Manage your keys on FIPS validated hardware, protected with customer-owned, single-tenant HSM instances running in your own Virtual Private Cloud (VPC). Separation of duties and role-based access control is inherent in the design of the AWS CloudHSM. AWS monitors the health and network availability of your HSMs; you control the HSMs and the generation and use of your encryption keys.