CloudHSMV2 / Client / create_cluster
create_cluster#
- CloudHSMV2.Client.create_cluster(**kwargs)#
Creates a new CloudHSM cluster.
Cross-account use: Yes. To perform this operation with an CloudHSM backup in a different AWS account, specify the full backup ARN in the value of the SourceBackupId parameter.
See also: AWS API Documentation
Request Syntax
response = client.create_cluster( BackupRetentionPolicy={ 'Type': 'DAYS', 'Value': 'string' }, HsmType='string', SourceBackupId='string', SubnetIds=[ 'string', ], TagList=[ { 'Key': 'string', 'Value': 'string' }, ], Mode='FIPS'|'NON_FIPS' )
- Parameters:
BackupRetentionPolicy (dict) –
A policy that defines how the service retains backups.
Type (string) –
The type of backup retention policy. For the
DAYS
type, the value is the number of days to retain backups.Value (string) –
Use a value between 7 - 379.
HsmType (string) –
[REQUIRED]
The type of HSM to use in the cluster. The allowed values are
hsm1.medium
andhsm2m.medium
.SourceBackupId (string) – The identifier (ID) or the Amazon Resource Name (ARN) of the cluster backup to restore. Use this value to restore the cluster from a backup instead of creating a new cluster. To find the backup ID or ARN, use DescribeBackups. If using a backup in another account, the full ARN must be supplied.
SubnetIds (list) –
[REQUIRED]
The identifiers (IDs) of the subnets where you are creating the cluster. You must specify at least one subnet. If you specify multiple subnets, they must meet the following criteria:
All subnets must be in the same virtual private cloud (VPC).
You can specify only one subnet per Availability Zone.
(string) –
TagList (list) –
Tags to apply to the CloudHSM cluster during creation.
(dict) –
Contains a tag. A tag is a key-value pair.
Key (string) – [REQUIRED]
The key of the tag.
Value (string) – [REQUIRED]
The value of the tag.
Mode (string) – The mode to use in the cluster. The allowed values are
FIPS
andNON_FIPS
.
- Return type:
dict
- Returns:
Response Syntax
{ 'Cluster': { 'BackupPolicy': 'DEFAULT', 'BackupRetentionPolicy': { 'Type': 'DAYS', 'Value': 'string' }, 'ClusterId': 'string', 'CreateTimestamp': datetime(2015, 1, 1), 'Hsms': [ { 'AvailabilityZone': 'string', 'ClusterId': 'string', 'SubnetId': 'string', 'EniId': 'string', 'EniIp': 'string', 'HsmId': 'string', 'State': 'CREATE_IN_PROGRESS'|'ACTIVE'|'DEGRADED'|'DELETE_IN_PROGRESS'|'DELETED', 'StateMessage': 'string' }, ], 'HsmType': 'string', 'PreCoPassword': 'string', 'SecurityGroup': 'string', 'SourceBackupId': 'string', 'State': 'CREATE_IN_PROGRESS'|'UNINITIALIZED'|'INITIALIZE_IN_PROGRESS'|'INITIALIZED'|'ACTIVE'|'UPDATE_IN_PROGRESS'|'DELETE_IN_PROGRESS'|'DELETED'|'DEGRADED', 'StateMessage': 'string', 'SubnetMapping': { 'string': 'string' }, 'VpcId': 'string', 'Certificates': { 'ClusterCsr': 'string', 'HsmCertificate': 'string', 'AwsHardwareCertificate': 'string', 'ManufacturerHardwareCertificate': 'string', 'ClusterCertificate': 'string' }, 'TagList': [ { 'Key': 'string', 'Value': 'string' }, ], 'Mode': 'FIPS'|'NON_FIPS' } }
Response Structure
(dict) –
Cluster (dict) –
Information about the cluster that was created.
BackupPolicy (string) –
The cluster’s backup policy.
BackupRetentionPolicy (dict) –
A policy that defines how the service retains backups.
Type (string) –
The type of backup retention policy. For the
DAYS
type, the value is the number of days to retain backups.Value (string) –
Use a value between 7 - 379.
ClusterId (string) –
The cluster’s identifier (ID).
CreateTimestamp (datetime) –
The date and time when the cluster was created.
Hsms (list) –
Contains information about the HSMs in the cluster.
(dict) –
Contains information about a hardware security module (HSM) in an CloudHSM cluster.
AvailabilityZone (string) –
The Availability Zone that contains the HSM.
ClusterId (string) –
The identifier (ID) of the cluster that contains the HSM.
SubnetId (string) –
The subnet that contains the HSM’s elastic network interface (ENI).
EniId (string) –
The identifier (ID) of the HSM’s elastic network interface (ENI).
EniIp (string) –
The IP address of the HSM’s elastic network interface (ENI).
HsmId (string) –
The HSM’s identifier (ID).
State (string) –
The HSM’s state.
StateMessage (string) –
A description of the HSM’s state.
HsmType (string) –
The type of HSM that the cluster contains.
PreCoPassword (string) –
The default password for the cluster’s Pre-Crypto Officer (PRECO) user.
SecurityGroup (string) –
The identifier (ID) of the cluster’s security group.
SourceBackupId (string) –
The identifier (ID) of the backup used to create the cluster. This value exists only when the cluster was created from a backup.
State (string) –
The cluster’s state.
StateMessage (string) –
A description of the cluster’s state.
SubnetMapping (dict) –
A map from availability zone to the cluster’s subnet in that availability zone.
(string) –
(string) –
VpcId (string) –
The identifier (ID) of the virtual private cloud (VPC) that contains the cluster.
Certificates (dict) –
Contains one or more certificates or a certificate signing request (CSR).
ClusterCsr (string) –
The cluster’s certificate signing request (CSR). The CSR exists only when the cluster’s state is
UNINITIALIZED
.HsmCertificate (string) –
The HSM certificate issued (signed) by the HSM hardware.
AwsHardwareCertificate (string) –
The HSM hardware certificate issued (signed) by CloudHSM.
ManufacturerHardwareCertificate (string) –
The HSM hardware certificate issued (signed) by the hardware manufacturer.
ClusterCertificate (string) –
The cluster certificate issued (signed) by the issuing certificate authority (CA) of the cluster’s owner.
TagList (list) –
The list of tags for the cluster.
(dict) –
Contains a tag. A tag is a key-value pair.
Key (string) –
The key of the tag.
Value (string) –
The value of the tag.
Mode (string) –
The mode of the cluster.
Exceptions