AWS cloudhsm documentation change
Summary
Added note about improved behavior in AWS CloudHSM Client SDK version 5.17.1+ and recommendation to upgrade
Security assessment
This change documents a performance/reliability improvement in SDK version 5.17.1 for HSM connection initialization, but does not mention any security vulnerability, weakness, or incident
Diff
diff --git a/cloudhsm/latest/userguide/ki-hsm2m-medium.md b/cloudhsm/latest/userguide/ki-hsm2m-medium.md index c74ffa3e1..f9a102137 100644 --- a//cloudhsm/latest/userguide/ki-hsm2m-medium.md +++ b//cloudhsm/latest/userguide/ki-hsm2m-medium.md @@ -140 +140 @@ For more information about best practices, see [Best practices for AWS CloudHSM] - * **Resolution:** Follow [best practices](./bp-application-integration.html#bp-stagger-deployment) and stagger client application deployments and restarts to limit the amount of client applications initializing HSM connections concurrently. We also recommend that you implement application level retries for client application initialization. In addition, bootstrap using configure tool with `--cluster-id <cluster ID>` to add all HSM IP's to the client configuration file. + * **Resolution:** Follow [best practices](./bp-application-integration.html#bp-stagger-deployment) and stagger client application deployments and restarts to limit the amount of client applications initializing HSM connections concurrently. We also recommend that you implement application level retries for client application initialization. In addition, bootstrap using configure tool with `--cluster-id <cluster ID>` to add all HSM IP's to the client configuration file. This behavior has been improved in AWS CloudHSM Client SDK version 5.17.1 and later. We recommend upgrading to the latest SDK version to benefit from this improvement.