Skip to content

stormreply/cloudhsm-demo

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

119 Commits
.github/workflows
.github/workflows
 
 
local-exec
local-exec
 
 
scripts
scripts
 
 
.gitignore
.gitignore
 
 
.pre-commit-config.yaml
.pre-commit-config.yaml
 
 
README.md
README.md
 
 
__README
__README
 
 
_default_tags.tf
_default_tags.tf
 
 
_metadata.tf
_metadata.tf
 
 
cluster.tf
cluster.tf
 
 
controller-instance.tf
controller-instance.tf
 
 
controller-profile.tf
controller-profile.tf
 
 
controller-securitygroup.tf
controller-securitygroup.tf
 
 
controller-userdata.tf
controller-userdata.tf
 
 
copy-customer-ca-crt.tf
copy-customer-ca-crt.tf
 
 
customerCA.crt
customerCA.crt
 
 
data.tf
data.tf
 
 
hsm-one.tf
hsm-one.tf
 
 
hsm-two.tf
hsm-two.tf
 
 
key-pair.tf
key-pair.tf
 
 
kms-custom-keystore.tf
kms-custom-keystore.tf
 
 
locals.tf
locals.tf
 
 
passwords.tf
passwords.tf
 
 
providers.tf
providers.tf
 
 
random-string.tf
random-string.tf
 
 
terraform.tf
terraform.tf
 
 
wait-cluster-active.tf
wait-cluster-active.tf
 
 

Repository files navigation

CloudHSM Demo

A complete demonstration of deploying and configuring AWS CloudHSM cluster with KMS Custom Key Store integration using Terraform.

Overview

This project automates the setup of an AWS CloudHSM cluster with the following features:

  • FIPS-compliant CloudHSM cluster with multiple HSM instances
  • Custom certificate authority for HSM authentication
  • EC2 controller instance for cluster management
  • KMS Custom Key Store integration
  • Automated initialization and activation scripts

Architecture

  • CloudHSM Cluster: Multi-AZ deployment with hsm2m.medium instances
  • Controller Instance: EC2 instance with CloudHSM CLI for cluster management
  • Custom Key Store: KMS integration for CloudHSM-backed encryption keys
  • Networking: Uses default VPC subnets across availability zones

Prerequisites

  • AWS CLI configured with appropriate permissions
  • Terraform >= 1.11.4
  • S3 backend configured for Terraform state
  • CloudHSM service permissions in target AWS account

Required AWS Permissions

Your AWS credentials need permissions for:

  • CloudHSM cluster creation and management
  • EC2 instance creation and management
  • IAM role and policy creation
  • KMS Custom Key Store operations
  • VPC and networking resources

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages