Cloud HSM: How to auto sync keys, users, policies between two separate HSM clusters (within region or outside region)

Question

I have a high performance requirement for the data encryption. Within a single region, we would like to set up a two HSM clusters each with more than 10 HSMs. But all HSMs has to have all same keys, users and policies. I am aware about cross-region data replication through AWS backup to replicate HSMs data but let me know if there is any other good approach to replicate HSMs data across multiple clusters. These clusters can be set up within the same region or outside region.

Answer

Like most AWS resources, clusters and HSMs are regional resources. To create HSMs in multiple Regions, you must first create a cluster in each Region. You cannot reuse or extend a cluster across Regions. 
https://docs.aws.amazon.com/cloudhsm/latest/userguide/regions.html

A good approach to replicate HSMs data across multiple clusters will be to clone an AWS CloudHSM cluster across regions following the steps listed here: https://aws.amazon.com/blogs/security/how-to-clone-an-aws-cloudhsm-cluster-across-regions/

Cloud HSM: How to auto sync keys, users, policies between two separate HSM clusters (within region or outside region)

相关内容