Posted On: Jan 8, 2015

Using AWS CloudHSM Classic, you can now maintain sole and exclusive control of the encryption keys you use to manage Oracle Transparent Data Encryption (TDE) in Amazon RDS database instances. AWS CloudHSM Classic offers single-tenant Hardware Security Module (HSM) appliances within the AWS Cloud. You can securely generate, store, and manage the cryptographic keys used for data encryption such that they are accessible only by you. By protecting your keys in hardware and preventing them from being accessed by third parties, AWS CloudHSM Classic can help you comply with the most stringent regulatory and contractual requirements for key protection.

You can also use the newly available CloudHSM CLI Tools to help you configure groups of HSM appliances. In particular, the CLI Tools make it easy to clone keys from one HSM to another, thus helping you build high-availability CloudHSM configurations. To begin, see the Amazon RDS User Guide's section on CloudHSM with Amazon RDS for Oracle. Learn more about CloudHSM Classic from the AWS CloudHSM Classic FAQ pages. The AWS CloudHSM Getting Started Guide also contains information about the CloudHSM CLI Tools. Information on CloudHSM Classic pricing is available on the CloudHSM pricing page. If you want to try the CloudHSM service, you can request a free two week trial by selecting "Request a free trial" on the CloudHSM contact us form.