2024/12/13 - AWS CloudHSM V2 - 6 updated api methods
Changes Add support for Dual-Stack hsm2m.medium clusters. The customers will now be able to create hsm2m.medium clusters having both IPv4 and IPv6 connection capabilities by specifying a new param called NetworkType=DUALSTACK during cluster creation.
{'NetworkType': 'IPV4 | DUALSTACK'}
Response {'Cluster': {'Hsms': {'EniIpV6': 'string'},
'NetworkType': 'IPV4 | DUALSTACK',
'State': {'ROLLBACK_IN_PROGRESS', 'MODIFY_IN_PROGRESS'}}}
Creates a new CloudHSM cluster.
Cross-account use: Yes. To perform this operation with an CloudHSM backup in a different AWS account, specify the full backup ARN in the value of the SourceBackupId parameter.
See also: AWS API Documentation
Request Syntax
client.create_cluster(
BackupRetentionPolicy={
'Type': 'DAYS',
'Value': 'string'
},
HsmType='string',
SourceBackupId='string',
SubnetIds=[
'string',
],
NetworkType='IPV4'|'DUALSTACK',
TagList=[
{
'Key': 'string',
'Value': 'string'
},
],
Mode='FIPS'|'NON_FIPS'
)
dict
A policy that defines how the service retains backups.
Type (string) --
The type of backup retention policy. For the DAYS type, the value is the number of days to retain backups.
Value (string) --
Use a value between 7 - 379.
string
[REQUIRED]
The type of HSM to use in the cluster. The allowed values are hsm1.medium and hsm2m.medium.
string
The identifier (ID) or the Amazon Resource Name (ARN) of the cluster backup to restore. Use this value to restore the cluster from a backup instead of creating a new cluster. To find the backup ID or ARN, use DescribeBackups. If using a backup in another account, the full ARN must be supplied.
list
[REQUIRED]
The identifiers (IDs) of the subnets where you are creating the cluster. You must specify at least one subnet. If you specify multiple subnets, they must meet the following criteria:
All subnets must be in the same virtual private cloud (VPC).
You can specify only one subnet per Availability Zone.
(string) --
string
The NetworkType to create a cluster with. The allowed values are IPV4 and DUALSTACK.
list
Tags to apply to the CloudHSM cluster during creation.
(dict) --
Contains a tag. A tag is a key-value pair.
Key (string) -- [REQUIRED]
The key of the tag.
Value (string) -- [REQUIRED]
The value of the tag.
string
The mode to use in the cluster. The allowed values are FIPS and NON_FIPS.
dict
Response Syntax
{
'Cluster': {
'BackupPolicy': 'DEFAULT',
'BackupRetentionPolicy': {
'Type': 'DAYS',
'Value': 'string'
},
'ClusterId': 'string',
'CreateTimestamp': datetime(2015, 1, 1),
'Hsms': [
{
'AvailabilityZone': 'string',
'ClusterId': 'string',
'SubnetId': 'string',
'EniId': 'string',
'EniIp': 'string',
'EniIpV6': 'string',
'HsmId': 'string',
'State': 'CREATE_IN_PROGRESS'|'ACTIVE'|'DEGRADED'|'DELETE_IN_PROGRESS'|'DELETED',
'StateMessage': 'string'
},
],
'HsmType': 'string',
'PreCoPassword': 'string',
'SecurityGroup': 'string',
'SourceBackupId': 'string',
'State': 'CREATE_IN_PROGRESS'|'UNINITIALIZED'|'INITIALIZE_IN_PROGRESS'|'INITIALIZED'|'ACTIVE'|'UPDATE_IN_PROGRESS'|'MODIFY_IN_PROGRESS'|'ROLLBACK_IN_PROGRESS'|'DELETE_IN_PROGRESS'|'DELETED'|'DEGRADED',
'StateMessage': 'string',
'SubnetMapping': {
'string': 'string'
},
'VpcId': 'string',
'NetworkType': 'IPV4'|'DUALSTACK',
'Certificates': {
'ClusterCsr': 'string',
'HsmCertificate': 'string',
'AwsHardwareCertificate': 'string',
'ManufacturerHardwareCertificate': 'string',
'ClusterCertificate': 'string'
},
'TagList': [
{
'Key': 'string',
'Value': 'string'
},
],
'Mode': 'FIPS'|'NON_FIPS'
}
}
Response Structure
(dict) --
Cluster (dict) --
Information about the cluster that was created.
BackupPolicy (string) --
The cluster's backup policy.
BackupRetentionPolicy (dict) --
A policy that defines how the service retains backups.
Type (string) --
The type of backup retention policy. For the DAYS type, the value is the number of days to retain backups.
Value (string) --
Use a value between 7 - 379.
ClusterId (string) --
The cluster's identifier (ID).
CreateTimestamp (datetime) --
The date and time when the cluster was created.
Hsms (list) --
Contains information about the HSMs in the cluster.
(dict) --
Contains information about a hardware security module (HSM) in an CloudHSM cluster.
AvailabilityZone (string) --
The Availability Zone that contains the HSM.
ClusterId (string) --
The identifier (ID) of the cluster that contains the HSM.
SubnetId (string) --
The subnet that contains the HSM's elastic network interface (ENI).
EniId (string) --
The identifier (ID) of the HSM's elastic network interface (ENI).
EniIp (string) --
The IP address of the HSM's elastic network interface (ENI).
EniIpV6 (string) --
The IPv6 address (if any) of the HSM's elastic network interface (ENI).
HsmId (string) --
The HSM's identifier (ID).
State (string) --
The HSM's state.
StateMessage (string) --
A description of the HSM's state.
HsmType (string) --
The type of HSM that the cluster contains.
PreCoPassword (string) --
The default password for the cluster's Pre-Crypto Officer (PRECO) user.
SecurityGroup (string) --
The identifier (ID) of the cluster's security group.
SourceBackupId (string) --
The identifier (ID) of the backup used to create the cluster. This value exists only when the cluster was created from a backup.
State (string) --
The cluster's state.
StateMessage (string) --
A description of the cluster's state.
SubnetMapping (dict) --
A map from availability zone to the cluster’s subnet in that availability zone.
(string) --
(string) --
VpcId (string) --
The identifier (ID) of the virtual private cloud (VPC) that contains the cluster.
NetworkType (string) --
The cluster's NetworkType can be set to either IPV4 (which is the default) or DUALSTACK. When set to IPV4, communication between your application and the Hardware Security Modules (HSMs) is restricted to the IPv4 protocol only. In contrast, the DUALSTACK network type enables communication over both the IPv4 and IPv6 protocols. To use the DUALSTACK option, you'll need to configure your Virtual Private Cloud (VPC) and subnets to support both IPv4 and IPv6. This involves adding IPv6 Classless Inter-Domain Routing (CIDR) blocks to the existing IPv4 CIDR blocks in your subnets. The choice between IPV4 and DUALSTACK network types determines the flexibility of the network addressing setup for your cluster. The DUALSTACK option provides more flexibility by allowing both IPv4 and IPv6 communication.
Certificates (dict) --
Contains one or more certificates or a certificate signing request (CSR).
ClusterCsr (string) --
The cluster's certificate signing request (CSR). The CSR exists only when the cluster's state is UNINITIALIZED.
HsmCertificate (string) --
The HSM certificate issued (signed) by the HSM hardware.
AwsHardwareCertificate (string) --
The HSM hardware certificate issued (signed) by CloudHSM.
ManufacturerHardwareCertificate (string) --
The HSM hardware certificate issued (signed) by the hardware manufacturer.
ClusterCertificate (string) --
The cluster certificate issued (signed) by the issuing certificate authority (CA) of the cluster's owner.
TagList (list) --
The list of tags for the cluster.
(dict) --
Contains a tag. A tag is a key-value pair.
Key (string) --
The key of the tag.
Value (string) --
The value of the tag.
Mode (string) --
The mode of the cluster.
{'Hsm': {'EniIpV6': 'string'}}
Creates a new hardware security module (HSM) in the specified CloudHSM cluster.
Cross-account use: No. You cannot perform this operation on an CloudHSM cluster in a different Amazon Web Service account.
See also: AWS API Documentation
Request Syntax
client.create_hsm(
ClusterId='string',
AvailabilityZone='string',
IpAddress='string'
)
string
[REQUIRED]
The identifier (ID) of the HSM's cluster. To find the cluster ID, use DescribeClusters.
string
[REQUIRED]
The Availability Zone where you are creating the HSM. To find the cluster's Availability Zones, use DescribeClusters.
string
The HSM's IP address. If you specify an IP address, use an available address from the subnet that maps to the Availability Zone where you are creating the HSM. If you don't specify an IP address, one is chosen for you from that subnet.
dict
Response Syntax
{
'Hsm': {
'AvailabilityZone': 'string',
'ClusterId': 'string',
'SubnetId': 'string',
'EniId': 'string',
'EniIp': 'string',
'EniIpV6': 'string',
'HsmId': 'string',
'State': 'CREATE_IN_PROGRESS'|'ACTIVE'|'DEGRADED'|'DELETE_IN_PROGRESS'|'DELETED',
'StateMessage': 'string'
}
}
Response Structure
(dict) --
Hsm (dict) --
Information about the HSM that was created.
AvailabilityZone (string) --
The Availability Zone that contains the HSM.
ClusterId (string) --
The identifier (ID) of the cluster that contains the HSM.
SubnetId (string) --
The subnet that contains the HSM's elastic network interface (ENI).
EniId (string) --
The identifier (ID) of the HSM's elastic network interface (ENI).
EniIp (string) --
The IP address of the HSM's elastic network interface (ENI).
EniIpV6 (string) --
The IPv6 address (if any) of the HSM's elastic network interface (ENI).
HsmId (string) --
The HSM's identifier (ID).
State (string) --
The HSM's state.
StateMessage (string) --
A description of the HSM's state.
{'Cluster': {'Hsms': {'EniIpV6': 'string'},
'NetworkType': 'IPV4 | DUALSTACK',
'State': {'ROLLBACK_IN_PROGRESS', 'MODIFY_IN_PROGRESS'}}}
Deletes the specified CloudHSM cluster. Before you can delete a cluster, you must delete all HSMs in the cluster. To see if the cluster contains any HSMs, use DescribeClusters. To delete an HSM, use DeleteHsm.
Cross-account use: No. You cannot perform this operation on an CloudHSM cluster in a different Amazon Web Services account.
See also: AWS API Documentation
Request Syntax
client.delete_cluster(
ClusterId='string'
)
string
[REQUIRED]
The identifier (ID) of the cluster that you are deleting. To find the cluster ID, use DescribeClusters.
dict
Response Syntax
{
'Cluster': {
'BackupPolicy': 'DEFAULT',
'BackupRetentionPolicy': {
'Type': 'DAYS',
'Value': 'string'
},
'ClusterId': 'string',
'CreateTimestamp': datetime(2015, 1, 1),
'Hsms': [
{
'AvailabilityZone': 'string',
'ClusterId': 'string',
'SubnetId': 'string',
'EniId': 'string',
'EniIp': 'string',
'EniIpV6': 'string',
'HsmId': 'string',
'State': 'CREATE_IN_PROGRESS'|'ACTIVE'|'DEGRADED'|'DELETE_IN_PROGRESS'|'DELETED',
'StateMessage': 'string'
},
],
'HsmType': 'string',
'PreCoPassword': 'string',
'SecurityGroup': 'string',
'SourceBackupId': 'string',
'State': 'CREATE_IN_PROGRESS'|'UNINITIALIZED'|'INITIALIZE_IN_PROGRESS'|'INITIALIZED'|'ACTIVE'|'UPDATE_IN_PROGRESS'|'MODIFY_IN_PROGRESS'|'ROLLBACK_IN_PROGRESS'|'DELETE_IN_PROGRESS'|'DELETED'|'DEGRADED',
'StateMessage': 'string',
'SubnetMapping': {
'string': 'string'
},
'VpcId': 'string',
'NetworkType': 'IPV4'|'DUALSTACK',
'Certificates': {
'ClusterCsr': 'string',
'HsmCertificate': 'string',
'AwsHardwareCertificate': 'string',
'ManufacturerHardwareCertificate': 'string',
'ClusterCertificate': 'string'
},
'TagList': [
{
'Key': 'string',
'Value': 'string'
},
],
'Mode': 'FIPS'|'NON_FIPS'
}
}
Response Structure
(dict) --
Cluster (dict) --
Information about the cluster that was deleted.
BackupPolicy (string) --
The cluster's backup policy.
BackupRetentionPolicy (dict) --
A policy that defines how the service retains backups.
Type (string) --
The type of backup retention policy. For the DAYS type, the value is the number of days to retain backups.
Value (string) --
Use a value between 7 - 379.
ClusterId (string) --
The cluster's identifier (ID).
CreateTimestamp (datetime) --
The date and time when the cluster was created.
Hsms (list) --
Contains information about the HSMs in the cluster.
(dict) --
Contains information about a hardware security module (HSM) in an CloudHSM cluster.
AvailabilityZone (string) --
The Availability Zone that contains the HSM.
ClusterId (string) --
The identifier (ID) of the cluster that contains the HSM.
SubnetId (string) --
The subnet that contains the HSM's elastic network interface (ENI).
EniId (string) --
The identifier (ID) of the HSM's elastic network interface (ENI).
EniIp (string) --
The IP address of the HSM's elastic network interface (ENI).
EniIpV6 (string) --
The IPv6 address (if any) of the HSM's elastic network interface (ENI).
HsmId (string) --
The HSM's identifier (ID).
State (string) --
The HSM's state.
StateMessage (string) --
A description of the HSM's state.
HsmType (string) --
The type of HSM that the cluster contains.
PreCoPassword (string) --
The default password for the cluster's Pre-Crypto Officer (PRECO) user.
SecurityGroup (string) --
The identifier (ID) of the cluster's security group.
SourceBackupId (string) --
The identifier (ID) of the backup used to create the cluster. This value exists only when the cluster was created from a backup.
State (string) --
The cluster's state.
StateMessage (string) --
A description of the cluster's state.
SubnetMapping (dict) --
A map from availability zone to the cluster’s subnet in that availability zone.
(string) --
(string) --
VpcId (string) --
The identifier (ID) of the virtual private cloud (VPC) that contains the cluster.
NetworkType (string) --
The cluster's NetworkType can be set to either IPV4 (which is the default) or DUALSTACK. When set to IPV4, communication between your application and the Hardware Security Modules (HSMs) is restricted to the IPv4 protocol only. In contrast, the DUALSTACK network type enables communication over both the IPv4 and IPv6 protocols. To use the DUALSTACK option, you'll need to configure your Virtual Private Cloud (VPC) and subnets to support both IPv4 and IPv6. This involves adding IPv6 Classless Inter-Domain Routing (CIDR) blocks to the existing IPv4 CIDR blocks in your subnets. The choice between IPV4 and DUALSTACK network types determines the flexibility of the network addressing setup for your cluster. The DUALSTACK option provides more flexibility by allowing both IPv4 and IPv6 communication.
Certificates (dict) --
Contains one or more certificates or a certificate signing request (CSR).
ClusterCsr (string) --
The cluster's certificate signing request (CSR). The CSR exists only when the cluster's state is UNINITIALIZED.
HsmCertificate (string) --
The HSM certificate issued (signed) by the HSM hardware.
AwsHardwareCertificate (string) --
The HSM hardware certificate issued (signed) by CloudHSM.
ManufacturerHardwareCertificate (string) --
The HSM hardware certificate issued (signed) by the hardware manufacturer.
ClusterCertificate (string) --
The cluster certificate issued (signed) by the issuing certificate authority (CA) of the cluster's owner.
TagList (list) --
The list of tags for the cluster.
(dict) --
Contains a tag. A tag is a key-value pair.
Key (string) --
The key of the tag.
Value (string) --
The value of the tag.
Mode (string) --
The mode of the cluster.
{'Clusters': {'Hsms': {'EniIpV6': 'string'},
'NetworkType': 'IPV4 | DUALSTACK',
'State': {'ROLLBACK_IN_PROGRESS', 'MODIFY_IN_PROGRESS'}}}
Gets information about CloudHSM clusters.
This is a paginated operation, which means that each response might contain only a subset of all the clusters. When the response contains only a subset of clusters, it includes a NextToken value. Use this value in a subsequent DescribeClusters request to get more clusters. When you receive a response with no NextToken (or an empty or null value), that means there are no more clusters to get.
Cross-account use: No. You cannot perform this operation on CloudHSM clusters in a different Amazon Web Services account.
See also: AWS API Documentation
Request Syntax
client.describe_clusters(
Filters={
'string': [
'string',
]
},
NextToken='string',
MaxResults=123
)
dict
One or more filters to limit the items returned in the response.
Use the clusterIds filter to return only the specified clusters. Specify clusters by their cluster identifier (ID).
Use the vpcIds filter to return only the clusters in the specified virtual private clouds (VPCs). Specify VPCs by their VPC identifier (ID).
Use the states filter to return only clusters that match the specified state.
(string) --
(list) --
(string) --
string
The NextToken value that you received in the previous response. Use this value to get more clusters.
integer
The maximum number of clusters to return in the response. When there are more clusters than the number you specify, the response contains a NextToken value.
dict
Response Syntax
{
'Clusters': [
{
'BackupPolicy': 'DEFAULT',
'BackupRetentionPolicy': {
'Type': 'DAYS',
'Value': 'string'
},
'ClusterId': 'string',
'CreateTimestamp': datetime(2015, 1, 1),
'Hsms': [
{
'AvailabilityZone': 'string',
'ClusterId': 'string',
'SubnetId': 'string',
'EniId': 'string',
'EniIp': 'string',
'EniIpV6': 'string',
'HsmId': 'string',
'State': 'CREATE_IN_PROGRESS'|'ACTIVE'|'DEGRADED'|'DELETE_IN_PROGRESS'|'DELETED',
'StateMessage': 'string'
},
],
'HsmType': 'string',
'PreCoPassword': 'string',
'SecurityGroup': 'string',
'SourceBackupId': 'string',
'State': 'CREATE_IN_PROGRESS'|'UNINITIALIZED'|'INITIALIZE_IN_PROGRESS'|'INITIALIZED'|'ACTIVE'|'UPDATE_IN_PROGRESS'|'MODIFY_IN_PROGRESS'|'ROLLBACK_IN_PROGRESS'|'DELETE_IN_PROGRESS'|'DELETED'|'DEGRADED',
'StateMessage': 'string',
'SubnetMapping': {
'string': 'string'
},
'VpcId': 'string',
'NetworkType': 'IPV4'|'DUALSTACK',
'Certificates': {
'ClusterCsr': 'string',
'HsmCertificate': 'string',
'AwsHardwareCertificate': 'string',
'ManufacturerHardwareCertificate': 'string',
'ClusterCertificate': 'string'
},
'TagList': [
{
'Key': 'string',
'Value': 'string'
},
],
'Mode': 'FIPS'|'NON_FIPS'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
Clusters (list) --
A list of clusters.
(dict) --
Contains information about an CloudHSM cluster.
BackupPolicy (string) --
The cluster's backup policy.
BackupRetentionPolicy (dict) --
A policy that defines how the service retains backups.
Type (string) --
The type of backup retention policy. For the DAYS type, the value is the number of days to retain backups.
Value (string) --
Use a value between 7 - 379.
ClusterId (string) --
The cluster's identifier (ID).
CreateTimestamp (datetime) --
The date and time when the cluster was created.
Hsms (list) --
Contains information about the HSMs in the cluster.
(dict) --
Contains information about a hardware security module (HSM) in an CloudHSM cluster.
AvailabilityZone (string) --
The Availability Zone that contains the HSM.
ClusterId (string) --
The identifier (ID) of the cluster that contains the HSM.
SubnetId (string) --
The subnet that contains the HSM's elastic network interface (ENI).
EniId (string) --
The identifier (ID) of the HSM's elastic network interface (ENI).
EniIp (string) --
The IP address of the HSM's elastic network interface (ENI).
EniIpV6 (string) --
The IPv6 address (if any) of the HSM's elastic network interface (ENI).
HsmId (string) --
The HSM's identifier (ID).
State (string) --
The HSM's state.
StateMessage (string) --
A description of the HSM's state.
HsmType (string) --
The type of HSM that the cluster contains.
PreCoPassword (string) --
The default password for the cluster's Pre-Crypto Officer (PRECO) user.
SecurityGroup (string) --
The identifier (ID) of the cluster's security group.
SourceBackupId (string) --
The identifier (ID) of the backup used to create the cluster. This value exists only when the cluster was created from a backup.
State (string) --
The cluster's state.
StateMessage (string) --
A description of the cluster's state.
SubnetMapping (dict) --
A map from availability zone to the cluster’s subnet in that availability zone.
(string) --
(string) --
VpcId (string) --
The identifier (ID) of the virtual private cloud (VPC) that contains the cluster.
NetworkType (string) --
The cluster's NetworkType can be set to either IPV4 (which is the default) or DUALSTACK. When set to IPV4, communication between your application and the Hardware Security Modules (HSMs) is restricted to the IPv4 protocol only. In contrast, the DUALSTACK network type enables communication over both the IPv4 and IPv6 protocols. To use the DUALSTACK option, you'll need to configure your Virtual Private Cloud (VPC) and subnets to support both IPv4 and IPv6. This involves adding IPv6 Classless Inter-Domain Routing (CIDR) blocks to the existing IPv4 CIDR blocks in your subnets. The choice between IPV4 and DUALSTACK network types determines the flexibility of the network addressing setup for your cluster. The DUALSTACK option provides more flexibility by allowing both IPv4 and IPv6 communication.
Certificates (dict) --
Contains one or more certificates or a certificate signing request (CSR).
ClusterCsr (string) --
The cluster's certificate signing request (CSR). The CSR exists only when the cluster's state is UNINITIALIZED.
HsmCertificate (string) --
The HSM certificate issued (signed) by the HSM hardware.
AwsHardwareCertificate (string) --
The HSM hardware certificate issued (signed) by CloudHSM.
ManufacturerHardwareCertificate (string) --
The HSM hardware certificate issued (signed) by the hardware manufacturer.
ClusterCertificate (string) --
The cluster certificate issued (signed) by the issuing certificate authority (CA) of the cluster's owner.
TagList (list) --
The list of tags for the cluster.
(dict) --
Contains a tag. A tag is a key-value pair.
Key (string) --
The key of the tag.
Value (string) --
The value of the tag.
Mode (string) --
The mode of the cluster.
NextToken (string) --
An opaque string that indicates that the response contains only a subset of clusters. Use this value in a subsequent DescribeClusters request to get more clusters.
{'State': {'ROLLBACK_IN_PROGRESS', 'MODIFY_IN_PROGRESS'}}
Claims an CloudHSM cluster by submitting the cluster certificate issued by your issuing certificate authority (CA) and the CA's root certificate. Before you can claim a cluster, you must sign the cluster's certificate signing request (CSR) with your issuing CA. To get the cluster's CSR, use DescribeClusters.
Cross-account use: No. You cannot perform this operation on an CloudHSM cluster in a different Amazon Web Services account.
See also: AWS API Documentation
Request Syntax
client.initialize_cluster(
ClusterId='string',
SignedCert='string',
TrustAnchor='string'
)
string
[REQUIRED]
The identifier (ID) of the cluster that you are claiming. To find the cluster ID, use DescribeClusters.
string
[REQUIRED]
The cluster certificate issued (signed) by your issuing certificate authority (CA). The certificate must be in PEM format and can contain a maximum of 5000 characters.
string
[REQUIRED]
The issuing certificate of the issuing certificate authority (CA) that issued (signed) the cluster certificate. You must use a self-signed certificate. The certificate used to sign the HSM CSR must be directly available, and thus must be the root certificate. The certificate must be in PEM format and can contain a maximum of 5000 characters.
dict
Response Syntax
{
'State': 'CREATE_IN_PROGRESS'|'UNINITIALIZED'|'INITIALIZE_IN_PROGRESS'|'INITIALIZED'|'ACTIVE'|'UPDATE_IN_PROGRESS'|'MODIFY_IN_PROGRESS'|'ROLLBACK_IN_PROGRESS'|'DELETE_IN_PROGRESS'|'DELETED'|'DEGRADED',
'StateMessage': 'string'
}
Response Structure
(dict) --
State (string) --
The cluster's state.
StateMessage (string) --
A description of the cluster's state.
{'Cluster': {'Hsms': {'EniIpV6': 'string'},
'NetworkType': 'IPV4 | DUALSTACK',
'State': {'ROLLBACK_IN_PROGRESS', 'MODIFY_IN_PROGRESS'}}}
Modifies CloudHSM cluster.
Cross-account use: No. You cannot perform this operation on an CloudHSM cluster in a different Amazon Web Services account.
See also: AWS API Documentation
Request Syntax
client.modify_cluster(
BackupRetentionPolicy={
'Type': 'DAYS',
'Value': 'string'
},
ClusterId='string'
)
dict
[REQUIRED]
A policy that defines how the service retains backups.
Type (string) --
The type of backup retention policy. For the DAYS type, the value is the number of days to retain backups.
Value (string) --
Use a value between 7 - 379.
string
[REQUIRED]
The identifier (ID) of the cluster that you want to modify. To find the cluster ID, use DescribeClusters.
dict
Response Syntax
{
'Cluster': {
'BackupPolicy': 'DEFAULT',
'BackupRetentionPolicy': {
'Type': 'DAYS',
'Value': 'string'
},
'ClusterId': 'string',
'CreateTimestamp': datetime(2015, 1, 1),
'Hsms': [
{
'AvailabilityZone': 'string',
'ClusterId': 'string',
'SubnetId': 'string',
'EniId': 'string',
'EniIp': 'string',
'EniIpV6': 'string',
'HsmId': 'string',
'State': 'CREATE_IN_PROGRESS'|'ACTIVE'|'DEGRADED'|'DELETE_IN_PROGRESS'|'DELETED',
'StateMessage': 'string'
},
],
'HsmType': 'string',
'PreCoPassword': 'string',
'SecurityGroup': 'string',
'SourceBackupId': 'string',
'State': 'CREATE_IN_PROGRESS'|'UNINITIALIZED'|'INITIALIZE_IN_PROGRESS'|'INITIALIZED'|'ACTIVE'|'UPDATE_IN_PROGRESS'|'MODIFY_IN_PROGRESS'|'ROLLBACK_IN_PROGRESS'|'DELETE_IN_PROGRESS'|'DELETED'|'DEGRADED',
'StateMessage': 'string',
'SubnetMapping': {
'string': 'string'
},
'VpcId': 'string',
'NetworkType': 'IPV4'|'DUALSTACK',
'Certificates': {
'ClusterCsr': 'string',
'HsmCertificate': 'string',
'AwsHardwareCertificate': 'string',
'ManufacturerHardwareCertificate': 'string',
'ClusterCertificate': 'string'
},
'TagList': [
{
'Key': 'string',
'Value': 'string'
},
],
'Mode': 'FIPS'|'NON_FIPS'
}
}
Response Structure
(dict) --
Cluster (dict) --
Contains information about an CloudHSM cluster.
BackupPolicy (string) --
The cluster's backup policy.
BackupRetentionPolicy (dict) --
A policy that defines how the service retains backups.
Type (string) --
The type of backup retention policy. For the DAYS type, the value is the number of days to retain backups.
Value (string) --
Use a value between 7 - 379.
ClusterId (string) --
The cluster's identifier (ID).
CreateTimestamp (datetime) --
The date and time when the cluster was created.
Hsms (list) --
Contains information about the HSMs in the cluster.
(dict) --
Contains information about a hardware security module (HSM) in an CloudHSM cluster.
AvailabilityZone (string) --
The Availability Zone that contains the HSM.
ClusterId (string) --
The identifier (ID) of the cluster that contains the HSM.
SubnetId (string) --
The subnet that contains the HSM's elastic network interface (ENI).
EniId (string) --
The identifier (ID) of the HSM's elastic network interface (ENI).
EniIp (string) --
The IP address of the HSM's elastic network interface (ENI).
EniIpV6 (string) --
The IPv6 address (if any) of the HSM's elastic network interface (ENI).
HsmId (string) --
The HSM's identifier (ID).
State (string) --
The HSM's state.
StateMessage (string) --
A description of the HSM's state.
HsmType (string) --
The type of HSM that the cluster contains.
PreCoPassword (string) --
The default password for the cluster's Pre-Crypto Officer (PRECO) user.
SecurityGroup (string) --
The identifier (ID) of the cluster's security group.
SourceBackupId (string) --
The identifier (ID) of the backup used to create the cluster. This value exists only when the cluster was created from a backup.
State (string) --
The cluster's state.
StateMessage (string) --
A description of the cluster's state.
SubnetMapping (dict) --
A map from availability zone to the cluster’s subnet in that availability zone.
(string) --
(string) --
VpcId (string) --
The identifier (ID) of the virtual private cloud (VPC) that contains the cluster.
NetworkType (string) --
The cluster's NetworkType can be set to either IPV4 (which is the default) or DUALSTACK. When set to IPV4, communication between your application and the Hardware Security Modules (HSMs) is restricted to the IPv4 protocol only. In contrast, the DUALSTACK network type enables communication over both the IPv4 and IPv6 protocols. To use the DUALSTACK option, you'll need to configure your Virtual Private Cloud (VPC) and subnets to support both IPv4 and IPv6. This involves adding IPv6 Classless Inter-Domain Routing (CIDR) blocks to the existing IPv4 CIDR blocks in your subnets. The choice between IPV4 and DUALSTACK network types determines the flexibility of the network addressing setup for your cluster. The DUALSTACK option provides more flexibility by allowing both IPv4 and IPv6 communication.
Certificates (dict) --
Contains one or more certificates or a certificate signing request (CSR).
ClusterCsr (string) --
The cluster's certificate signing request (CSR). The CSR exists only when the cluster's state is UNINITIALIZED.
HsmCertificate (string) --
The HSM certificate issued (signed) by the HSM hardware.
AwsHardwareCertificate (string) --
The HSM hardware certificate issued (signed) by CloudHSM.
ManufacturerHardwareCertificate (string) --
The HSM hardware certificate issued (signed) by the hardware manufacturer.
ClusterCertificate (string) --
The cluster certificate issued (signed) by the issuing certificate authority (CA) of the cluster's owner.
TagList (list) --
The list of tags for the cluster.
(dict) --
Contains a tag. A tag is a key-value pair.
Key (string) --
The key of the tag.
Value (string) --
The value of the tag.
Mode (string) --
The mode of the cluster.