Security of AWS CloudHSM Backups (AWS Whitepaper)
December 2017
AWS CloudHSM clusters provide high availability and redundancy by distributing cryptographic operations across all hardware security modules (HSMs) in the cluster. Backup and restore is the mechanism by which a new HSM in a cluster is synchronized. This whitepaper provides details on the cryptographic mechanisms supporting backup and restore functionality, and the security mechanisms protecting the AWS-managed backups. This whitepaper also provides in-depth information on how backups are protected in all three phases of the CloudHSM backup lifecycle process: Creation, Archive, and Restore. For the purposes of this whitepaper, we assume that you have a basic understanding of AWS CloudHSM and cluster architecture.
This documentation is offered for free here as a Kindle book, or you can read it in PDF format at https://aws.amazon.com/whitepapers/.