AWS CloudHSM

AWSSecurity

Single-tenant FIPS 140-2 Level 3 hardware security modules in your VPC for keys you must hold yourself — code-signing, document signing, TLS offload, and PKI roots where shared multi-tenant KMS isn't acceptable for compliance reasons

FluffyStack tools
Add to Service BuilderAdd to CompareCompare with equivalentsExplore AWS in TreemapExplore security in HoneycombSee AWS regions on the World Map
DocumentationPricing

Attributes

Fips Level
140-2 Level 3
Tenancy
single

Sub-services (2)

HSM cluster

Multi-AZ pool of dedicated HSMs synchronised at the hardware level

PKCS#11 / JCE / OpenSSL clients

Standard cryptographic client libraries for application integration

Compliance & Certifications

This service is attested for the following frameworks. Always verify with the provider before relying on a specific compliance posture.

PCI DSSFedRAMPSOC 2ISO 27001

Where this runs

40 regions
28 countries
6sovereign
Sovereign regions (6)
  • AWS European Sovereign Cloud (Brandenburg) · BrandenburgAWS European Sovereign Cloud
  • AWS GovCloud (US-East) · AshburnAWS GovCloud (US)
  • AWS GovCloud (US-West) · HillsboroAWS GovCloud (US)
  • AWS European Sovereign Cloud (Brandenburg) · BrandenburgAWS European Sovereign Cloud
  • China (Beijing) · BeijingAWS China (Sinnet)
  • China (Ningxia) · YinchuanAWS China (NWCD)
Commercial regions (34)

Europe (8)

  • Europe (Paris)
  • Europe (Frankfurt)
  • Europe (Ireland)
  • Europe (Milan)
  • Europe (Spain)
  • Europe (Stockholm)
  • Europe (Zurich)
  • Europe (London)

North America (7)

  • Canada West (Calgary)
  • Canada (Central)
  • Mexico (Central)
  • US East (N. Virginia)
  • US West (Oregon)
  • US East (Ohio)
  • US West (N. California)

South America (1)

  • South America (São Paulo)

Asia (11)

  • Asia Pacific (Hong Kong)
  • Asia Pacific (Hyderabad)
  • Asia Pacific (Mumbai)
  • Asia Pacific (Jakarta)
  • Asia Pacific (Osaka)
  • Asia Pacific (Tokyo)
  • Asia Pacific (Malaysia)
  • Asia Pacific (Singapore)
  • Asia Pacific (Seoul)
  • Asia Pacific (Taipei)
  • Asia Pacific (Thailand)

Oceania (3)

  • Asia Pacific (Melbourne)
  • Asia Pacific (Sydney)
  • Asia Pacific (New Zealand)

Middle East (3)

  • Middle East (Bahrain)
  • Israel (Tel Aviv)
  • Middle East (UAE)

Africa (1)

  • Africa (Cape Town)

Tags

hsmfips-140-2key-managementsingle-tenantcompliance

Equivalent services on other platforms

Azure Cloud HSMAzure

Single-tenant FIPS 140-2 Level 3 hardware security modules in your VNet for keys you must hold yourself — replaces the older Dedicated HSM offering, exposes PKCS#11 / JCE / OpenSSL clients, and supports the workloads (PKI roots, code-signing, payment HSM) that can't share a multi-tenant key vault

Google Cloud HSMGCP

FIPS 140-2 Level 3 hardware-protected keys exposed through the same Cloud KMS API as software keys — keys never leave the HSM hardware boundary, supporting workloads (PKI roots, code-signing, regulated payment flows) that need a hardware attestation rather than a multi-tenant software KMS

Pricing

Pricing model:per-hour