I don't want to use AWS CloudHSM Classic anymore, or my trial period has expired and I've decided I don't want to use CloudHSM Classic. How do I stop using CloudHSM Classic and confirm that I'm not billed for further usage?
To stop using CloudHSM Classic and stop any charges associated with the CloudHSM Classic service:
- Delete any logs on the HSM appliance.
- Zeroize your HSM appliance.
- De-provision your HSM appliance.
Delete the logs on your HSM appliance
Important: Deleting your AWS CloudFormation stack doesn't delete your CloudHSM Classic device. Don't delete the elastic network interface (ENI) for the CloudHSM Classic device until after you confirm that the CloudHSM Classic device is no longer in your account.
1. From the Luna shell, rotate all logs by running the following command:
lunash:> syslog rotate
2. Delete all logs by running the following command:
lunash:> syslog cleanup
Zeroize your HSM appliance
1. Log in to the control (client) instance.
2. From the control instance, connect to your HSM appliance over SSH by using the following command, where private_key_file is your HSM's private key file and hsm_ip_address is the IP address of your HSM appliance:
$ ssh -i private_key_file manager@hsm_ip_address
3. Run the following command:
lunash:> hsm login
4. Intentionally enter an incorrect administrator password three times in a row. Attempting to log in as the administrator more than twice with the wrong password zeroizes your HSM appliance.
De-provision your HSM appliance
To confirm that a device is successfully de-provisioned, run the DescribeHsm API call, and then verify that the device is in the TERMINATED state. A state other than TERMINATED indicates that the HSM appliance wasn't successfully zeroized before it was de-provisioned, and billing for CloudHSM Classic will continue.
Note: The ListHsms API call might return a de-provisioned HSM device for up to 24 hours.
If you have questions about discontinuing CloudHSM Classic for your account, contact AWS Support.