2017/08/14 - AWS CloudHSM V2 - 10 new api methods
Changes CloudHSM provides hardware security modules for protecting sensitive data and cryptographic keys within an EC2 VPC, and enable the customer to maintain control over key access and use. This is a second-generation of the service that will improve security, lower cost and provide better customer usability.
Removes the specified tag or tags from the specified AWS CloudHSM cluster.
See also: AWS API Documentation
Request Syntax
client.untag_resource( ResourceId='string', TagKeyList=[ 'string', ] )
string
[REQUIRED]
The cluster identifier (ID) for the cluster whose tags you are removing. To find the cluster ID, use DescribeClusters .
list
[REQUIRED]
A list of one or more tag keys for the tags that you are removing. Specify only the tag keys, not the tag values.
(string) --
dict
Response Syntax
{}
Response Structure
(dict) --
Deletes the specified HSM. To specify an HSM, you can use its identifier (ID), the IP address of the HSM's elastic network interface (ENI), or the ID of the HSM's ENI. You need to specify only one of these values. To find these values, use DescribeClusters .
See also: AWS API Documentation
Request Syntax
client.delete_hsm( ClusterId='string', HsmId='string', EniId='string', EniIp='string' )
string
[REQUIRED]
The identifier (ID) of the cluster that contains the HSM that you are deleting.
string
The identifier (ID) of the HSM that you are deleting.
string
The identifier (ID) of the elastic network interface (ENI) of the HSM that you are deleting.
string
The IP address of the elastic network interface (ENI) of the HSM that you are deleting.
dict
Response Syntax
{ 'HsmId': 'string' }
Response Structure
(dict) --
HsmId (string) --
The identifier (ID) of the HSM that was deleted.
Gets information about backups of AWS CloudHSM clusters.
This is a paginated operation, which means that each response might contain only a subset of all the backups. When the response contains only a subset of backups, it includes a NextToken value. Use this value in a subsequent DescribeBackups request to get more backups. When you receive a response with no NextToken (or an empty or null value), that means there are no more backups to get.
See also: AWS API Documentation
Request Syntax
client.describe_backups( NextToken='string', MaxResults=123, Filters={ 'string': [ 'string', ] } )
string
The NextToken value that you received in the previous response. Use this value to get more backups.
integer
The maximum number of backups to return in the response. When there are more backups than the number you specify, the response contains a NextToken value.
dict
One or more filters to limit the items returned in the response.
Use the backupIds filter to return only the specified backups. Specify backups by their backup identifier (ID).
Use the clusterIds filter to return only the backups for the specified clusters. Specify clusters by their cluster identifier (ID).
Use the states filter to return only backups that match the specified state.
(string) --
(list) --
(string) --
dict
Response Syntax
{ 'Backups': [ { 'BackupId': 'string', 'BackupState': 'CREATE_IN_PROGRESS'|'READY'|'DELETED', 'ClusterId': 'string', 'CreateTimestamp': datetime(2015, 1, 1) }, ], 'NextToken': 'string' }
Response Structure
(dict) --
Backups (list) --
A list of backups.
(dict) --
Contains information about a backup of an AWS CloudHSM cluster.
BackupId (string) --
The identifier (ID) of the backup.
BackupState (string) --
The state of the backup.
ClusterId (string) --
The identifier (ID) of the cluster that was backed up.
CreateTimestamp (datetime) --
The date and time when the backup was created.
NextToken (string) --
An opaque string that indicates that the response contains only a subset of backups. Use this value in a subsequent DescribeBackups request to get more backups.
Gets a list of tags for the specified AWS CloudHSM cluster.
This is a paginated operation, which means that each response might contain only a subset of all the tags. When the response contains only a subset of tags, it includes a NextToken value. Use this value in a subsequent ListTags request to get more tags. When you receive a response with no NextToken (or an empty or null value), that means there are no more tags to get.
See also: AWS API Documentation
Request Syntax
client.list_tags( ResourceId='string', NextToken='string', MaxResults=123 )
string
[REQUIRED]
The cluster identifier (ID) for the cluster whose tags you are getting. To find the cluster ID, use DescribeClusters .
string
The NextToken value that you received in the previous response. Use this value to get more tags.
integer
The maximum number of tags to return in the response. When there are more tags than the number you specify, the response contains a NextToken value.
dict
Response Syntax
{ 'TagList': [ { 'Key': 'string', 'Value': 'string' }, ], 'NextToken': 'string' }
Response Structure
(dict) --
TagList (list) --
A list of tags.
(dict) --
Contains a tag. A tag is a key-value pair.
Key (string) --
The key of the tag.
Value (string) --
The value of the tag.
NextToken (string) --
An opaque string that indicates that the response contains only a subset of tags. Use this value in a subsequent ListTags request to get more tags.
Claims an AWS CloudHSM cluster by submitting the cluster certificate issued by your issuing certificate authority (CA) and the CA's root certificate. Before you can claim a cluster, you must sign the cluster's certificate signing request (CSR) with your issuing CA. To get the cluster's CSR, use DescribeClusters .
See also: AWS API Documentation
Request Syntax
client.initialize_cluster( ClusterId='string', SignedCert='string', TrustAnchor='string' )
string
[REQUIRED]
The identifier (ID) of the cluster that you are claiming. To find the cluster ID, use DescribeClusters .
string
[REQUIRED]
The cluster certificate issued (signed) by your issuing certificate authority (CA). The certificate must be in PEM format.
string
[REQUIRED]
The issuing certificate of the issuing certificate authority (CA) that issued (signed) the cluster certificate. This can be a root (self-signed) certificate or a certificate chain that begins with the certificate that issued the cluster certificate and ends with a root certificate. The certificate or certificate chain must be in PEM format.
dict
Response Syntax
{ 'State': 'CREATE_IN_PROGRESS'|'UNINITIALIZED'|'INITIALIZE_IN_PROGRESS'|'INITIALIZED'|'ACTIVE'|'UPDATE_IN_PROGRESS'|'DELETE_IN_PROGRESS'|'DELETED'|'DEGRADED', 'StateMessage': 'string' }
Response Structure
(dict) --
State (string) --
The cluster's state.
StateMessage (string) --
A description of the cluster's state.
Adds or overwrites one or more tags for the specified AWS CloudHSM cluster.
See also: AWS API Documentation
Request Syntax
client.tag_resource( ResourceId='string', TagList=[ { 'Key': 'string', 'Value': 'string' }, ] )
string
[REQUIRED]
The cluster identifier (ID) for the cluster that you are tagging. To find the cluster ID, use DescribeClusters .
list
[REQUIRED]
A list of one or more tags.
(dict) --
Contains a tag. A tag is a key-value pair.
Key (string) -- [REQUIRED]
The key of the tag.
Value (string) -- [REQUIRED]
The value of the tag.
dict
Response Syntax
{}
Response Structure
(dict) --
Creates a new AWS CloudHSM cluster.
See also: AWS API Documentation
Request Syntax
client.create_cluster( SubnetIds=[ 'string', ], HsmType='string', SourceBackupId='string' )
list
[REQUIRED]
The identifiers (IDs) of the subnets where you are creating the cluster. You must specify at least one subnet. If you specify multiple subnets, they must meet the following criteria:
All subnets must be in the same virtual private cloud (VPC).
You can specify only one subnet per Availability Zone.
(string) --
string
[REQUIRED]
The type of HSM to use in the cluster. Currently the only allowed value is hsm1.medium .
string
The identifier (ID) of the cluster backup to restore. Use this value to restore the cluster from a backup instead of creating a new cluster. To find the backup ID, use DescribeBackups .
dict
Response Syntax
{ 'Cluster': { 'BackupPolicy': 'DEFAULT', 'ClusterId': 'string', 'CreateTimestamp': datetime(2015, 1, 1), 'Hsms': [ { 'AvailabilityZone': 'string', 'ClusterId': 'string', 'SubnetId': 'string', 'EniId': 'string', 'EniIp': 'string', 'HsmId': 'string', 'State': 'CREATE_IN_PROGRESS'|'ACTIVE'|'DEGRADED'|'DELETE_IN_PROGRESS'|'DELETED', 'StateMessage': 'string' }, ], 'HsmType': 'string', 'PreCoPassword': 'string', 'SecurityGroup': 'string', 'SourceBackupId': 'string', 'State': 'CREATE_IN_PROGRESS'|'UNINITIALIZED'|'INITIALIZE_IN_PROGRESS'|'INITIALIZED'|'ACTIVE'|'UPDATE_IN_PROGRESS'|'DELETE_IN_PROGRESS'|'DELETED'|'DEGRADED', 'StateMessage': 'string', 'SubnetMapping': { 'string': 'string' }, 'VpcId': 'string', 'Certificates': { 'ClusterCsr': 'string', 'HsmCertificate': 'string', 'AwsHardwareCertificate': 'string', 'ManufacturerHardwareCertificate': 'string', 'ClusterCertificate': 'string' } } }
Response Structure
(dict) --
Cluster (dict) --
Information about the cluster that was created.
BackupPolicy (string) --
The cluster's backup policy.
ClusterId (string) --
The cluster's identifier (ID).
CreateTimestamp (datetime) --
The date and time when the cluster was created.
Hsms (list) --
Contains information about the HSMs in the cluster.
(dict) --
Contains information about a hardware security module (HSM) in an AWS CloudHSM cluster.
AvailabilityZone (string) --
The Availability Zone that contains the HSM.
ClusterId (string) --
The identifier (ID) of the cluster that contains the HSM.
SubnetId (string) --
The subnet that contains the HSM's elastic network interface (ENI).
EniId (string) --
The identifier (ID) of the HSM's elastic network interface (ENI).
EniIp (string) --
The IP address of the HSM's elastic network interface (ENI).
HsmId (string) --
The HSM's identifier (ID).
State (string) --
The HSM's state.
StateMessage (string) --
A description of the HSM's state.
HsmType (string) --
The type of HSM that the cluster contains.
PreCoPassword (string) --
The default password for the cluster's Pre-Crypto Officer (PRECO) user.
SecurityGroup (string) --
The identifier (ID) of the cluster's security group.
SourceBackupId (string) --
The identifier (ID) of the backup used to create the cluster. This value exists only when the cluster was created from a backup.
State (string) --
The cluster's state.
StateMessage (string) --
A description of the cluster's state.
SubnetMapping (dict) --
A map of the cluster's subnets and their corresponding Availability Zones.
(string) --
(string) --
VpcId (string) --
The identifier (ID) of the virtual private cloud (VPC) that contains the cluster.
Certificates (dict) --
Contains one or more certificates or a certificate signing request (CSR).
ClusterCsr (string) --
The cluster's certificate signing request (CSR). The CSR exists only when the cluster's state is UNINITIALIZED .
HsmCertificate (string) --
The HSM certificate issued (signed) by the HSM hardware.
AwsHardwareCertificate (string) --
The HSM hardware certificate issued (signed) by AWS CloudHSM.
ManufacturerHardwareCertificate (string) --
The HSM hardware certificate issued (signed) by the hardware manufacturer.
ClusterCertificate (string) --
The cluster certificate issued (signed) by the issuing certificate authority (CA) of the cluster's owner.
Creates a new hardware security module (HSM) in the specified AWS CloudHSM cluster.
See also: AWS API Documentation
Request Syntax
client.create_hsm( ClusterId='string', AvailabilityZone='string', IpAddress='string' )
string
[REQUIRED]
The identifier (ID) of the HSM's cluster. To find the cluster ID, use DescribeClusters .
string
[REQUIRED]
The Availability Zone where you are creating the HSM. To find the cluster's Availability Zones, use DescribeClusters .
string
The HSM's IP address. If you specify an IP address, use an available address from the subnet that maps to the Availability Zone where you are creating the HSM. If you don't specify an IP address, one is chosen for you from that subnet.
dict
Response Syntax
{ 'Hsm': { 'AvailabilityZone': 'string', 'ClusterId': 'string', 'SubnetId': 'string', 'EniId': 'string', 'EniIp': 'string', 'HsmId': 'string', 'State': 'CREATE_IN_PROGRESS'|'ACTIVE'|'DEGRADED'|'DELETE_IN_PROGRESS'|'DELETED', 'StateMessage': 'string' } }
Response Structure
(dict) --
Hsm (dict) --
Information about the HSM that was created.
AvailabilityZone (string) --
The Availability Zone that contains the HSM.
ClusterId (string) --
The identifier (ID) of the cluster that contains the HSM.
SubnetId (string) --
The subnet that contains the HSM's elastic network interface (ENI).
EniId (string) --
The identifier (ID) of the HSM's elastic network interface (ENI).
EniIp (string) --
The IP address of the HSM's elastic network interface (ENI).
HsmId (string) --
The HSM's identifier (ID).
State (string) --
The HSM's state.
StateMessage (string) --
A description of the HSM's state.
Gets information about AWS CloudHSM clusters.
This is a paginated operation, which means that each response might contain only a subset of all the clusters. When the response contains only a subset of clusters, it includes a NextToken value. Use this value in a subsequent DescribeClusters request to get more clusters. When you receive a response with no NextToken (or an empty or null value), that means there are no more clusters to get.
See also: AWS API Documentation
Request Syntax
client.describe_clusters( Filters={ 'string': [ 'string', ] }, NextToken='string', MaxResults=123 )
dict
One or more filters to limit the items returned in the response.
Use the clusterIds filter to return only the specified clusters. Specify clusters by their cluster identifier (ID).
Use the vpcIds filter to return only the clusters in the specified virtual private clouds (VPCs). Specify VPCs by their VPC identifier (ID).
Use the states filter to return only clusters that match the specified state.
(string) --
(list) --
(string) --
string
The NextToken value that you received in the previous response. Use this value to get more clusters.
integer
The maximum number of clusters to return in the response. When there are more clusters than the number you specify, the response contains a NextToken value.
dict
Response Syntax
{ 'Clusters': [ { 'BackupPolicy': 'DEFAULT', 'ClusterId': 'string', 'CreateTimestamp': datetime(2015, 1, 1), 'Hsms': [ { 'AvailabilityZone': 'string', 'ClusterId': 'string', 'SubnetId': 'string', 'EniId': 'string', 'EniIp': 'string', 'HsmId': 'string', 'State': 'CREATE_IN_PROGRESS'|'ACTIVE'|'DEGRADED'|'DELETE_IN_PROGRESS'|'DELETED', 'StateMessage': 'string' }, ], 'HsmType': 'string', 'PreCoPassword': 'string', 'SecurityGroup': 'string', 'SourceBackupId': 'string', 'State': 'CREATE_IN_PROGRESS'|'UNINITIALIZED'|'INITIALIZE_IN_PROGRESS'|'INITIALIZED'|'ACTIVE'|'UPDATE_IN_PROGRESS'|'DELETE_IN_PROGRESS'|'DELETED'|'DEGRADED', 'StateMessage': 'string', 'SubnetMapping': { 'string': 'string' }, 'VpcId': 'string', 'Certificates': { 'ClusterCsr': 'string', 'HsmCertificate': 'string', 'AwsHardwareCertificate': 'string', 'ManufacturerHardwareCertificate': 'string', 'ClusterCertificate': 'string' } }, ], 'NextToken': 'string' }
Response Structure
(dict) --
Clusters (list) --
A list of clusters.
(dict) --
Contains information about an AWS CloudHSM cluster.
BackupPolicy (string) --
The cluster's backup policy.
ClusterId (string) --
The cluster's identifier (ID).
CreateTimestamp (datetime) --
The date and time when the cluster was created.
Hsms (list) --
Contains information about the HSMs in the cluster.
(dict) --
Contains information about a hardware security module (HSM) in an AWS CloudHSM cluster.
AvailabilityZone (string) --
The Availability Zone that contains the HSM.
ClusterId (string) --
The identifier (ID) of the cluster that contains the HSM.
SubnetId (string) --
The subnet that contains the HSM's elastic network interface (ENI).
EniId (string) --
The identifier (ID) of the HSM's elastic network interface (ENI).
EniIp (string) --
The IP address of the HSM's elastic network interface (ENI).
HsmId (string) --
The HSM's identifier (ID).
State (string) --
The HSM's state.
StateMessage (string) --
A description of the HSM's state.
HsmType (string) --
The type of HSM that the cluster contains.
PreCoPassword (string) --
The default password for the cluster's Pre-Crypto Officer (PRECO) user.
SecurityGroup (string) --
The identifier (ID) of the cluster's security group.
SourceBackupId (string) --
The identifier (ID) of the backup used to create the cluster. This value exists only when the cluster was created from a backup.
State (string) --
The cluster's state.
StateMessage (string) --
A description of the cluster's state.
SubnetMapping (dict) --
A map of the cluster's subnets and their corresponding Availability Zones.
(string) --
(string) --
VpcId (string) --
The identifier (ID) of the virtual private cloud (VPC) that contains the cluster.
Certificates (dict) --
Contains one or more certificates or a certificate signing request (CSR).
ClusterCsr (string) --
The cluster's certificate signing request (CSR). The CSR exists only when the cluster's state is UNINITIALIZED .
HsmCertificate (string) --
The HSM certificate issued (signed) by the HSM hardware.
AwsHardwareCertificate (string) --
The HSM hardware certificate issued (signed) by AWS CloudHSM.
ManufacturerHardwareCertificate (string) --
The HSM hardware certificate issued (signed) by the hardware manufacturer.
ClusterCertificate (string) --
The cluster certificate issued (signed) by the issuing certificate authority (CA) of the cluster's owner.
NextToken (string) --
An opaque string that indicates that the response contains only a subset of clusters. Use this value in a subsequent DescribeClusters request to get more clusters.
Deletes the specified AWS CloudHSM cluster. Before you can delete a cluster, you must delete all HSMs in the cluster. To see if the cluster contains any HSMs, use DescribeClusters . To delete an HSM, use DeleteHsm .
See also: AWS API Documentation
Request Syntax
client.delete_cluster( ClusterId='string' )
string
[REQUIRED]
The identifier (ID) of the cluster that you are deleting. To find the cluster ID, use DescribeClusters .
dict
Response Syntax
{ 'Cluster': { 'BackupPolicy': 'DEFAULT', 'ClusterId': 'string', 'CreateTimestamp': datetime(2015, 1, 1), 'Hsms': [ { 'AvailabilityZone': 'string', 'ClusterId': 'string', 'SubnetId': 'string', 'EniId': 'string', 'EniIp': 'string', 'HsmId': 'string', 'State': 'CREATE_IN_PROGRESS'|'ACTIVE'|'DEGRADED'|'DELETE_IN_PROGRESS'|'DELETED', 'StateMessage': 'string' }, ], 'HsmType': 'string', 'PreCoPassword': 'string', 'SecurityGroup': 'string', 'SourceBackupId': 'string', 'State': 'CREATE_IN_PROGRESS'|'UNINITIALIZED'|'INITIALIZE_IN_PROGRESS'|'INITIALIZED'|'ACTIVE'|'UPDATE_IN_PROGRESS'|'DELETE_IN_PROGRESS'|'DELETED'|'DEGRADED', 'StateMessage': 'string', 'SubnetMapping': { 'string': 'string' }, 'VpcId': 'string', 'Certificates': { 'ClusterCsr': 'string', 'HsmCertificate': 'string', 'AwsHardwareCertificate': 'string', 'ManufacturerHardwareCertificate': 'string', 'ClusterCertificate': 'string' } } }
Response Structure
(dict) --
Cluster (dict) --
Information about the cluster that was deleted.
BackupPolicy (string) --
The cluster's backup policy.
ClusterId (string) --
The cluster's identifier (ID).
CreateTimestamp (datetime) --
The date and time when the cluster was created.
Hsms (list) --
Contains information about the HSMs in the cluster.
(dict) --
Contains information about a hardware security module (HSM) in an AWS CloudHSM cluster.
AvailabilityZone (string) --
The Availability Zone that contains the HSM.
ClusterId (string) --
The identifier (ID) of the cluster that contains the HSM.
SubnetId (string) --
The subnet that contains the HSM's elastic network interface (ENI).
EniId (string) --
The identifier (ID) of the HSM's elastic network interface (ENI).
EniIp (string) --
The IP address of the HSM's elastic network interface (ENI).
HsmId (string) --
The HSM's identifier (ID).
State (string) --
The HSM's state.
StateMessage (string) --
A description of the HSM's state.
HsmType (string) --
The type of HSM that the cluster contains.
PreCoPassword (string) --
The default password for the cluster's Pre-Crypto Officer (PRECO) user.
SecurityGroup (string) --
The identifier (ID) of the cluster's security group.
SourceBackupId (string) --
The identifier (ID) of the backup used to create the cluster. This value exists only when the cluster was created from a backup.
State (string) --
The cluster's state.
StateMessage (string) --
A description of the cluster's state.
SubnetMapping (dict) --
A map of the cluster's subnets and their corresponding Availability Zones.
(string) --
(string) --
VpcId (string) --
The identifier (ID) of the virtual private cloud (VPC) that contains the cluster.
Certificates (dict) --
Contains one or more certificates or a certificate signing request (CSR).
ClusterCsr (string) --
The cluster's certificate signing request (CSR). The CSR exists only when the cluster's state is UNINITIALIZED .
HsmCertificate (string) --
The HSM certificate issued (signed) by the HSM hardware.
AwsHardwareCertificate (string) --
The HSM hardware certificate issued (signed) by AWS CloudHSM.
ManufacturerHardwareCertificate (string) --
The HSM hardware certificate issued (signed) by the hardware manufacturer.
ClusterCertificate (string) --
The cluster certificate issued (signed) by the issuing certificate authority (CA) of the cluster's owner.