I want to stop using the CloudHSM Classic service

3 minutos de lectura
0

I don't want to use AWS CloudHSM Classic anymore. Or, my trial period expired and I've decided I don't want to use CloudHSM Classic. How do I stop using CloudHSM Classic and confirm that I'm not billed for further usage?

Short description

To stop using CloudHSM Classic and stop any charges associated with the CloudHSM Classic service:

  1. Delete any logs on the HSM appliance.
  2. Zeroize your HSM appliance.
  3. De-provision your HSM appliance.

Resolution

Delete the logs on your HSM appliance

Important:

  • Deleting your AWS CloudFormation stack doesn't delete your CloudHSM Classic device. Don't delete the elastic network interface for the CloudHSM Classic device until after you confirm that the CloudHSM Classic device is no longer in your account.
  • If you receive errors when running AWS Command Line Interface (AWS CLI) commands, make sure that you’re using the most recent AWS CLI version.

1.    From the Luna shell, rotate all logs by running the following command:

lunash:> syslog rotate

2.    Delete all logs by running the following command:

lunash:> syslog cleanup

Zeroize your HSM appliance

1.    Log in to the control (client) instance.

2.    From the control instance, connect to your HSM appliance over SSH by using the following command, where private_key_file is your HSM's private key file and hsm_ip_address is the IP address of your HSM appliance:

$ ssh -i private_key_file manager@hsm_ip_address

3.    Run the following command:

lunash:> hsm login

4.    Intentionally enter an incorrect administrator password three times in a row. Attempting to log in as the administrator more than twice with the wrong password zeroizes your HSM appliance.

De-provision your HSM appliance

Use the delete-hsm command of the AWS CloudHSM CLI or the DeleteHsm AWS CloudHSM API command.

To confirm that a device is successfully de-provisioned, run the DescribeHsm API call, and then verify that the device is in the TERMINATED state. A state other than TERMINATED indicates that the HSM appliance wasn't successfully zeroized before it was de-provisioned, and billing for CloudHSM Classic will continue.

Note: The ListHsms API call might return a de-provisioned HSM device for up to 24 hours.

For more information about de-provisioning unused CloudHSM Classic HSMs, see the CloudHSM migration guide section in the AWS CloudHSM FAQs.


Related information

Backing up and restoring HSM data to a Luna SA backup HSM

Troubleshooting AWS CloudHSM

OFICIAL DE AWS
OFICIAL DE AWSActualizada hace 3 años
Sin comentarios