AWS CloudHSM V2

2024/06/13 - AWS CloudHSM V2 - 8 updated api methods

Changes  Added support for hsm type hsm2m.medium. Added supported for creating a cluster in FIPS or NON_FIPS mode.

CreateCluster (updated) Link ¶
Changes (request, response)
Request
{'Mode': 'FIPS | NON_FIPS'}
Response
{'Cluster': {'Mode': 'FIPS | NON_FIPS'}}

Creates a new AWS CloudHSM cluster.

See also: AWS API Documentation

Request Syntax

client.create_cluster(
    BackupRetentionPolicy={
        'Type': 'DAYS',
        'Value': 'string'
    },
    HsmType='string',
    SourceBackupId='string',
    SubnetIds=[
        'string',
    ],
    TagList=[
        {
            'Key': 'string',
            'Value': 'string'
        },
    ],
    Mode='FIPS'|'NON_FIPS'
)
type BackupRetentionPolicy:

dict

param BackupRetentionPolicy:

A policy that defines how the service retains backups.

  • Type (string) --

    The type of backup retention policy. For the DAYS type, the value is the number of days to retain backups.

  • Value (string) --

    Use a value between 7 - 379.

type HsmType:

string

param HsmType:

[REQUIRED]

The type of HSM to use in the cluster. The allowed values are hsm1.medium and hsm2m.medium.

type SourceBackupId:

string

param SourceBackupId:

The identifier (ID) of the cluster backup to restore. Use this value to restore the cluster from a backup instead of creating a new cluster. To find the backup ID, use DescribeBackups.

type SubnetIds:

list

param SubnetIds:

[REQUIRED]

The identifiers (IDs) of the subnets where you are creating the cluster. You must specify at least one subnet. If you specify multiple subnets, they must meet the following criteria:

  • All subnets must be in the same virtual private cloud (VPC).

  • You can specify only one subnet per Availability Zone.

  • (string) --

type TagList:

list

param TagList:

Tags to apply to the CloudHSM cluster during creation.

  • (dict) --

    Contains a tag. A tag is a key-value pair.

    • Key (string) -- [REQUIRED]

      The key of the tag.

    • Value (string) -- [REQUIRED]

      The value of the tag.

type Mode:

string

param Mode:

The mode to use in the cluster. The allowed values are FIPS and NON_FIPS.

rtype:

dict

returns:

Response Syntax

{
    'Cluster': {
        'BackupPolicy': 'DEFAULT',
        'BackupRetentionPolicy': {
            'Type': 'DAYS',
            'Value': 'string'
        },
        'ClusterId': 'string',
        'CreateTimestamp': datetime(2015, 1, 1),
        'Hsms': [
            {
                'AvailabilityZone': 'string',
                'ClusterId': 'string',
                'SubnetId': 'string',
                'EniId': 'string',
                'EniIp': 'string',
                'HsmId': 'string',
                'State': 'CREATE_IN_PROGRESS'|'ACTIVE'|'DEGRADED'|'DELETE_IN_PROGRESS'|'DELETED',
                'StateMessage': 'string'
            },
        ],
        'HsmType': 'string',
        'PreCoPassword': 'string',
        'SecurityGroup': 'string',
        'SourceBackupId': 'string',
        'State': 'CREATE_IN_PROGRESS'|'UNINITIALIZED'|'INITIALIZE_IN_PROGRESS'|'INITIALIZED'|'ACTIVE'|'UPDATE_IN_PROGRESS'|'DELETE_IN_PROGRESS'|'DELETED'|'DEGRADED',
        'StateMessage': 'string',
        'SubnetMapping': {
            'string': 'string'
        },
        'VpcId': 'string',
        'Certificates': {
            'ClusterCsr': 'string',
            'HsmCertificate': 'string',
            'AwsHardwareCertificate': 'string',
            'ManufacturerHardwareCertificate': 'string',
            'ClusterCertificate': 'string'
        },
        'TagList': [
            {
                'Key': 'string',
                'Value': 'string'
            },
        ],
        'Mode': 'FIPS'|'NON_FIPS'
    }
}

Response Structure

  • (dict) --

    • Cluster (dict) --

      Information about the cluster that was created.

      • BackupPolicy (string) --

        The cluster's backup policy.

      • BackupRetentionPolicy (dict) --

        A policy that defines how the service retains backups.

        • Type (string) --

          The type of backup retention policy. For the DAYS type, the value is the number of days to retain backups.

        • Value (string) --

          Use a value between 7 - 379.

      • ClusterId (string) --

        The cluster's identifier (ID).

      • CreateTimestamp (datetime) --

        The date and time when the cluster was created.

      • Hsms (list) --

        Contains information about the HSMs in the cluster.

        • (dict) --

          Contains information about a hardware security module (HSM) in an AWS CloudHSM cluster.

          • AvailabilityZone (string) --

            The Availability Zone that contains the HSM.

          • ClusterId (string) --

            The identifier (ID) of the cluster that contains the HSM.

          • SubnetId (string) --

            The subnet that contains the HSM's elastic network interface (ENI).

          • EniId (string) --

            The identifier (ID) of the HSM's elastic network interface (ENI).

          • EniIp (string) --

            The IP address of the HSM's elastic network interface (ENI).

          • HsmId (string) --

            The HSM's identifier (ID).

          • State (string) --

            The HSM's state.

          • StateMessage (string) --

            A description of the HSM's state.

      • HsmType (string) --

        The type of HSM that the cluster contains.

      • PreCoPassword (string) --

        The default password for the cluster's Pre-Crypto Officer (PRECO) user.

      • SecurityGroup (string) --

        The identifier (ID) of the cluster's security group.

      • SourceBackupId (string) --

        The identifier (ID) of the backup used to create the cluster. This value exists only when the cluster was created from a backup.

      • State (string) --

        The cluster's state.

      • StateMessage (string) --

        A description of the cluster's state.

      • SubnetMapping (dict) --

        A map from availability zone to the cluster’s subnet in that availability zone.

        • (string) --

          • (string) --

      • VpcId (string) --

        The identifier (ID) of the virtual private cloud (VPC) that contains the cluster.

      • Certificates (dict) --

        Contains one or more certificates or a certificate signing request (CSR).

        • ClusterCsr (string) --

          The cluster's certificate signing request (CSR). The CSR exists only when the cluster's state is UNINITIALIZED.

        • HsmCertificate (string) --

          The HSM certificate issued (signed) by the HSM hardware.

        • AwsHardwareCertificate (string) --

          The HSM hardware certificate issued (signed) by AWS CloudHSM.

        • ManufacturerHardwareCertificate (string) --

          The HSM hardware certificate issued (signed) by the hardware manufacturer.

        • ClusterCertificate (string) --

          The cluster certificate issued (signed) by the issuing certificate authority (CA) of the cluster's owner.

      • TagList (list) --

        The list of tags for the cluster.

        • (dict) --

          Contains a tag. A tag is a key-value pair.

          • Key (string) --

            The key of the tag.

          • Value (string) --

            The value of the tag.

      • Mode (string) --

        The mode of the cluster.

DeleteBackup (updated) Link ¶
Changes (response)
{'Backup': {'HsmType': 'string', 'Mode': 'FIPS | NON_FIPS'}}

Deletes a specified AWS CloudHSM backup. A backup can be restored up to 7 days after the DeleteBackup request is made. For more information on restoring a backup, see RestoreBackup.

See also: AWS API Documentation

Request Syntax

client.delete_backup(
    BackupId='string'
)
type BackupId:

string

param BackupId:

[REQUIRED]

The ID of the backup to be deleted. To find the ID of a backup, use the DescribeBackups operation.

rtype:

dict

returns:

Response Syntax

{
    'Backup': {
        'BackupId': 'string',
        'BackupState': 'CREATE_IN_PROGRESS'|'READY'|'DELETED'|'PENDING_DELETION',
        'ClusterId': 'string',
        'CreateTimestamp': datetime(2015, 1, 1),
        'CopyTimestamp': datetime(2015, 1, 1),
        'NeverExpires': True|False,
        'SourceRegion': 'string',
        'SourceBackup': 'string',
        'SourceCluster': 'string',
        'DeleteTimestamp': datetime(2015, 1, 1),
        'TagList': [
            {
                'Key': 'string',
                'Value': 'string'
            },
        ],
        'HsmType': 'string',
        'Mode': 'FIPS'|'NON_FIPS'
    }
}

Response Structure

  • (dict) --

    • Backup (dict) --

      Information on the Backup object deleted.

      • BackupId (string) --

        The identifier (ID) of the backup.

      • BackupState (string) --

        The state of the backup.

      • ClusterId (string) --

        The identifier (ID) of the cluster that was backed up.

      • CreateTimestamp (datetime) --

        The date and time when the backup was created.

      • CopyTimestamp (datetime) --

        The date and time when the backup was copied from a source backup.

      • NeverExpires (boolean) --

        Specifies whether the service should exempt a backup from the retention policy for the cluster. True exempts a backup from the retention policy. False means the service applies the backup retention policy defined at the cluster.

      • SourceRegion (string) --

        The AWS Region that contains the source backup from which the new backup was copied.

      • SourceBackup (string) --

        The identifier (ID) of the source backup from which the new backup was copied.

      • SourceCluster (string) --

        The identifier (ID) of the cluster containing the source backup from which the new backup was copied.

      • DeleteTimestamp (datetime) --

        The date and time when the backup will be permanently deleted.

      • TagList (list) --

        The list of tags for the backup.

        • (dict) --

          Contains a tag. A tag is a key-value pair.

          • Key (string) --

            The key of the tag.

          • Value (string) --

            The value of the tag.

      • HsmType (string) --

        The HSM type of the cluster that was backed up.

      • Mode (string) --

        The mode of the cluster that was backed up.

DeleteCluster (updated) Link ¶
Changes (response)
{'Cluster': {'Mode': 'FIPS | NON_FIPS'}}

Deletes the specified AWS CloudHSM cluster. Before you can delete a cluster, you must delete all HSMs in the cluster. To see if the cluster contains any HSMs, use DescribeClusters. To delete an HSM, use DeleteHsm.

See also: AWS API Documentation

Request Syntax

client.delete_cluster(
    ClusterId='string'
)
type ClusterId:

string

param ClusterId:

[REQUIRED]

The identifier (ID) of the cluster that you are deleting. To find the cluster ID, use DescribeClusters.

rtype:

dict

returns:

Response Syntax

{
    'Cluster': {
        'BackupPolicy': 'DEFAULT',
        'BackupRetentionPolicy': {
            'Type': 'DAYS',
            'Value': 'string'
        },
        'ClusterId': 'string',
        'CreateTimestamp': datetime(2015, 1, 1),
        'Hsms': [
            {
                'AvailabilityZone': 'string',
                'ClusterId': 'string',
                'SubnetId': 'string',
                'EniId': 'string',
                'EniIp': 'string',
                'HsmId': 'string',
                'State': 'CREATE_IN_PROGRESS'|'ACTIVE'|'DEGRADED'|'DELETE_IN_PROGRESS'|'DELETED',
                'StateMessage': 'string'
            },
        ],
        'HsmType': 'string',
        'PreCoPassword': 'string',
        'SecurityGroup': 'string',
        'SourceBackupId': 'string',
        'State': 'CREATE_IN_PROGRESS'|'UNINITIALIZED'|'INITIALIZE_IN_PROGRESS'|'INITIALIZED'|'ACTIVE'|'UPDATE_IN_PROGRESS'|'DELETE_IN_PROGRESS'|'DELETED'|'DEGRADED',
        'StateMessage': 'string',
        'SubnetMapping': {
            'string': 'string'
        },
        'VpcId': 'string',
        'Certificates': {
            'ClusterCsr': 'string',
            'HsmCertificate': 'string',
            'AwsHardwareCertificate': 'string',
            'ManufacturerHardwareCertificate': 'string',
            'ClusterCertificate': 'string'
        },
        'TagList': [
            {
                'Key': 'string',
                'Value': 'string'
            },
        ],
        'Mode': 'FIPS'|'NON_FIPS'
    }
}

Response Structure

  • (dict) --

    • Cluster (dict) --

      Information about the cluster that was deleted.

      • BackupPolicy (string) --

        The cluster's backup policy.

      • BackupRetentionPolicy (dict) --

        A policy that defines how the service retains backups.

        • Type (string) --

          The type of backup retention policy. For the DAYS type, the value is the number of days to retain backups.

        • Value (string) --

          Use a value between 7 - 379.

      • ClusterId (string) --

        The cluster's identifier (ID).

      • CreateTimestamp (datetime) --

        The date and time when the cluster was created.

      • Hsms (list) --

        Contains information about the HSMs in the cluster.

        • (dict) --

          Contains information about a hardware security module (HSM) in an AWS CloudHSM cluster.

          • AvailabilityZone (string) --

            The Availability Zone that contains the HSM.

          • ClusterId (string) --

            The identifier (ID) of the cluster that contains the HSM.

          • SubnetId (string) --

            The subnet that contains the HSM's elastic network interface (ENI).

          • EniId (string) --

            The identifier (ID) of the HSM's elastic network interface (ENI).

          • EniIp (string) --

            The IP address of the HSM's elastic network interface (ENI).

          • HsmId (string) --

            The HSM's identifier (ID).

          • State (string) --

            The HSM's state.

          • StateMessage (string) --

            A description of the HSM's state.

      • HsmType (string) --

        The type of HSM that the cluster contains.

      • PreCoPassword (string) --

        The default password for the cluster's Pre-Crypto Officer (PRECO) user.

      • SecurityGroup (string) --

        The identifier (ID) of the cluster's security group.

      • SourceBackupId (string) --

        The identifier (ID) of the backup used to create the cluster. This value exists only when the cluster was created from a backup.

      • State (string) --

        The cluster's state.

      • StateMessage (string) --

        A description of the cluster's state.

      • SubnetMapping (dict) --

        A map from availability zone to the cluster’s subnet in that availability zone.

        • (string) --

          • (string) --

      • VpcId (string) --

        The identifier (ID) of the virtual private cloud (VPC) that contains the cluster.

      • Certificates (dict) --

        Contains one or more certificates or a certificate signing request (CSR).

        • ClusterCsr (string) --

          The cluster's certificate signing request (CSR). The CSR exists only when the cluster's state is UNINITIALIZED.

        • HsmCertificate (string) --

          The HSM certificate issued (signed) by the HSM hardware.

        • AwsHardwareCertificate (string) --

          The HSM hardware certificate issued (signed) by AWS CloudHSM.

        • ManufacturerHardwareCertificate (string) --

          The HSM hardware certificate issued (signed) by the hardware manufacturer.

        • ClusterCertificate (string) --

          The cluster certificate issued (signed) by the issuing certificate authority (CA) of the cluster's owner.

      • TagList (list) --

        The list of tags for the cluster.

        • (dict) --

          Contains a tag. A tag is a key-value pair.

          • Key (string) --

            The key of the tag.

          • Value (string) --

            The value of the tag.

      • Mode (string) --

        The mode of the cluster.

DescribeBackups (updated) Link ¶
Changes (response)
{'Backups': {'HsmType': 'string', 'Mode': 'FIPS | NON_FIPS'}}

Gets information about backups of AWS CloudHSM clusters.

This is a paginated operation, which means that each response might contain only a subset of all the backups. When the response contains only a subset of backups, it includes a NextToken value. Use this value in a subsequent DescribeBackups request to get more backups. When you receive a response with no NextToken (or an empty or null value), that means there are no more backups to get.

See also: AWS API Documentation

Request Syntax

client.describe_backups(
    NextToken='string',
    MaxResults=123,
    Filters={
        'string': [
            'string',
        ]
    },
    SortAscending=True|False
)
type NextToken:

string

param NextToken:

The NextToken value that you received in the previous response. Use this value to get more backups.

type MaxResults:

integer

param MaxResults:

The maximum number of backups to return in the response. When there are more backups than the number you specify, the response contains a NextToken value.

type Filters:

dict

param Filters:

One or more filters to limit the items returned in the response.

Use the backupIds filter to return only the specified backups. Specify backups by their backup identifier (ID).

Use the sourceBackupIds filter to return only the backups created from a source backup. The sourceBackupID of a source backup is returned by the CopyBackupToRegion operation.

Use the clusterIds filter to return only the backups for the specified clusters. Specify clusters by their cluster identifier (ID).

Use the states filter to return only backups that match the specified state.

Use the neverExpires filter to return backups filtered by the value in the neverExpires parameter. True returns all backups exempt from the backup retention policy. False returns all backups with a backup retention policy defined at the cluster.

  • (string) --

    • (list) --

      • (string) --

type SortAscending:

boolean

param SortAscending:

Designates whether or not to sort the return backups by ascending chronological order of generation.

rtype:

dict

returns:

Response Syntax

{
    'Backups': [
        {
            'BackupId': 'string',
            'BackupState': 'CREATE_IN_PROGRESS'|'READY'|'DELETED'|'PENDING_DELETION',
            'ClusterId': 'string',
            'CreateTimestamp': datetime(2015, 1, 1),
            'CopyTimestamp': datetime(2015, 1, 1),
            'NeverExpires': True|False,
            'SourceRegion': 'string',
            'SourceBackup': 'string',
            'SourceCluster': 'string',
            'DeleteTimestamp': datetime(2015, 1, 1),
            'TagList': [
                {
                    'Key': 'string',
                    'Value': 'string'
                },
            ],
            'HsmType': 'string',
            'Mode': 'FIPS'|'NON_FIPS'
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    • Backups (list) --

      A list of backups.

      • (dict) --

        Contains information about a backup of an AWS CloudHSM cluster. All backup objects contain the BackupId, BackupState, ClusterId, and CreateTimestamp parameters. Backups that were copied into a destination region additionally contain the CopyTimestamp, SourceBackup, SourceCluster, and SourceRegion parameters. A backup that is pending deletion will include the DeleteTimestamp parameter.

        • BackupId (string) --

          The identifier (ID) of the backup.

        • BackupState (string) --

          The state of the backup.

        • ClusterId (string) --

          The identifier (ID) of the cluster that was backed up.

        • CreateTimestamp (datetime) --

          The date and time when the backup was created.

        • CopyTimestamp (datetime) --

          The date and time when the backup was copied from a source backup.

        • NeverExpires (boolean) --

          Specifies whether the service should exempt a backup from the retention policy for the cluster. True exempts a backup from the retention policy. False means the service applies the backup retention policy defined at the cluster.

        • SourceRegion (string) --

          The AWS Region that contains the source backup from which the new backup was copied.

        • SourceBackup (string) --

          The identifier (ID) of the source backup from which the new backup was copied.

        • SourceCluster (string) --

          The identifier (ID) of the cluster containing the source backup from which the new backup was copied.

        • DeleteTimestamp (datetime) --

          The date and time when the backup will be permanently deleted.

        • TagList (list) --

          The list of tags for the backup.

          • (dict) --

            Contains a tag. A tag is a key-value pair.

            • Key (string) --

              The key of the tag.

            • Value (string) --

              The value of the tag.

        • HsmType (string) --

          The HSM type of the cluster that was backed up.

        • Mode (string) --

          The mode of the cluster that was backed up.

    • NextToken (string) --

      An opaque string that indicates that the response contains only a subset of backups. Use this value in a subsequent DescribeBackups request to get more backups.

DescribeClusters (updated) Link ¶
Changes (response)
{'Clusters': {'Mode': 'FIPS | NON_FIPS'}}

Gets information about AWS CloudHSM clusters.

This is a paginated operation, which means that each response might contain only a subset of all the clusters. When the response contains only a subset of clusters, it includes a NextToken value. Use this value in a subsequent DescribeClusters request to get more clusters. When you receive a response with no NextToken (or an empty or null value), that means there are no more clusters to get.

See also: AWS API Documentation

Request Syntax

client.describe_clusters(
    Filters={
        'string': [
            'string',
        ]
    },
    NextToken='string',
    MaxResults=123
)
type Filters:

dict

param Filters:

One or more filters to limit the items returned in the response.

Use the clusterIds filter to return only the specified clusters. Specify clusters by their cluster identifier (ID).

Use the vpcIds filter to return only the clusters in the specified virtual private clouds (VPCs). Specify VPCs by their VPC identifier (ID).

Use the states filter to return only clusters that match the specified state.

  • (string) --

    • (list) --

      • (string) --

type NextToken:

string

param NextToken:

The NextToken value that you received in the previous response. Use this value to get more clusters.

type MaxResults:

integer

param MaxResults:

The maximum number of clusters to return in the response. When there are more clusters than the number you specify, the response contains a NextToken value.

rtype:

dict

returns:

Response Syntax

{
    'Clusters': [
        {
            'BackupPolicy': 'DEFAULT',
            'BackupRetentionPolicy': {
                'Type': 'DAYS',
                'Value': 'string'
            },
            'ClusterId': 'string',
            'CreateTimestamp': datetime(2015, 1, 1),
            'Hsms': [
                {
                    'AvailabilityZone': 'string',
                    'ClusterId': 'string',
                    'SubnetId': 'string',
                    'EniId': 'string',
                    'EniIp': 'string',
                    'HsmId': 'string',
                    'State': 'CREATE_IN_PROGRESS'|'ACTIVE'|'DEGRADED'|'DELETE_IN_PROGRESS'|'DELETED',
                    'StateMessage': 'string'
                },
            ],
            'HsmType': 'string',
            'PreCoPassword': 'string',
            'SecurityGroup': 'string',
            'SourceBackupId': 'string',
            'State': 'CREATE_IN_PROGRESS'|'UNINITIALIZED'|'INITIALIZE_IN_PROGRESS'|'INITIALIZED'|'ACTIVE'|'UPDATE_IN_PROGRESS'|'DELETE_IN_PROGRESS'|'DELETED'|'DEGRADED',
            'StateMessage': 'string',
            'SubnetMapping': {
                'string': 'string'
            },
            'VpcId': 'string',
            'Certificates': {
                'ClusterCsr': 'string',
                'HsmCertificate': 'string',
                'AwsHardwareCertificate': 'string',
                'ManufacturerHardwareCertificate': 'string',
                'ClusterCertificate': 'string'
            },
            'TagList': [
                {
                    'Key': 'string',
                    'Value': 'string'
                },
            ],
            'Mode': 'FIPS'|'NON_FIPS'
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    • Clusters (list) --

      A list of clusters.

      • (dict) --

        Contains information about an AWS CloudHSM cluster.

        • BackupPolicy (string) --

          The cluster's backup policy.

        • BackupRetentionPolicy (dict) --

          A policy that defines how the service retains backups.

          • Type (string) --

            The type of backup retention policy. For the DAYS type, the value is the number of days to retain backups.

          • Value (string) --

            Use a value between 7 - 379.

        • ClusterId (string) --

          The cluster's identifier (ID).

        • CreateTimestamp (datetime) --

          The date and time when the cluster was created.

        • Hsms (list) --

          Contains information about the HSMs in the cluster.

          • (dict) --

            Contains information about a hardware security module (HSM) in an AWS CloudHSM cluster.

            • AvailabilityZone (string) --

              The Availability Zone that contains the HSM.

            • ClusterId (string) --

              The identifier (ID) of the cluster that contains the HSM.

            • SubnetId (string) --

              The subnet that contains the HSM's elastic network interface (ENI).

            • EniId (string) --

              The identifier (ID) of the HSM's elastic network interface (ENI).

            • EniIp (string) --

              The IP address of the HSM's elastic network interface (ENI).

            • HsmId (string) --

              The HSM's identifier (ID).

            • State (string) --

              The HSM's state.

            • StateMessage (string) --

              A description of the HSM's state.

        • HsmType (string) --

          The type of HSM that the cluster contains.

        • PreCoPassword (string) --

          The default password for the cluster's Pre-Crypto Officer (PRECO) user.

        • SecurityGroup (string) --

          The identifier (ID) of the cluster's security group.

        • SourceBackupId (string) --

          The identifier (ID) of the backup used to create the cluster. This value exists only when the cluster was created from a backup.

        • State (string) --

          The cluster's state.

        • StateMessage (string) --

          A description of the cluster's state.

        • SubnetMapping (dict) --

          A map from availability zone to the cluster’s subnet in that availability zone.

          • (string) --

            • (string) --

        • VpcId (string) --

          The identifier (ID) of the virtual private cloud (VPC) that contains the cluster.

        • Certificates (dict) --

          Contains one or more certificates or a certificate signing request (CSR).

          • ClusterCsr (string) --

            The cluster's certificate signing request (CSR). The CSR exists only when the cluster's state is UNINITIALIZED.

          • HsmCertificate (string) --

            The HSM certificate issued (signed) by the HSM hardware.

          • AwsHardwareCertificate (string) --

            The HSM hardware certificate issued (signed) by AWS CloudHSM.

          • ManufacturerHardwareCertificate (string) --

            The HSM hardware certificate issued (signed) by the hardware manufacturer.

          • ClusterCertificate (string) --

            The cluster certificate issued (signed) by the issuing certificate authority (CA) of the cluster's owner.

        • TagList (list) --

          The list of tags for the cluster.

          • (dict) --

            Contains a tag. A tag is a key-value pair.

            • Key (string) --

              The key of the tag.

            • Value (string) --

              The value of the tag.

        • Mode (string) --

          The mode of the cluster.

    • NextToken (string) --

      An opaque string that indicates that the response contains only a subset of clusters. Use this value in a subsequent DescribeClusters request to get more clusters.

ModifyBackupAttributes (updated) Link ¶
Changes (response)
{'Backup': {'HsmType': 'string', 'Mode': 'FIPS | NON_FIPS'}}

Modifies attributes for AWS CloudHSM backup.

See also: AWS API Documentation

Request Syntax

client.modify_backup_attributes(
    BackupId='string',
    NeverExpires=True|False
)
type BackupId:

string

param BackupId:

[REQUIRED]

The identifier (ID) of the backup to modify. To find the ID of a backup, use the DescribeBackups operation.

type NeverExpires:

boolean

param NeverExpires:

[REQUIRED]

Specifies whether the service should exempt a backup from the retention policy for the cluster. True exempts a backup from the retention policy. False means the service applies the backup retention policy defined at the cluster.

rtype:

dict

returns:

Response Syntax

{
    'Backup': {
        'BackupId': 'string',
        'BackupState': 'CREATE_IN_PROGRESS'|'READY'|'DELETED'|'PENDING_DELETION',
        'ClusterId': 'string',
        'CreateTimestamp': datetime(2015, 1, 1),
        'CopyTimestamp': datetime(2015, 1, 1),
        'NeverExpires': True|False,
        'SourceRegion': 'string',
        'SourceBackup': 'string',
        'SourceCluster': 'string',
        'DeleteTimestamp': datetime(2015, 1, 1),
        'TagList': [
            {
                'Key': 'string',
                'Value': 'string'
            },
        ],
        'HsmType': 'string',
        'Mode': 'FIPS'|'NON_FIPS'
    }
}

Response Structure

  • (dict) --

    • Backup (dict) --

      Contains information about a backup of an AWS CloudHSM cluster. All backup objects contain the BackupId, BackupState, ClusterId, and CreateTimestamp parameters. Backups that were copied into a destination region additionally contain the CopyTimestamp, SourceBackup, SourceCluster, and SourceRegion parameters. A backup that is pending deletion will include the DeleteTimestamp parameter.

      • BackupId (string) --

        The identifier (ID) of the backup.

      • BackupState (string) --

        The state of the backup.

      • ClusterId (string) --

        The identifier (ID) of the cluster that was backed up.

      • CreateTimestamp (datetime) --

        The date and time when the backup was created.

      • CopyTimestamp (datetime) --

        The date and time when the backup was copied from a source backup.

      • NeverExpires (boolean) --

        Specifies whether the service should exempt a backup from the retention policy for the cluster. True exempts a backup from the retention policy. False means the service applies the backup retention policy defined at the cluster.

      • SourceRegion (string) --

        The AWS Region that contains the source backup from which the new backup was copied.

      • SourceBackup (string) --

        The identifier (ID) of the source backup from which the new backup was copied.

      • SourceCluster (string) --

        The identifier (ID) of the cluster containing the source backup from which the new backup was copied.

      • DeleteTimestamp (datetime) --

        The date and time when the backup will be permanently deleted.

      • TagList (list) --

        The list of tags for the backup.

        • (dict) --

          Contains a tag. A tag is a key-value pair.

          • Key (string) --

            The key of the tag.

          • Value (string) --

            The value of the tag.

      • HsmType (string) --

        The HSM type of the cluster that was backed up.

      • Mode (string) --

        The mode of the cluster that was backed up.

ModifyCluster (updated) Link ¶
Changes (response)
{'Cluster': {'Mode': 'FIPS | NON_FIPS'}}

Modifies AWS CloudHSM cluster.

See also: AWS API Documentation

Request Syntax

client.modify_cluster(
    BackupRetentionPolicy={
        'Type': 'DAYS',
        'Value': 'string'
    },
    ClusterId='string'
)
type BackupRetentionPolicy:

dict

param BackupRetentionPolicy:

[REQUIRED]

A policy that defines how the service retains backups.

  • Type (string) --

    The type of backup retention policy. For the DAYS type, the value is the number of days to retain backups.

  • Value (string) --

    Use a value between 7 - 379.

type ClusterId:

string

param ClusterId:

[REQUIRED]

The identifier (ID) of the cluster that you want to modify. To find the cluster ID, use DescribeClusters.

rtype:

dict

returns:

Response Syntax

{
    'Cluster': {
        'BackupPolicy': 'DEFAULT',
        'BackupRetentionPolicy': {
            'Type': 'DAYS',
            'Value': 'string'
        },
        'ClusterId': 'string',
        'CreateTimestamp': datetime(2015, 1, 1),
        'Hsms': [
            {
                'AvailabilityZone': 'string',
                'ClusterId': 'string',
                'SubnetId': 'string',
                'EniId': 'string',
                'EniIp': 'string',
                'HsmId': 'string',
                'State': 'CREATE_IN_PROGRESS'|'ACTIVE'|'DEGRADED'|'DELETE_IN_PROGRESS'|'DELETED',
                'StateMessage': 'string'
            },
        ],
        'HsmType': 'string',
        'PreCoPassword': 'string',
        'SecurityGroup': 'string',
        'SourceBackupId': 'string',
        'State': 'CREATE_IN_PROGRESS'|'UNINITIALIZED'|'INITIALIZE_IN_PROGRESS'|'INITIALIZED'|'ACTIVE'|'UPDATE_IN_PROGRESS'|'DELETE_IN_PROGRESS'|'DELETED'|'DEGRADED',
        'StateMessage': 'string',
        'SubnetMapping': {
            'string': 'string'
        },
        'VpcId': 'string',
        'Certificates': {
            'ClusterCsr': 'string',
            'HsmCertificate': 'string',
            'AwsHardwareCertificate': 'string',
            'ManufacturerHardwareCertificate': 'string',
            'ClusterCertificate': 'string'
        },
        'TagList': [
            {
                'Key': 'string',
                'Value': 'string'
            },
        ],
        'Mode': 'FIPS'|'NON_FIPS'
    }
}

Response Structure

  • (dict) --

    • Cluster (dict) --

      Contains information about an AWS CloudHSM cluster.

      • BackupPolicy (string) --

        The cluster's backup policy.

      • BackupRetentionPolicy (dict) --

        A policy that defines how the service retains backups.

        • Type (string) --

          The type of backup retention policy. For the DAYS type, the value is the number of days to retain backups.

        • Value (string) --

          Use a value between 7 - 379.

      • ClusterId (string) --

        The cluster's identifier (ID).

      • CreateTimestamp (datetime) --

        The date and time when the cluster was created.

      • Hsms (list) --

        Contains information about the HSMs in the cluster.

        • (dict) --

          Contains information about a hardware security module (HSM) in an AWS CloudHSM cluster.

          • AvailabilityZone (string) --

            The Availability Zone that contains the HSM.

          • ClusterId (string) --

            The identifier (ID) of the cluster that contains the HSM.

          • SubnetId (string) --

            The subnet that contains the HSM's elastic network interface (ENI).

          • EniId (string) --

            The identifier (ID) of the HSM's elastic network interface (ENI).

          • EniIp (string) --

            The IP address of the HSM's elastic network interface (ENI).

          • HsmId (string) --

            The HSM's identifier (ID).

          • State (string) --

            The HSM's state.

          • StateMessage (string) --

            A description of the HSM's state.

      • HsmType (string) --

        The type of HSM that the cluster contains.

      • PreCoPassword (string) --

        The default password for the cluster's Pre-Crypto Officer (PRECO) user.

      • SecurityGroup (string) --

        The identifier (ID) of the cluster's security group.

      • SourceBackupId (string) --

        The identifier (ID) of the backup used to create the cluster. This value exists only when the cluster was created from a backup.

      • State (string) --

        The cluster's state.

      • StateMessage (string) --

        A description of the cluster's state.

      • SubnetMapping (dict) --

        A map from availability zone to the cluster’s subnet in that availability zone.

        • (string) --

          • (string) --

      • VpcId (string) --

        The identifier (ID) of the virtual private cloud (VPC) that contains the cluster.

      • Certificates (dict) --

        Contains one or more certificates or a certificate signing request (CSR).

        • ClusterCsr (string) --

          The cluster's certificate signing request (CSR). The CSR exists only when the cluster's state is UNINITIALIZED.

        • HsmCertificate (string) --

          The HSM certificate issued (signed) by the HSM hardware.

        • AwsHardwareCertificate (string) --

          The HSM hardware certificate issued (signed) by AWS CloudHSM.

        • ManufacturerHardwareCertificate (string) --

          The HSM hardware certificate issued (signed) by the hardware manufacturer.

        • ClusterCertificate (string) --

          The cluster certificate issued (signed) by the issuing certificate authority (CA) of the cluster's owner.

      • TagList (list) --

        The list of tags for the cluster.

        • (dict) --

          Contains a tag. A tag is a key-value pair.

          • Key (string) --

            The key of the tag.

          • Value (string) --

            The value of the tag.

      • Mode (string) --

        The mode of the cluster.

RestoreBackup (updated) Link ¶
Changes (response)
{'Backup': {'HsmType': 'string', 'Mode': 'FIPS | NON_FIPS'}}

Restores a specified AWS CloudHSM backup that is in the PENDING_DELETION state. For mor information on deleting a backup, see DeleteBackup.

See also: AWS API Documentation

Request Syntax

client.restore_backup(
    BackupId='string'
)
type BackupId:

string

param BackupId:

[REQUIRED]

The ID of the backup to be restored. To find the ID of a backup, use the DescribeBackups operation.

rtype:

dict

returns:

Response Syntax

{
    'Backup': {
        'BackupId': 'string',
        'BackupState': 'CREATE_IN_PROGRESS'|'READY'|'DELETED'|'PENDING_DELETION',
        'ClusterId': 'string',
        'CreateTimestamp': datetime(2015, 1, 1),
        'CopyTimestamp': datetime(2015, 1, 1),
        'NeverExpires': True|False,
        'SourceRegion': 'string',
        'SourceBackup': 'string',
        'SourceCluster': 'string',
        'DeleteTimestamp': datetime(2015, 1, 1),
        'TagList': [
            {
                'Key': 'string',
                'Value': 'string'
            },
        ],
        'HsmType': 'string',
        'Mode': 'FIPS'|'NON_FIPS'
    }
}

Response Structure

  • (dict) --

    • Backup (dict) --

      Information on the Backup object created.

      • BackupId (string) --

        The identifier (ID) of the backup.

      • BackupState (string) --

        The state of the backup.

      • ClusterId (string) --

        The identifier (ID) of the cluster that was backed up.

      • CreateTimestamp (datetime) --

        The date and time when the backup was created.

      • CopyTimestamp (datetime) --

        The date and time when the backup was copied from a source backup.

      • NeverExpires (boolean) --

        Specifies whether the service should exempt a backup from the retention policy for the cluster. True exempts a backup from the retention policy. False means the service applies the backup retention policy defined at the cluster.

      • SourceRegion (string) --

        The AWS Region that contains the source backup from which the new backup was copied.

      • SourceBackup (string) --

        The identifier (ID) of the source backup from which the new backup was copied.

      • SourceCluster (string) --

        The identifier (ID) of the cluster containing the source backup from which the new backup was copied.

      • DeleteTimestamp (datetime) --

        The date and time when the backup will be permanently deleted.

      • TagList (list) --

        The list of tags for the backup.

        • (dict) --

          Contains a tag. A tag is a key-value pair.

          • Key (string) --

            The key of the tag.

          • Value (string) --

            The value of the tag.

      • HsmType (string) --

        The HSM type of the cluster that was backed up.

      • Mode (string) --

        The mode of the cluster that was backed up.