Q. Can I continue to use the SafeNet-based CloudHSM Service?

Yes. Existing users of CloudHSM can continue to use it as usual. We have not deprecated CloudHSM Classic, nor are we planning to deprecate it at this time. We will continue to support, as usual, all customers currently using the SafeNet-based service. We understand that you may have extensive investment in SafeNet hardware, and are committed to supporting you.

Q. What is changing with the existing SafeNet service?

For existing users of CloudHSM Classic, there is no change to the way you access or use CloudHSM. The new service is under a separate cloudhsmv2 API endpoint, and thus does not interfere in any way with your existing deployments. Any existing automation will continue to work as expected. Documentation will remain available but will move to a new URL. Links will be provided through existing pages, so bookmarks will not break.

Q. Why am I getting a service denied error for CloudHSM?

Following the launch of the new CloudHSM service, CloudHSM Classic is only available to existing CloudHSM customers in that region. New customers will be directed to the new CloudHSM service. Please ensure you have downloaded, and are using, the latest CloudHSM service packages.

Q. What if I need access to CloudHSM Classic in a new account?

If you are an existing user of CloudHSM Classic, please open a support case and let us know which additional account you would like access for. We process access requests on a weekly cadence. Customers who are not current users of CloudHSM Classic should use the new CloudHSM service directly.  

Q. Will SafeNet HSMs continue to receive updates and support?

Yes. For existing customers of CloudHSM Classic, there will be no change in the level of support you receive.

Q. What if I need more SafeNet HSMs?

As an existing user of CloudHSM Classic, you can continue to provision new SafeNet HSMs in any region where CloudHSM Classic is deployed. Keep in mind, though, that we will not be launching CloudHSM Classic in any additional regions. New regions will be built with the new CloudHSM only.

Q. Are SafeNet and the new CloudHSM compatible?

Partially. It is possible to exchange most keys between the HSMs (assuming they are exportable from the SafeNet HSM). Mixed deployments, however, are not supported: from a given application you will either use the new service or the Classic service, but not both.

Q. Can I migrate to the new service?

Yes! We designed the new CloudHSM to solve many of the challenges inherent in the CloudHSM Classic solution while remaining as compatible as possible. Since CloudHSM continues to support industry-standard APIs such as PKCS#11, Java JCE, and (coming soon) Microsoft CNG, in many cases you won’t even have to modify your applications in order to migrate. In the coming weeks, we will be providing a detailed migration guide to assist you should you elect to migrate to the new CloudHSM, and until then we are happy to discuss your individual use case and assist in evaluation so feel free to contact us via your account team or by opening a support case in the AWS Management Console.

Q. Why would I migrate to the new service?

The new service raises the bar in security, scalability, usability, and economy. New features include FIPS 140-2 Level 3 certification, fully managed high availability, a management console, and lower costs. See AWS CloudHSM Documentation for more information.

Q. Is the new service available in my region?

You can check whether CloudHSM is available in a region using the table here.

Q. Will you be deploying CloudHSM Classic to any new regions?

No, we will not be expanding CloudHSM Classic beyond its current availability.

Q. How do I request a trial for the new service?

There is no trial or free tier for the new service. The new CloudHSM has hourly charges only, making it much less expensive to test drive the service.

Q. I recently instantiated a new SafeNet HSM. Can I get a refund if I move to the new service?

If you provisioned CloudHSM Classic HSMs in the past 60 days, and would like to migrate to the new service, please let us know by opening a support case and will be happy to assist you.

Get Started with AWS CloudHSM

Sign-up for AWS CloudHSM