier (ID) of the cluster containing the source backup from which the new backup was copied.
DeleteTimestamp (datetime) --
The date and time when the backup will be permanently deleted.
TagList (list) --
The list of tags for the backup.
(dict) --
Contains a tag. A tag is a key-value pair.
Key (string) --
The key of the tag.
Value (string) --
The value of the tag.
HsmType (string) --
The HSM type used to create the backup.
Mode (string) --
The mode of the cluster that was backed up.
{'Backup': {'BackupArn': 'string'}}
Restores a specified CloudHSM backup that is in the PENDING_DELETION state. For more information on deleting a backup, see DeleteBackup.
Cross-account use: No. You cannot perform this operation on an CloudHSM backup in a different Amazon Web Services account.
See also: AWS API Documentation
Request Syntax
client.restore_backup(
BackupId='string'
)
string
[REQUIRED]
The ID of the backup to be restored. To find the ID of a backup, use the DescribeBackups operation.
dict
Response Syntax
{
'Backup': {
'BackupId': 'string',
'BackupArn': 'string',
'BackupState': 'CREATE_IN_PROGRESS'|'READY'|'DELETED'|'PENDING_DELETION',
'ClusterId': 'string',
'CreateTimestamp': datetime(2015, 1, 1),
'CopyTimestamp': datetime(2015, 1, 1),
'NeverExpires': True|False,
'SourceRegion': 'string',
'SourceBackup': 'string',
'SourceCluster': 'string',
'DeleteTimestamp': datetime(2015, 1, 1),
'TagList': [
{
'Key': 'string',
'Value': 'string'
},
],
'HsmType': 'string',
'Mode': 'FIPS'|'NON_FIPS'
}
}
Response Structure
(dict) --
Backup (dict) --
Information on the Backup object created.
BackupId (string) --
The identifier (ID) of the backup.
BackupArn (string) --
The Amazon Resource Name (ARN) of the backup.
BackupState (string) --
The state of the backup.
ClusterId (string) --
The identifier (ID) of the cluster that was backed up.
CreateTimestamp (datetime) --
The date and time when the backup was created.
CopyTimestamp (datetime) --
The date and time when the backup was copied from a source backup.
NeverExpires (boolean) --
Specifies whether the service should exempt a backup from the retention policy for the cluster. True exempts a backup from the retention policy. False means the service applies the backup retention policy defined at the cluster.
SourceRegion (string) --
The AWS Region that contains the source backup from which the new backup was copied.
SourceBackup (string) --
The identifier (ID) of the source backup from which the new backup was copied.
SourceCluster (string) --
The identifier (ID) of the cluster containing the source backup from which the new backup was copied.
DeleteTimestamp (datetime) --
The date and time when the backup will be permanently deleted.
TagList (list) --
The list of tags for the backup.
(dict) --
Contains a tag. A tag is a key-value pair.
Key (string) --
The key of the tag.
Value (string) --
The value of the tag.
HsmType (string) --
The HSM type used to create the backup.
Mode (string) --
The mode of the cluster that was backed up.