AWS CloudHSM | Support and maintenance Flashcards
What can I do with the CloudHSM API & SDK?
Support and maintenance
AWS CloudHSM | Security, Identity & Compliance
You can create, modify, delete, and obtain the status of CloudHSM Clusters and HSMs. What you can do with the AWS CloudHSM API is limited to operations that AWS can perform with its restricted access. The API cannot access the contents of the HSM or modify any users, policies, or other settings. To learn more, please see the CloudHSM Documentation for information about the API, or the Tools for Amazon Web Services page for more information about the SDK.
How is routine maintenance performed on HSM instances?
Support and maintenance
AWS CloudHSM | Security, Identity & Compliance
AWS’ routine maintenance procedure for CloudHSM is designed to avoid simultaneous downtime in multiple AZs in the same region.
AWS monitors and maintains the HSM instances. We may need to remove an HSM instance from service for upgrade, replacement, or test purposes. Such operations are expected to take less than twenty minutes in the case of a replacement, and should not interfere with the performance of your CloudHSM Cluster under normal circumstances. An application that is actively using a specific HSM in the cluster when it is replaced may experience a momentary disruption while the CloudHSM Client retries the operation on a different HSM in the cluster.
AWS will not perform routine maintenance on HSMs in multiple AZs within the same region within the same 24-hour period.
In unforeseen circumstances, it is possible that AWS might perform emergency maintenance without prior notice. AWS will try to avoid this situation, as well as situations where emergency maintenance is performed within the same 24-hour period on HSMs in multiple AZs in the same region.
AWS strongly recommends that you use CloudHSM Clusters with two or more HSMs in separate Availability Zones to avoid any potential disruption.