AWS Certified Solutions Architect - Professional 2020

Sign Up Free or Log In to participate!

Cloud HSM

Cloud HSM is highly available (clustered) but then the next slide says "customer managed durability and availability". Can you please clarify?

1 Answers

It’s possible the 2nd slide is still based on the "classic" CloudHSM, which was not clustered and it was blatantly not HA, but there are still some differences in the availability/configuration of an HA solution:

  • with a clustered CloudHSM, you will need to make sure you configure it with subnets in each AZ in the region to survive AZ failure

  • KMS should survive AZ failure without your application noticing, as it’s a region level API service

  • even with clustered CloudHSM, if you need to survive a region failure, you will need to architect and build secondary CloudHSM clusters in different regions

  • KMS is available in all regions (unless you need asymmetric keys, and China has some differences), so you don’t have to make sure you’re building out infrastructure in secondary regions (though you’ll still need to do some coding for a multiregion solution )

At least, that’s my interpretation of the slides and discussion.  Hope this helps.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?