AWS Security ChangesHomeSearch

AWS cloudhsm documentation change

Service: cloudhsm · 2026-01-07 · Documentation medium

File: cloudhsm/latest/userguide/configure-tool-syntax5.md

Summary

Added configuration options including TLS authentication settings

Security assessment

Documents security-related configuration options (mutual TLS auth) without fixing vulnerabilities

Diff

diff --git a/cloudhsm/latest/userguide/configure-tool-syntax5.md b/cloudhsm/latest/userguide/configure-tool-syntax5.md
index 2e7cba8ba..ab1feba57 100644
--- a//cloudhsm/latest/userguide/configure-tool-syntax5.md
+++ b//cloudhsm/latest/userguide/configure-tool-syntax5.md
@@ -194,0 +195,42 @@ CloudHSM CLI
+    Options:
+      -a <HSM ENI IP>...
+              The address of the HSM instance
+          --cluster-id <CLUSTER ID>
+              The id of the cluster containing the HSM instance(s)
+          --disable-key-availability-check
+              Disables key availability check during key use
+          --enable-key-availability-check
+              Enables key availability check during key use
+          --disable-validate-key-at-init
+              Disables parameter validation during initialization of crypto operations
+          --enable-validate-key-at-init
+              Enables parameter validation during initialization of crypto operations
+          --endpoint <ENDPOINT>
+              Specify the AWS CloudHSM API Endpoint
+          --region <REGION>
+              The region of the cluster
+          --hsm-ca-cert <HSM CA CERTIFICATE FILE>
+              The HSM CA certificate file
+          --log-type <LOG TYPE>
+              The log type [possible values: term, file]
+          --log-file <LOG FILE>
+              The log file
+          --log-level <LOG LEVEL>
+              The logging level [possible values: error, warn, info, debug, trace]
+          --log-rotation <LOG ROTATION>
+              The log rotation interval [possible values: never, hourly, daily]
+          --default-retry-mode <RETRY MODE>
+              The default method of retry to use for certain non-terminal failures [possible values: off, standard]
+          --client-cert-hsm-tls-file <CLIENT CERTIFICATE HSM TLS FILE>
+              The client certificate used for TLS client-hsm mutual authentication
+          --client-key-hsm-tls-file <CLIENT KEY HSM TLS FILE>
+              The client private key used for TLS client-hsm mutual authentication
+      -h, --help
+              Print help
+
+OpenSSL Provider
+    
+    
+    
+    Usage: configure-openssl-provider[ .exe ] [OPTIONS]
+