cloudHSM : Does the default ssl key and certificate can be disable at the cloudHSM side?

I read https://repost.aws/questions/QUBJM3pwf7Qa2mwCnKRkW97A/cloudhsmv2-force-tls-client-server-mutual-authentication-or-disable-default-key-on-hsm

and https://repost.aws/knowledge-center/cloudhsm-certificate-encrypted

Using my own produced ssl key and cert (instead of the default one) create a better secure (encrypted) communication between the client and the cloudHSM.

Though this cannot be used to restrict access to cloudHSM from a specific client machine because the default key and cert can always be used from any other machine (along with the root CA).

Is that correct ???

How an access to HSM cluster can be restricted for a specific machine regardless the AWS infrastructure like security groups and private subnet... ? put aside the hsm credentials.

Tópicos

Segurança, identidade e conformidade AWS Well-Architected Framework

Conteúdo relevante

Como posso visualizar meus logs de auditoria do AWS CloudHSM?
AWS OFICIALAtualizada há 3 anos
Como resolvo o erro “The provided key element does not match the schema” ao importar tabelas do DynamoDB usando o Hive no Amazon EMR?
AWS OFICIALAtualizada há 2 anos
Como faço para resolver o erro “RET_MXN_AUTH_FAILED” com o comando cloudhsm_mgmt_util do CloudHSM?
AWS OFICIALAtualizada há 3 anos
Como posso resolver problemas de conexão entre o cliente do CloudHSM e o cluster do CloudHSM?
AWS OFICIALAtualizada há 6 meses