CloudHSMV2 / Client / create_cluster

create_cluster#

CloudHSMV2.Client.create_cluster(**kwargs)#

Creates a new CloudHSM cluster.

Cross-account use: Yes. To perform this operation with an CloudHSM backup in a different AWS account, specify the full backup ARN in the value of the SourceBackupId parameter.

See also: AWS API Documentation

Request Syntax

response = client.create_cluster(
    BackupRetentionPolicy={
        'Type': 'DAYS',
        'Value': 'string'
    },
    HsmType='string',
    SourceBackupId='string',
    SubnetIds=[
        'string',
    ],
    TagList=[
        {
            'Key': 'string',
            'Value': 'string'
        },
    ],
    Mode='FIPS'|'NON_FIPS'
)
Parameters:
  • BackupRetentionPolicy (dict) –

    A policy that defines how the service retains backups.

    • Type (string) –

      The type of backup retention policy. For the DAYS type, the value is the number of days to retain backups.

    • Value (string) –

      Use a value between 7 - 379.

  • HsmType (string) –

    [REQUIRED]

    The type of HSM to use in the cluster. The allowed values are hsm1.medium and hsm2m.medium.

  • SourceBackupId (string) – The identifier (ID) or the Amazon Resource Name (ARN) of the cluster backup to restore. Use this value to restore the cluster from a backup instead of creating a new cluster. To find the backup ID or ARN, use DescribeBackups. If using a backup in another account, the full ARN must be supplied.

  • SubnetIds (list) –

    [REQUIRED]

    The identifiers (IDs) of the subnets where you are creating the cluster. You must specify at least one subnet. If you specify multiple subnets, they must meet the following criteria:

    • All subnets must be in the same virtual private cloud (VPC).

    • You can specify only one subnet per Availability Zone.

    • (string) –

  • TagList (list) –

    Tags to apply to the CloudHSM cluster during creation.

    • (dict) –

      Contains a tag. A tag is a key-value pair.

      • Key (string) – [REQUIRED]

        The key of the tag.

      • Value (string) – [REQUIRED]

        The value of the tag.

  • Mode (string) – The mode to use in the cluster. The allowed values are FIPS and NON_FIPS.

Return type:

dict

Returns:

Response Syntax

{
    'Cluster': {
        'BackupPolicy': 'DEFAULT',
        'BackupRetentionPolicy': {
            'Type': 'DAYS',
            'Value': 'string'
        },
        'ClusterId': 'string',
        'CreateTimestamp': datetime(2015, 1, 1),
        'Hsms': [
            {
                'AvailabilityZone': 'string',
                'ClusterId': 'string',
                'SubnetId': 'string',
                'EniId': 'string',
                'EniIp': 'string',
                'HsmId': 'string',
                'State': 'CREATE_IN_PROGRESS'|'ACTIVE'|'DEGRADED'|'DELETE_IN_PROGRESS'|'DELETED',
                'StateMessage': 'string'
            },
        ],
        'HsmType': 'string',
        'PreCoPassword': 'string',
        'SecurityGroup': 'string',
        'SourceBackupId': 'string',
        'State': 'CREATE_IN_PROGRESS'|'UNINITIALIZED'|'INITIALIZE_IN_PROGRESS'|'INITIALIZED'|'ACTIVE'|'UPDATE_IN_PROGRESS'|'DELETE_IN_PROGRESS'|'DELETED'|'DEGRADED',
        'StateMessage': 'string',
        'SubnetMapping': {
            'string': 'string'
        },
        'VpcId': 'string',
        'Certificates': {
            'ClusterCsr': 'string',
            'HsmCertificate': 'string',
            'AwsHardwareCertificate': 'string',
            'ManufacturerHardwareCertificate': 'string',
            'ClusterCertificate': 'string'
        },
        'TagList': [
            {
                'Key': 'string',
                'Value': 'string'
            },
        ],
        'Mode': 'FIPS'|'NON_FIPS'
    }
}

Response Structure

  • (dict) –

    • Cluster (dict) –

      Information about the cluster that was created.

      • BackupPolicy (string) –

        The cluster’s backup policy.

      • BackupRetentionPolicy (dict) –

        A policy that defines how the service retains backups.

        • Type (string) –

          The type of backup retention policy. For the DAYS type, the value is the number of days to retain backups.

        • Value (string) –

          Use a value between 7 - 379.

      • ClusterId (string) –

        The cluster’s identifier (ID).

      • CreateTimestamp (datetime) –

        The date and time when the cluster was created.

      • Hsms (list) –

        Contains information about the HSMs in the cluster.

        • (dict) –

          Contains information about a hardware security module (HSM) in an CloudHSM cluster.

          • AvailabilityZone (string) –

            The Availability Zone that contains the HSM.

          • ClusterId (string) –

            The identifier (ID) of the cluster that contains the HSM.

          • SubnetId (string) –

            The subnet that contains the HSM’s elastic network interface (ENI).

          • EniId (string) –

            The identifier (ID) of the HSM’s elastic network interface (ENI).

          • EniIp (string) –

            The IP address of the HSM’s elastic network interface (ENI).

          • HsmId (string) –

            The HSM’s identifier (ID).

          • State (string) –

            The HSM’s state.

          • StateMessage (string) –

            A description of the HSM’s state.

      • HsmType (string) –

        The type of HSM that the cluster contains.

      • PreCoPassword (string) –

        The default password for the cluster’s Pre-Crypto Officer (PRECO) user.

      • SecurityGroup (string) –

        The identifier (ID) of the cluster’s security group.

      • SourceBackupId (string) –

        The identifier (ID) of the backup used to create the cluster. This value exists only when the cluster was created from a backup.

      • State (string) –

        The cluster’s state.

      • StateMessage (string) –

        A description of the cluster’s state.

      • SubnetMapping (dict) –

        A map from availability zone to the cluster’s subnet in that availability zone.

        • (string) –

          • (string) –

      • VpcId (string) –

        The identifier (ID) of the virtual private cloud (VPC) that contains the cluster.

      • Certificates (dict) –

        Contains one or more certificates or a certificate signing request (CSR).

        • ClusterCsr (string) –

          The cluster’s certificate signing request (CSR). The CSR exists only when the cluster’s state is UNINITIALIZED.

        • HsmCertificate (string) –

          The HSM certificate issued (signed) by the HSM hardware.

        • AwsHardwareCertificate (string) –

          The HSM hardware certificate issued (signed) by CloudHSM.

        • ManufacturerHardwareCertificate (string) –

          The HSM hardware certificate issued (signed) by the hardware manufacturer.

        • ClusterCertificate (string) –

          The cluster certificate issued (signed) by the issuing certificate authority (CA) of the cluster’s owner.

      • TagList (list) –

        The list of tags for the cluster.

        • (dict) –

          Contains a tag. A tag is a key-value pair.

          • Key (string) –

            The key of the tag.

          • Value (string) –

            The value of the tag.

      • Mode (string) –

        The mode of the cluster.

Exceptions

  • CloudHSMV2.Client.exceptions.CloudHsmAccessDeniedException

  • CloudHSMV2.Client.exceptions.CloudHsmInternalFailureException

  • CloudHSMV2.Client.exceptions.CloudHsmInvalidRequestException

  • CloudHSMV2.Client.exceptions.CloudHsmResourceNotFoundException

  • CloudHSMV2.Client.exceptions.CloudHsmServiceException

  • CloudHSMV2.Client.exceptions.CloudHsmTagException