AWS cloudhsm documentation change
Summary
Added OS-specific CLI command examples (Linux/Windows), updated step numbering, and standardized placeholder syntax (e.g., <admin> instead of admin). Enhanced MFA setup instructions with clearer token signing process.
Security assessment
The changes improve documentation for MFA setup (a security feature) but do not indicate a response to a specific security vulnerability. Updates focus on clarity and process refinement rather than addressing a disclosed issue.
Diff
diff --git a/cloudhsm/latest/userguide/set-up-mfa-for-cloudhsm-cli.md b/cloudhsm/latest/userguide/set-up-mfa-for-cloudhsm-cli.md index be40acce2..f3a649054 100644 --- a/cloudhsm/latest/userguide/set-up-mfa-for-cloudhsm-cli.md +++ b/cloudhsm/latest/userguide/set-up-mfa-for-cloudhsm-cli.md @@ -20 +20 @@ Follow these steps to set up multi-factor authentication (MFA) for CloudHSM CLI. - 2. Using the CloudHSM CLI, login to your user account. + 2. Use the following command to start the CLI in interactive mode. @@ -22,2 +22,13 @@ Follow these steps to set up multi-factor authentication (MFA) for CloudHSM CLI. - $ cloudhsm-cli interactive - aws-cloudhsm > login --username admin --role admin --cluster-id <cluster ID> +Linux + + + $ /opt/cloudhsm/bin/cloudhsm-cli interactive + +Windows + + + C:\Program Files\Amazon\CloudHSM\bin\> .\cloudhsm-cli.exe interactive + + 3. Using the CloudHSM CLI, login to your user account. + + aws-cloudhsm > login --username <admin> --role <admin> --cluster-id <cluster ID> @@ -28,2 +39,2 @@ Follow these steps to set up multi-factor authentication (MFA) for CloudHSM CLI. - "username": "admin", - "role": "admin" + "username": "<admin>", + "role": "<admin>" @@ -33 +44 @@ Follow these steps to set up multi-factor authentication (MFA) for CloudHSM CLI. - 3. Next, execute the command to change you MFA strategy. You must provide the parameter `--token`. This parameter specifies a file that will have unsigned tokens written to it. + 4. Next, execute the command to change you MFA strategy. You must provide the parameter `--token`. This parameter specifies a file that will have unsigned tokens written to it. @@ -35 +46 @@ Follow these steps to set up multi-factor authentication (MFA) for CloudHSM CLI. - aws-cloudhsm > user change-mfa token-sign --token unsigned-tokens.json --username <USERNAME> --role crypto-user --change-quorum + aws-cloudhsm > user change-mfa token-sign --token unsigned-tokens.json --username <username> --role crypto-user --change-quorum @@ -39 +50 @@ Follow these steps to set up multi-factor authentication (MFA) for CloudHSM CLI. - 4. You now have a file with unsigned tokens that need to be signed: `unsigned-tokens.json`. The number of tokens in this file depends on the number of HSMs in your cluster. Each token represents one HSM. This file is JSON formatted and contains tokens that need to be signed to prove you have a private key. + 5. You now have a file with unsigned tokens that need to be signed: `unsigned-tokens.json`. The number of tokens in this file depends on the number of HSMs in your cluster. Each token represents one HSM. This file is JSON formatted and contains tokens that need to be signed to prove you have a private key. @@ -61 +72 @@ Follow these steps to set up multi-factor authentication (MFA) for CloudHSM CLI. - 5. The next step is to sign these tokens with the private key created in step 1. Place the signatures back in the file. First, you have to extract and decode the base64 encoded tokens. + 6. The next step is to sign these tokens with the private key created in step 1. Place the signatures back in the file. First, you have to extract and decode the base64 encoded tokens. @@ -70,2 +81 @@ Follow these steps to set up multi-factor authentication (MFA) for CloudHSM CLI. - - 6. Now, you have binary tokens that you can sign using the RSA private key created in step 1. + 7. Now, you have binary tokens that you can sign using the RSA private key created in step 1. @@ -92,2 +102 @@ Follow these steps to set up multi-factor authentication (MFA) for CloudHSM CLI. - - 7. Now, you have binary signatures of the tokens. You must encode them using base64, and then place them back in your token file. + 8. Now, you have binary signatures of the tokens. You must encode them using base64, and then place them back in your token file. @@ -99,2 +108 @@ Follow these steps to set up multi-factor authentication (MFA) for CloudHSM CLI. - - 8. Finally, you can copy and paste the base64 values back into your token file: + 9. Finally, you can copy and paste the base64 values back into your token file: @@ -120 +128 @@ Follow these steps to set up multi-factor authentication (MFA) for CloudHSM CLI. - 9. Now that your token file has all the required signatures, you can proceed. Enter the name of the file containing the signed tokens and press the enter key. Finally, enter the path of your public key. + 10. Now that your token file has all the required signatures, you can proceed. Enter the name of the file containing the signed tokens and press the enter key. Finally, enter the path of your public key. @@ -127 +135 @@ Follow these steps to set up multi-factor authentication (MFA) for CloudHSM CLI. - "username": "<USERNAME>", + "username": "<username>", @@ -135 +143 @@ Now you have setup your user with MFA. - "username": "<USERNAME>", + "username": "<username>",