CloudHSMV2 / Client / create_cluster
create_cluster#
- CloudHSMV2.Client.create_cluster(**kwargs)#
Creates a new CloudHSM cluster.
Cross-account use: Yes. To perform this operation with an CloudHSM backup in a different AWS account, specify the full backup ARN in the value of the SourceBackupId parameter.
See also: AWS API Documentation
Request Syntax
response = client.create_cluster( BackupRetentionPolicy={ 'Type': 'DAYS', 'Value': 'string' }, HsmType='string', SourceBackupId='string', SubnetIds=[ 'string', ], NetworkType='IPV4'|'DUALSTACK', TagList=[ { 'Key': 'string', 'Value': 'string' }, ], Mode='FIPS'|'NON_FIPS' )
- Parameters:
BackupRetentionPolicy (dict) –
A policy that defines how the service retains backups.
Type (string) –
The type of backup retention policy. For the
DAYS
type, the value is the number of days to retain backups.Value (string) –
Use a value between 7 - 379.
HsmType (string) –
[REQUIRED]
The type of HSM to use in the cluster. The allowed values are
hsm1.medium
andhsm2m.medium
.SourceBackupId (string) – The identifier (ID) or the Amazon Resource Name (ARN) of the cluster backup to restore. Use this value to restore the cluster from a backup instead of creating a new cluster. To find the backup ID or ARN, use DescribeBackups. If using a backup in another account, the full ARN must be supplied.
SubnetIds (list) –
[REQUIRED]
The identifiers (IDs) of the subnets where you are creating the cluster. You must specify at least one subnet. If you specify multiple subnets, they must meet the following criteria:
All subnets must be in the same virtual private cloud (VPC).
You can specify only one subnet per Availability Zone.
(string) –
NetworkType (string) – The NetworkType to create a cluster with. The allowed values are
IPV4
andDUALSTACK
.TagList (list) –
Tags to apply to the CloudHSM cluster during creation.
(dict) –
Contains a tag. A tag is a key-value pair.
Key (string) – [REQUIRED]
The key of the tag.
Value (string) – [REQUIRED]
The value of the tag.
Mode (string) – The mode to use in the cluster. The allowed values are
FIPS
andNON_FIPS
.
- Return type:
dict
- Returns:
Response Syntax
{ 'Cluster': { 'BackupPolicy': 'DEFAULT', 'BackupRetentionPolicy': { 'Type': 'DAYS', 'Value': 'string' }, 'ClusterId': 'string', 'CreateTimestamp': datetime(2015, 1, 1), 'Hsms': [ { 'AvailabilityZone': 'string', 'ClusterId': 'string', 'SubnetId': 'string', 'EniId': 'string', 'EniIp': 'string', 'EniIpV6': 'string', 'HsmId': 'string', 'State': 'CREATE_IN_PROGRESS'|'ACTIVE'|'DEGRADED'|'DELETE_IN_PROGRESS'|'DELETED', 'StateMessage': 'string' }, ], 'HsmType': 'string', 'PreCoPassword': 'string', 'SecurityGroup': 'string', 'SourceBackupId': 'string', 'State': 'CREATE_IN_PROGRESS'|'UNINITIALIZED'|'INITIALIZE_IN_PROGRESS'|'INITIALIZED'|'ACTIVE'|'UPDATE_IN_PROGRESS'|'MODIFY_IN_PROGRESS'|'ROLLBACK_IN_PROGRESS'|'DELETE_IN_PROGRESS'|'DELETED'|'DEGRADED', 'StateMessage': 'string', 'SubnetMapping': { 'string': 'string' }, 'VpcId': 'string', 'NetworkType': 'IPV4'|'DUALSTACK', 'Certificates': { 'ClusterCsr': 'string', 'HsmCertificate': 'string', 'AwsHardwareCertificate': 'string', 'ManufacturerHardwareCertificate': 'string', 'ClusterCertificate': 'string' }, 'TagList': [ { 'Key': 'string', 'Value': 'string' }, ], 'Mode': 'FIPS'|'NON_FIPS' } }
Response Structure
(dict) –
Cluster (dict) –
Information about the cluster that was created.
BackupPolicy (string) –
The cluster’s backup policy.
BackupRetentionPolicy (dict) –
A policy that defines how the service retains backups.
Type (string) –
The type of backup retention policy. For the
DAYS
type, the value is the number of days to retain backups.Value (string) –
Use a value between 7 - 379.
ClusterId (string) –
The cluster’s identifier (ID).
CreateTimestamp (datetime) –
The date and time when the cluster was created.
Hsms (list) –
Contains information about the HSMs in the cluster.
(dict) –
Contains information about a hardware security module (HSM) in an CloudHSM cluster.
AvailabilityZone (string) –
The Availability Zone that contains the HSM.
ClusterId (string) –
The identifier (ID) of the cluster that contains the HSM.
SubnetId (string) –
The subnet that contains the HSM’s elastic network interface (ENI).
EniId (string) –
The identifier (ID) of the HSM’s elastic network interface (ENI).
EniIp (string) –
The IP address of the HSM’s elastic network interface (ENI).
EniIpV6 (string) –
The IPv6 address (if any) of the HSM’s elastic network interface (ENI).
HsmId (string) –
The HSM’s identifier (ID).
State (string) –
The HSM’s state.
StateMessage (string) –
A description of the HSM’s state.
HsmType (string) –
The type of HSM that the cluster contains.
PreCoPassword (string) –
The default password for the cluster’s Pre-Crypto Officer (PRECO) user.
SecurityGroup (string) –
The identifier (ID) of the cluster’s security group.
SourceBackupId (string) –
The identifier (ID) of the backup used to create the cluster. This value exists only when the cluster was created from a backup.
State (string) –
The cluster’s state.
StateMessage (string) –
A description of the cluster’s state.
SubnetMapping (dict) –
A map from availability zone to the cluster’s subnet in that availability zone.
(string) –
(string) –
VpcId (string) –
The identifier (ID) of the virtual private cloud (VPC) that contains the cluster.
NetworkType (string) –
The cluster’s NetworkType can be set to either IPV4 (which is the default) or DUALSTACK. When set to IPV4, communication between your application and the Hardware Security Modules (HSMs) is restricted to the IPv4 protocol only. In contrast, the DUALSTACK network type enables communication over both the IPv4 and IPv6 protocols. To use the DUALSTACK option, you’ll need to configure your Virtual Private Cloud (VPC) and subnets to support both IPv4 and IPv6. This involves adding IPv6 Classless Inter-Domain Routing (CIDR) blocks to the existing IPv4 CIDR blocks in your subnets. The choice between IPV4 and DUALSTACK network types determines the flexibility of the network addressing setup for your cluster. The DUALSTACK option provides more flexibility by allowing both IPv4 and IPv6 communication.
Certificates (dict) –
Contains one or more certificates or a certificate signing request (CSR).
ClusterCsr (string) –
The cluster’s certificate signing request (CSR). The CSR exists only when the cluster’s state is
UNINITIALIZED
.HsmCertificate (string) –
The HSM certificate issued (signed) by the HSM hardware.
AwsHardwareCertificate (string) –
The HSM hardware certificate issued (signed) by CloudHSM.
ManufacturerHardwareCertificate (string) –
The HSM hardware certificate issued (signed) by the hardware manufacturer.
ClusterCertificate (string) –
The cluster certificate issued (signed) by the issuing certificate authority (CA) of the cluster’s owner.
TagList (list) –
The list of tags for the cluster.
(dict) –
Contains a tag. A tag is a key-value pair.
Key (string) –
The key of the tag.
Value (string) –
The value of the tag.
Mode (string) –
The mode of the cluster.
Exceptions
CloudHSMV2.Client.exceptions.CloudHsmAccessDeniedException
CloudHSMV2.Client.exceptions.CloudHsmInternalFailureException
CloudHSMV2.Client.exceptions.CloudHsmInvalidRequestException
CloudHSMV2.Client.exceptions.CloudHsmResourceNotFoundException
CloudHSMV2.Client.exceptions.CloudHsmServiceException
CloudHSMV2.Client.exceptions.CloudHsmTagException