AWS Security ChangesHomeSearch

AWS cloudhsm documentation change

Service: cloudhsm · 2026-05-07 · Documentation low

File: cloudhsm/latest/userguide/key-quorum-auth-chsm-cli.md

Summary

Updated quorum authentication documentation to clarify token limitations and add reference to service types documentation

Security assessment

Clarifies operational constraints of security feature (quorum authentication) but doesn't address any specific vulnerability. Improves documentation of existing security controls.

Diff

diff --git a/cloudhsm/latest/userguide/key-quorum-auth-chsm-cli.md b/cloudhsm/latest/userguide/key-quorum-auth-chsm-cli.md
index 3fa1b7847..b9241e133 100644
--- a//cloudhsm/latest/userguide/key-quorum-auth-chsm-cli.md
+++ b//cloudhsm/latest/userguide/key-quorum-auth-chsm-cli.md
@@ -28 +28 @@ Quorum authentication can control the following operations:
-  * Each HSM can only contain one token per Admin service at a time, but multiple tokens per Crypto User service.
+  * Only one quorum operation can be active at a time per service. You must complete or delete the active quorum token for a service before you can generate a new one for the same service. For more information, see [Supported services and types](./key-quorum-auth-chsm-cli-service-names.html).