Posted On: Nov 25, 2020
AWS CloudHSM automatically takes a backup of your HSM cluster once a day and whenever an HSM is added to or removed from your cluster. Until today, however, customers were responsible for deleting old backups. Deleting out of date backups is important to prevent inactive users and expired login credentials from being used to access sensitive data on the HSM.
With today’s launch of Managed Backup Retention, you can now configure the retention period for CloudHSM backups. Expired backups are automatically purged for you, so you no longer have to build and maintain automation to delete old backups. With managed backup retention, you can change the cluster retention period at any time. You can also mark specific backups to never expire.
There is no charge for managed backup retention. To learn more about this feature, see Understanding Backup Retention with AWS CloudHSM.