cloudHSM : Does the default ssl key and certificate can be disable at the cloudHSM side?

I read https://repost.aws/questions/QUBJM3pwf7Qa2mwCnKRkW97A/cloudhsmv2-force-tls-client-server-mutual-authentication-or-disable-default-key-on-hsm

and https://repost.aws/knowledge-center/cloudhsm-certificate-encrypted

Using my own produced ssl key and cert (instead of the default one) create a better secure (encrypted) communication between the client and the cloudHSM.

Though this cannot be used to restrict access to cloudHSM from a specific client machine because the default key and cert can always be used from any other machine (along with the root CA).

Is that correct ???

How an access to HSM cluster can be restricted for a specific machine regardless the AWS infrastructure like security groups and private subnet... ? put aside the hsm credentials.

Topics

Security, Identity, & Compliance AWS Well-Architected Framework

Relevant content

aws cloudhsm key creation
rePost-User-0114260
asked a year ago
CloudHSM Key Hierarchy
AWS-User-1591731
asked 2 years ago
Does AWS cloudHSM support BIP32 key derivation?
OS
asked 8 months ago
How to update the certificate in cloudhsm keystore using AWS cloudhsm functionality?
GJ
asked 8 months ago
Which CloudHSM certificates are used for the client-server end-to-end encrypted connection?
AWS OFFICIALUpdated 21 days ago
How can I patch OpenSSL to enable use with the CloudHSM CKM_RSA_AES_KEY_WRAP mechanism?
AWS OFFICIALUpdated 3 months ago
How can I resolve connection issues between the CloudHSM client and the CloudHSM cluster?
AWS OFFICIALUpdated 5 months ago
How do I use OpenSSL and the key_mgmt_util command line tool to securely transfer my keys to CloudHSM?
AWS OFFICIALUpdated 3 months ago
Announcement: RDS/Aurora SSL/TLS Certificates are expiring between May and October 2024
EXPERT
randyyoung
published a month ago
Enabling TLS 1.2 Client Side Support on EC2 Windows Server 2012 to 2022
EXPERT
Jonathan_D
published a year ago