CloudHSMV2 ********** Client ====== class CloudHSMV2.Client A low-level client representing AWS CloudHSM V2 For more information about CloudHSM, see CloudHSM and the CloudHSM User Guide. import boto3 client = boto3.client('cloudhsmv2') These are the available methods: * can_paginate * close * copy_backup_to_region * create_cluster * create_hsm * delete_backup * delete_cluster * delete_hsm * delete_resource_policy * describe_backups * describe_clusters * get_paginator * get_resource_policy * get_waiter * initialize_cluster * list_tags * modify_backup_attributes * modify_cluster * put_resource_policy * restore_backup * tag_resource * untag_resource Paginators ========== Paginators are available on a client instance via the "get_paginator" method. For more detailed instructions and examples on the usage of paginators, see the paginators user guide. The available paginators are: * DescribeBackups * DescribeClusters * ListTags CloudHSMV2 / Paginator / DescribeBackups DescribeBackups *************** class CloudHSMV2.Paginator.DescribeBackups paginator = client.get_paginator('describe_backups') paginate(**kwargs) Creates an iterator that will paginate through responses from "CloudHSMV2.Client.describe_backups()". See also: AWS API Documentation **Request Syntax** response_iterator = paginator.paginate( Filters={ 'string': [ 'string', ] }, Shared=True|False, SortAscending=True|False, PaginationConfig={ 'MaxItems': 123, 'PageSize': 123, 'StartingToken': 'string' } ) Parameters: * **Filters** (*dict*) -- One or more filters to limit the items returned in the response. Use the "backupIds" filter to return only the specified backups. Specify backups by their backup identifier (ID). Use the "sourceBackupIds" filter to return only the backups created from a source backup. The "sourceBackupID" of a source backup is returned by the CopyBackupToRegion operation. Use the "clusterIds" filter to return only the backups for the specified clusters. Specify clusters by their cluster identifier (ID). Use the "states" filter to return only backups that match the specified state. Use the "neverExpires" filter to return backups filtered by the value in the "neverExpires" parameter. "True" returns all backups exempt from the backup retention policy. "False" returns all backups with a backup retention policy defined at the cluster. * *(string) --* * *(list) --* * *(string) --* * **Shared** (*boolean*) -- Describe backups that are shared with you. Note: By default when using this option, the command returns backups that have been shared using a standard Resource Access Manager resource share. In order for a backup that was shared using the PutResourcePolicy command to be returned, the share must be promoted to a standard resource share using the RAM PromoteResourceShareCreatedFromPolicy API operation. For more information about sharing backups, see Working with shared backups in the CloudHSM User Guide. * **SortAscending** (*boolean*) -- Designates whether or not to sort the return backups by ascending chronological order of generation. * **PaginationConfig** (*dict*) -- A dictionary that provides parameters to control pagination. * **MaxItems** *(integer) --* The total number of items to return. If the total number of items available is more than the value specified in max-items then a "NextToken" will be provided in the output that you can use to resume pagination. * **PageSize** *(integer) --* The size of each page. * **StartingToken** *(string) --* A token to specify where to start paginating. This is the "NextToken" from a previous response. Return type: dict Returns: **Response Syntax** { 'Backups': [ { 'BackupId': 'string', 'BackupArn': 'string', 'BackupState': 'CREATE_IN_PROGRESS'|'READY'|'DELETED'|'PENDING_DELETION', 'ClusterId': 'string', 'CreateTimestamp': datetime(2015, 1, 1), 'CopyTimestamp': datetime(2015, 1, 1), 'NeverExpires': True|False, 'SourceRegion': 'string', 'SourceBackup': 'string', 'SourceCluster': 'string', 'DeleteTimestamp': datetime(2015, 1, 1), 'TagList': [ { 'Key': 'string', 'Value': 'string' }, ], 'HsmType': 'string', 'Mode': 'FIPS'|'NON_FIPS' }, ], } **Response Structure** * *(dict) --* * **Backups** *(list) --* A list of backups. * *(dict) --* Contains information about a backup of an CloudHSM cluster. All backup objects contain the "BackupId", "BackupState", "ClusterId", and "CreateTimestamp" parameters. Backups that were copied into a destination region additionally contain the "CopyTimestamp", "SourceBackup", "SourceCluster", and "SourceRegion" parameters. A backup that is pending deletion will include the "DeleteTimestamp" parameter. * **BackupId** *(string) --* The identifier (ID) of the backup. * **BackupArn** *(string) --* The Amazon Resource Name (ARN) of the backup. * **BackupState** *(string) --* The state of the backup. * **ClusterId** *(string) --* The identifier (ID) of the cluster that was backed up. * **CreateTimestamp** *(datetime) --* The date and time when the backup was created. * **CopyTimestamp** *(datetime) --* The date and time when the backup was copied from a source backup. * **NeverExpires** *(boolean) --* Specifies whether the service should exempt a backup from the retention policy for the cluster. "True" exempts a backup from the retention policy. "False" means the service applies the backup retention policy defined at the cluster. * **SourceRegion** *(string) --* The AWS Region that contains the source backup from which the new backup was copied. * **SourceBackup** *(string) --* The identifier (ID) of the source backup from which the new backup was copied. * **SourceCluster** *(string) --* The identifier (ID) of the cluster containing the source backup from which the new backup was copied. * **DeleteTimestamp** *(datetime) --* The date and time when the backup will be permanently deleted. * **TagList** *(list) --* The list of tags for the backup. * *(dict) --* Contains a tag. A tag is a key-value pair. * **Key** *(string) --* The key of the tag. * **Value** *(string) --* The value of the tag. * **HsmType** *(string) --* The HSM type used to create the backup. * **Mode** *(string) --* The mode of the cluster that was backed up. CloudHSMV2 / Paginator / DescribeClusters DescribeClusters **************** class CloudHSMV2.Paginator.DescribeClusters paginator = client.get_paginator('describe_clusters') paginate(**kwargs) Creates an iterator that will paginate through responses from "CloudHSMV2.Client.describe_clusters()". See also: AWS API Documentation **Request Syntax** response_iterator = paginator.paginate( Filters={ 'string': [ 'string', ] }, PaginationConfig={ 'MaxItems': 123, 'PageSize': 123, 'StartingToken': 'string' } ) Parameters: * **Filters** (*dict*) -- One or more filters to limit the items returned in the response. Use the "clusterIds" filter to return only the specified clusters. Specify clusters by their cluster identifier (ID). Use the "vpcIds" filter to return only the clusters in the specified virtual private clouds (VPCs). Specify VPCs by their VPC identifier (ID). Use the "states" filter to return only clusters that match the specified state. * *(string) --* * *(list) --* * *(string) --* * **PaginationConfig** (*dict*) -- A dictionary that provides parameters to control pagination. * **MaxItems** *(integer) --* The total number of items to return. If the total number of items available is more than the value specified in max-items then a "NextToken" will be provided in the output that you can use to resume pagination. * **PageSize** *(integer) --* The size of each page. * **StartingToken** *(string) --* A token to specify where to start paginating. This is the "NextToken" from a previous response. Return type: dict Returns: **Response Syntax** { 'Clusters': [ { 'BackupPolicy': 'DEFAULT', 'BackupRetentionPolicy': { 'Type': 'DAYS', 'Value': 'string' }, 'ClusterId': 'string', 'CreateTimestamp': datetime(2015, 1, 1), 'Hsms': [ { 'AvailabilityZone': 'string', 'ClusterId': 'string', 'SubnetId': 'string', 'EniId': 'string', 'EniIp': 'string', 'EniIpV6': 'string', 'HsmId': 'string', 'HsmType': 'string', 'State': 'CREATE_IN_PROGRESS'|'ACTIVE'|'DEGRADED'|'DELETE_IN_PROGRESS'|'DELETED', 'StateMessage': 'string' }, ], 'HsmType': 'string', 'HsmTypeRollbackExpiration': datetime(2015, 1, 1), 'PreCoPassword': 'string', 'SecurityGroup': 'string', 'SourceBackupId': 'string', 'State': 'CREATE_IN_PROGRESS'|'UNINITIALIZED'|'INITIALIZE_IN_PROGRESS'|'INITIALIZED'|'ACTIVE'|'UPDATE_IN_PROGRESS'|'MODIFY_IN_PROGRESS'|'ROLLBACK_IN_PROGRESS'|'DELETE_IN_PROGRESS'|'DELETED'|'DEGRADED', 'StateMessage': 'string', 'SubnetMapping': { 'string': 'string' }, 'VpcId': 'string', 'NetworkType': 'IPV4'|'DUALSTACK', 'Certificates': { 'ClusterCsr': 'string', 'HsmCertificate': 'string', 'AwsHardwareCertificate': 'string', 'ManufacturerHardwareCertificate': 'string', 'ClusterCertificate': 'string' }, 'TagList': [ { 'Key': 'string', 'Value': 'string' }, ], 'Mode': 'FIPS'|'NON_FIPS' }, ], } **Response Structure** * *(dict) --* * **Clusters** *(list) --* A list of clusters. * *(dict) --* Contains information about an CloudHSM cluster. * **BackupPolicy** *(string) --* The cluster's backup policy. * **BackupRetentionPolicy** *(dict) --* A policy that defines how the service retains backups. * **Type** *(string) --* The type of backup retention policy. For the "DAYS" type, the value is the number of days to retain backups. * **Value** *(string) --* Use a value between 7 - 379. * **ClusterId** *(string) --* The cluster's identifier (ID). * **CreateTimestamp** *(datetime) --* The date and time when the cluster was created. * **Hsms** *(list) --* Contains information about the HSMs in the cluster. * *(dict) --* Contains information about a hardware security module (HSM) in an CloudHSM cluster. * **AvailabilityZone** *(string) --* The Availability Zone that contains the HSM. * **ClusterId** *(string) --* The identifier (ID) of the cluster that contains the HSM. * **SubnetId** *(string) --* The subnet that contains the HSM's elastic network interface (ENI). * **EniId** *(string) --* The identifier (ID) of the HSM's elastic network interface (ENI). * **EniIp** *(string) --* The IP address of the HSM's elastic network interface (ENI). * **EniIpV6** *(string) --* The IPv6 address (if any) of the HSM's elastic network interface (ENI). * **HsmId** *(string) --* The HSM's identifier (ID). * **HsmType** *(string) --* The type of HSM. * **State** *(string) --* The HSM's state. * **StateMessage** *(string) --* A description of the HSM's state. * **HsmType** *(string) --* The type of HSM that the cluster contains. * **HsmTypeRollbackExpiration** *(datetime) --* The timestamp until when the cluster can be rolled back to its original HSM type. * **PreCoPassword** *(string) --* The default password for the cluster's Pre-Crypto Officer (PRECO) user. * **SecurityGroup** *(string) --* The identifier (ID) of the cluster's security group. * **SourceBackupId** *(string) --* The identifier (ID) of the backup used to create the cluster. This value exists only when the cluster was created from a backup. * **State** *(string) --* The cluster's state. * **StateMessage** *(string) --* A description of the cluster's state. * **SubnetMapping** *(dict) --* A map from availability zone to the cluster’s subnet in that availability zone. * *(string) --* * *(string) --* * **VpcId** *(string) --* The identifier (ID) of the virtual private cloud (VPC) that contains the cluster. * **NetworkType** *(string) --* The cluster's NetworkType can be IPv4 (the default) or DUALSTACK. The IPv4 NetworkType restricts communication between your application and the hardware security modules (HSMs) to the IPv4 protocol only. The DUALSTACK NetworkType enables communication over both IPv4 and IPv6 protocols. To use DUALSTACK, configure your virtual private cloud (VPC) and subnets to support both IPv4 and IPv6. This configuration involves adding IPv6 Classless Inter- Domain Routing (CIDR) blocks to the existing IPv4 CIDR blocks in your subnets. The NetworkType you choose affects the network addressing options for your cluster. DUALSTACK provides more flexibility by supporting both IPv4 and IPv6 communication. * **Certificates** *(dict) --* Contains one or more certificates or a certificate signing request (CSR). * **ClusterCsr** *(string) --* The cluster's certificate signing request (CSR). The CSR exists only when the cluster's state is "UNINITIALIZED". * **HsmCertificate** *(string) --* The HSM certificate issued (signed) by the HSM hardware. * **AwsHardwareCertificate** *(string) --* The HSM hardware certificate issued (signed) by CloudHSM. * **ManufacturerHardwareCertificate** *(string) --* The HSM hardware certificate issued (signed) by the hardware manufacturer. * **ClusterCertificate** *(string) --* The cluster certificate issued (signed) by the issuing certificate authority (CA) of the cluster's owner. * **TagList** *(list) --* The list of tags for the cluster. * *(dict) --* Contains a tag. A tag is a key-value pair. * **Key** *(string) --* The key of the tag. * **Value** *(string) --* The value of the tag. * **Mode** *(string) --* The mode of the cluster. CloudHSMV2 / Paginator / ListTags ListTags ******** class CloudHSMV2.Paginator.ListTags paginator = client.get_paginator('list_tags') paginate(**kwargs) Creates an iterator that will paginate through responses from "CloudHSMV2.Client.list_tags()". See also: AWS API Documentation **Request Syntax** response_iterator = paginator.paginate( ResourceId='string', PaginationConfig={ 'MaxItems': 123, 'PageSize': 123, 'StartingToken': 'string' } ) Parameters: * **ResourceId** (*string*) -- **[REQUIRED]** The cluster identifier (ID) for the cluster whose tags you are getting. To find the cluster ID, use DescribeClusters. * **PaginationConfig** (*dict*) -- A dictionary that provides parameters to control pagination. * **MaxItems** *(integer) --* The total number of items to return. If the total number of items available is more than the value specified in max-items then a "NextToken" will be provided in the output that you can use to resume pagination. * **PageSize** *(integer) --* The size of each page. * **StartingToken** *(string) --* A token to specify where to start paginating. This is the "NextToken" from a previous response. Return type: dict Returns: **Response Syntax** { 'TagList': [ { 'Key': 'string', 'Value': 'string' }, ], } **Response Structure** * *(dict) --* * **TagList** *(list) --* A list of tags. * *(dict) --* Contains a tag. A tag is a key-value pair. * **Key** *(string) --* The key of the tag. * **Value** *(string) --* The value of the tag. CloudHSMV2 / Client / get_paginator get_paginator ************* CloudHSMV2.Client.get_paginator(operation_name) Create a paginator for an operation. Parameters: **operation_name** (*string*) -- The operation name. This is the same name as the method name on the client. For example, if the method name is "create_foo", and you'd normally invoke the operation as "client.create_foo(**kwargs)", if the "create_foo" operation can be paginated, you can use the call "client.get_paginator("create_foo")". Raises: **OperationNotPageableError** -- Raised if the operation is not pageable. You can use the "client.can_paginate" method to check if an operation is pageable. Return type: "botocore.paginate.Paginator" Returns: A paginator object. CloudHSMV2 / Client / create_cluster create_cluster ************** CloudHSMV2.Client.create_cluster(**kwargs) Creates a new CloudHSM cluster. **Cross-account use:** Yes. To perform this operation with an CloudHSM backup in a different AWS account, specify the full backup ARN in the value of the SourceBackupId parameter. See also: AWS API Documentation **Request Syntax** response = client.create_cluster( BackupRetentionPolicy={ 'Type': 'DAYS', 'Value': 'string' }, HsmType='string', SourceBackupId='string', SubnetIds=[ 'string', ], NetworkType='IPV4'|'DUALSTACK', TagList=[ { 'Key': 'string', 'Value': 'string' }, ], Mode='FIPS'|'NON_FIPS' ) Parameters: * **BackupRetentionPolicy** (*dict*) -- A policy that defines how the service retains backups. * **Type** *(string) --* The type of backup retention policy. For the "DAYS" type, the value is the number of days to retain backups. * **Value** *(string) --* Use a value between 7 - 379. * **HsmType** (*string*) -- **[REQUIRED]** The type of HSM to use in the cluster. The allowed values are "hsm1.medium" and "hsm2m.medium". * **SourceBackupId** (*string*) -- The identifier (ID) or the Amazon Resource Name (ARN) of the cluster backup to restore. Use this value to restore the cluster from a backup instead of creating a new cluster. To find the backup ID or ARN, use DescribeBackups. *If using a backup in another account, the full ARN must be supplied.* * **SubnetIds** (*list*) -- **[REQUIRED]** The identifiers (IDs) of the subnets where you are creating the cluster. You must specify at least one subnet. If you specify multiple subnets, they must meet the following criteria: * All subnets must be in the same virtual private cloud (VPC). * You can specify only one subnet per Availability Zone. * *(string) --* * **NetworkType** (*string*) -- The NetworkType to create a cluster with. The allowed values are "IPV4" and "DUALSTACK". * **TagList** (*list*) -- Tags to apply to the CloudHSM cluster during creation. * *(dict) --* Contains a tag. A tag is a key-value pair. * **Key** *(string) --* **[REQUIRED]** The key of the tag. * **Value** *(string) --* **[REQUIRED]** The value of the tag. * **Mode** (*string*) -- The mode to use in the cluster. The allowed values are "FIPS" and "NON_FIPS". Return type: dict Returns: **Response Syntax** { 'Cluster': { 'BackupPolicy': 'DEFAULT', 'BackupRetentionPolicy': { 'Type': 'DAYS', 'Value': 'string' }, 'ClusterId': 'string', 'CreateTimestamp': datetime(2015, 1, 1), 'Hsms': [ { 'AvailabilityZone': 'string', 'ClusterId': 'string', 'SubnetId': 'string', 'EniId': 'string', 'EniIp': 'string', 'EniIpV6': 'string', 'HsmId': 'string', 'HsmType': 'string', 'State': 'CREATE_IN_PROGRESS'|'ACTIVE'|'DEGRADED'|'DELETE_IN_PROGRESS'|'DELETED', 'StateMessage': 'string' }, ], 'HsmType': 'string', 'HsmTypeRollbackExpiration': datetime(2015, 1, 1), 'PreCoPassword': 'string', 'SecurityGroup': 'string', 'SourceBackupId': 'string', 'State': 'CREATE_IN_PROGRESS'|'UNINITIALIZED'|'INITIALIZE_IN_PROGRESS'|'INITIALIZED'|'ACTIVE'|'UPDATE_IN_PROGRESS'|'MODIFY_IN_PROGRESS'|'ROLLBACK_IN_PROGRESS'|'DELETE_IN_PROGRESS'|'DELETED'|'DEGRADED', 'StateMessage': 'string', 'SubnetMapping': { 'string': 'string' }, 'VpcId': 'string', 'NetworkType': 'IPV4'|'DUALSTACK', 'Certificates': { 'ClusterCsr': 'string', 'HsmCertificate': 'string', 'AwsHardwareCertificate': 'string', 'ManufacturerHardwareCertificate': 'string', 'ClusterCertificate': 'string' }, 'TagList': [ { 'Key': 'string', 'Value': 'string' }, ], 'Mode': 'FIPS'|'NON_FIPS' } } **Response Structure** * *(dict) --* * **Cluster** *(dict) --* Information about the cluster that was created. * **BackupPolicy** *(string) --* The cluster's backup policy. * **BackupRetentionPolicy** *(dict) --* A policy that defines how the service retains backups. * **Type** *(string) --* The type of backup retention policy. For the "DAYS" type, the value is the number of days to retain backups. * **Value** *(string) --* Use a value between 7 - 379. * **ClusterId** *(string) --* The cluster's identifier (ID). * **CreateTimestamp** *(datetime) --* The date and time when the cluster was created. * **Hsms** *(list) --* Contains information about the HSMs in the cluster. * *(dict) --* Contains information about a hardware security module (HSM) in an CloudHSM cluster. * **AvailabilityZone** *(string) --* The Availability Zone that contains the HSM. * **ClusterId** *(string) --* The identifier (ID) of the cluster that contains the HSM. * **SubnetId** *(string) --* The subnet that contains the HSM's elastic network interface (ENI). * **EniId** *(string) --* The identifier (ID) of the HSM's elastic network interface (ENI). * **EniIp** *(string) --* The IP address of the HSM's elastic network interface (ENI). * **EniIpV6** *(string) --* The IPv6 address (if any) of the HSM's elastic network interface (ENI). * **HsmId** *(string) --* The HSM's identifier (ID). * **HsmType** *(string) --* The type of HSM. * **State** *(string) --* The HSM's state. * **StateMessage** *(string) --* A description of the HSM's state. * **HsmType** *(string) --* The type of HSM that the cluster contains. * **HsmTypeRollbackExpiration** *(datetime) --* The timestamp until when the cluster can be rolled back to its original HSM type. * **PreCoPassword** *(string) --* The default password for the cluster's Pre-Crypto Officer (PRECO) user. * **SecurityGroup** *(string) --* The identifier (ID) of the cluster's security group. * **SourceBackupId** *(string) --* The identifier (ID) of the backup used to create the cluster. This value exists only when the cluster was created from a backup. * **State** *(string) --* The cluster's state. * **StateMessage** *(string) --* A description of the cluster's state. * **SubnetMapping** *(dict) --* A map from availability zone to the cluster’s subnet in that availability zone. * *(string) --* * *(string) --* * **VpcId** *(string) --* The identifier (ID) of the virtual private cloud (VPC) that contains the cluster. * **NetworkType** *(string) --* The cluster's NetworkType can be IPv4 (the default) or DUALSTACK. The IPv4 NetworkType restricts communication between your application and the hardware security modules (HSMs) to the IPv4 protocol only. The DUALSTACK NetworkType enables communication over both IPv4 and IPv6 protocols. To use DUALSTACK, configure your virtual private cloud (VPC) and subnets to support both IPv4 and IPv6. This configuration involves adding IPv6 Classless Inter-Domain Routing (CIDR) blocks to the existing IPv4 CIDR blocks in your subnets. The NetworkType you choose affects the network addressing options for your cluster. DUALSTACK provides more flexibility by supporting both IPv4 and IPv6 communication. * **Certificates** *(dict) --* Contains one or more certificates or a certificate signing request (CSR). * **ClusterCsr** *(string) --* The cluster's certificate signing request (CSR). The CSR exists only when the cluster's state is "UNINITIALIZED". * **HsmCertificate** *(string) --* The HSM certificate issued (signed) by the HSM hardware. * **AwsHardwareCertificate** *(string) --* The HSM hardware certificate issued (signed) by CloudHSM. * **ManufacturerHardwareCertificate** *(string) --* The HSM hardware certificate issued (signed) by the hardware manufacturer. * **ClusterCertificate** *(string) --* The cluster certificate issued (signed) by the issuing certificate authority (CA) of the cluster's owner. * **TagList** *(list) --* The list of tags for the cluster. * *(dict) --* Contains a tag. A tag is a key-value pair. * **Key** *(string) --* The key of the tag. * **Value** *(string) --* The value of the tag. * **Mode** *(string) --* The mode of the cluster. **Exceptions** * "CloudHSMV2.Client.exceptions.CloudHsmAccessDeniedException" * "CloudHSMV2.Client.exceptions.CloudHsmInternalFailureException" * "CloudHSMV2.Client.exceptions.CloudHsmInvalidRequestException" * "CloudHSMV2.Client.exceptions.CloudHsmResourceNotFoundException" * "CloudHSMV2.Client.exceptions.CloudHsmServiceException" * "CloudHSMV2.Client.exceptions.CloudHsmTagException" CloudHSMV2 / Client / delete_cluster delete_cluster ************** CloudHSMV2.Client.delete_cluster(**kwargs) Deletes the specified CloudHSM cluster. Before you can delete a cluster, you must delete all HSMs in the cluster. To see if the cluster contains any HSMs, use DescribeClusters. To delete an HSM, use DeleteHsm. **Cross-account use:** No. You cannot perform this operation on an CloudHSM cluster in a different Amazon Web Services account. See also: AWS API Documentation **Request Syntax** response = client.delete_cluster( ClusterId='string' ) Parameters: **ClusterId** (*string*) -- **[REQUIRED]** The identifier (ID) of the cluster that you are deleting. To find the cluster ID, use DescribeClusters. Return type: dict Returns: **Response Syntax** { 'Cluster': { 'BackupPolicy': 'DEFAULT', 'BackupRetentionPolicy': { 'Type': 'DAYS', 'Value': 'string' }, 'ClusterId': 'string', 'CreateTimestamp': datetime(2015, 1, 1), 'Hsms': [ { 'AvailabilityZone': 'string', 'ClusterId': 'string', 'SubnetId': 'string', 'EniId': 'string', 'EniIp': 'string', 'EniIpV6': 'string', 'HsmId': 'string', 'HsmType': 'string', 'State': 'CREATE_IN_PROGRESS'|'ACTIVE'|'DEGRADED'|'DELETE_IN_PROGRESS'|'DELETED', 'StateMessage': 'string' }, ], 'HsmType': 'string', 'HsmTypeRollbackExpiration': datetime(2015, 1, 1), 'PreCoPassword': 'string', 'SecurityGroup': 'string', 'SourceBackupId': 'string', 'State': 'CREATE_IN_PROGRESS'|'UNINITIALIZED'|'INITIALIZE_IN_PROGRESS'|'INITIALIZED'|'ACTIVE'|'UPDATE_IN_PROGRESS'|'MODIFY_IN_PROGRESS'|'ROLLBACK_IN_PROGRESS'|'DELETE_IN_PROGRESS'|'DELETED'|'DEGRADED', 'StateMessage': 'string', 'SubnetMapping': { 'string': 'string' }, 'VpcId': 'string', 'NetworkType': 'IPV4'|'DUALSTACK', 'Certificates': { 'ClusterCsr': 'string', 'HsmCertificate': 'string', 'AwsHardwareCertificate': 'string', 'ManufacturerHardwareCertificate': 'string', 'ClusterCertificate': 'string' }, 'TagList': [ { 'Key': 'string', 'Value': 'string' }, ], 'Mode': 'FIPS'|'NON_FIPS' } } **Response Structure** * *(dict) --* * **Cluster** *(dict) --* Information about the cluster that was deleted. * **BackupPolicy** *(string) --* The cluster's backup policy. * **BackupRetentionPolicy** *(dict) --* A policy that defines how the service retains backups. * **Type** *(string) --* The type of backup retention policy. For the "DAYS" type, the value is the number of days to retain backups. * **Value** *(string) --* Use a value between 7 - 379. * **ClusterId** *(string) --* The cluster's identifier (ID). * **CreateTimestamp** *(datetime) --* The date and time when the cluster was created. * **Hsms** *(list) --* Contains information about the HSMs in the cluster. * *(dict) --* Contains information about a hardware security module (HSM) in an CloudHSM cluster. * **AvailabilityZone** *(string) --* The Availability Zone that contains the HSM. * **ClusterId** *(string) --* The identifier (ID) of the cluster that contains the HSM. * **SubnetId** *(string) --* The subnet that contains the HSM's elastic network interface (ENI). * **EniId** *(string) --* The identifier (ID) of the HSM's elastic network interface (ENI). * **EniIp** *(string) --* The IP address of the HSM's elastic network interface (ENI). * **EniIpV6** *(string) --* The IPv6 address (if any) of the HSM's elastic network interface (ENI). * **HsmId** *(string) --* The HSM's identifier (ID). * **HsmType** *(string) --* The type of HSM. * **State** *(string) --* The HSM's state. * **StateMessage** *(string) --* A description of the HSM's state. * **HsmType** *(string) --* The type of HSM that the cluster contains. * **HsmTypeRollbackExpiration** *(datetime) --* The timestamp until when the cluster can be rolled back to its original HSM type. * **PreCoPassword** *(string) --* The default password for the cluster's Pre-Crypto Officer (PRECO) user. * **SecurityGroup** *(string) --* The identifier (ID) of the cluster's security group. * **SourceBackupId** *(string) --* The identifier (ID) of the backup used to create the cluster. This value exists only when the cluster was created from a backup. * **State** *(string) --* The cluster's state. * **StateMessage** *(string) --* A description of the cluster's state. * **SubnetMapping** *(dict) --* A map from availability zone to the cluster’s subnet in that availability zone. * *(string) --* * *(string) --* * **VpcId** *(string) --* The identifier (ID) of the virtual private cloud (VPC) that contains the cluster. * **NetworkType** *(string) --* The cluster's NetworkType can be IPv4 (the default) or DUALSTACK. The IPv4 NetworkType restricts communication between your application and the hardware security modules (HSMs) to the IPv4 protocol only. The DUALSTACK NetworkType enables communication over both IPv4 and IPv6 protocols. To use DUALSTACK, configure your virtual private cloud (VPC) and subnets to support both IPv4 and IPv6. This configuration involves adding IPv6 Classless Inter-Domain Routing (CIDR) blocks to the existing IPv4 CIDR blocks in your subnets. The NetworkType you choose affects the network addressing options for your cluster. DUALSTACK provides more flexibility by supporting both IPv4 and IPv6 communication. * **Certificates** *(dict) --* Contains one or more certificates or a certificate signing request (CSR). * **ClusterCsr** *(string) --* The cluster's certificate signing request (CSR). The CSR exists only when the cluster's state is "UNINITIALIZED". * **HsmCertificate** *(string) --* The HSM certificate issued (signed) by the HSM hardware. * **AwsHardwareCertificate** *(string) --* The HSM hardware certificate issued (signed) by CloudHSM. * **ManufacturerHardwareCertificate** *(string) --* The HSM hardware certificate issued (signed) by the hardware manufacturer. * **ClusterCertificate** *(string) --* The cluster certificate issued (signed) by the issuing certificate authority (CA) of the cluster's owner. * **TagList** *(list) --* The list of tags for the cluster. * *(dict) --* Contains a tag. A tag is a key-value pair. * **Key** *(string) --* The key of the tag. * **Value** *(string) --* The value of the tag. * **Mode** *(string) --* The mode of the cluster. **Exceptions** * "CloudHSMV2.Client.exceptions.CloudHsmAccessDeniedException" * "CloudHSMV2.Client.exceptions.CloudHsmInternalFailureException" * "CloudHSMV2.Client.exceptions.CloudHsmInvalidRequestException" * "CloudHSMV2.Client.exceptions.CloudHsmResourceNotFoundException" * "CloudHSMV2.Client.exceptions.CloudHsmServiceException" * "CloudHSMV2.Client.exceptions.CloudHsmTagException" CloudHSMV2 / Client / can_paginate can_paginate ************ CloudHSMV2.Client.can_paginate(operation_name) Check if an operation can be paginated. Parameters: **operation_name** (*string*) -- The operation name. This is the same name as the method name on the client. For example, if the method name is "create_foo", and you'd normally invoke the operation as "client.create_foo(**kwargs)", if the "create_foo" operation can be paginated, you can use the call "client.get_paginator("create_foo")". Returns: "True" if the operation can be paginated, "False" otherwise. CloudHSMV2 / Client / delete_backup delete_backup ************* CloudHSMV2.Client.delete_backup(**kwargs) Deletes a specified CloudHSM backup. A backup can be restored up to 7 days after the DeleteBackup request is made. For more information on restoring a backup, see RestoreBackup. **Cross-account use:** No. You cannot perform this operation on an CloudHSM backup in a different Amazon Web Services account. See also: AWS API Documentation **Request Syntax** response = client.delete_backup( BackupId='string' ) Parameters: **BackupId** (*string*) -- **[REQUIRED]** The ID of the backup to be deleted. To find the ID of a backup, use the DescribeBackups operation. Return type: dict Returns: **Response Syntax** { 'Backup': { 'BackupId': 'string', 'BackupArn': 'string', 'BackupState': 'CREATE_IN_PROGRESS'|'READY'|'DELETED'|'PENDING_DELETION', 'ClusterId': 'string', 'CreateTimestamp': datetime(2015, 1, 1), 'CopyTimestamp': datetime(2015, 1, 1), 'NeverExpires': True|False, 'SourceRegion': 'string', 'SourceBackup': 'string', 'SourceCluster': 'string', 'DeleteTimestamp': datetime(2015, 1, 1), 'TagList': [ { 'Key': 'string', 'Value': 'string' }, ], 'HsmType': 'string', 'Mode': 'FIPS'|'NON_FIPS' } } **Response Structure** * *(dict) --* * **Backup** *(dict) --* Information on the "Backup" object deleted. * **BackupId** *(string) --* The identifier (ID) of the backup. * **BackupArn** *(string) --* The Amazon Resource Name (ARN) of the backup. * **BackupState** *(string) --* The state of the backup. * **ClusterId** *(string) --* The identifier (ID) of the cluster that was backed up. * **CreateTimestamp** *(datetime) --* The date and time when the backup was created. * **CopyTimestamp** *(datetime) --* The date and time when the backup was copied from a source backup. * **NeverExpires** *(boolean) --* Specifies whether the service should exempt a backup from the retention policy for the cluster. "True" exempts a backup from the retention policy. "False" means the service applies the backup retention policy defined at the cluster. * **SourceRegion** *(string) --* The AWS Region that contains the source backup from which the new backup was copied. * **SourceBackup** *(string) --* The identifier (ID) of the source backup from which the new backup was copied. * **SourceCluster** *(string) --* The identifier (ID) of the cluster containing the source backup from which the new backup was copied. * **DeleteTimestamp** *(datetime) --* The date and time when the backup will be permanently deleted. * **TagList** *(list) --* The list of tags for the backup. * *(dict) --* Contains a tag. A tag is a key-value pair. * **Key** *(string) --* The key of the tag. * **Value** *(string) --* The value of the tag. * **HsmType** *(string) --* The HSM type used to create the backup. * **Mode** *(string) --* The mode of the cluster that was backed up. **Exceptions** * "CloudHSMV2.Client.exceptions.CloudHsmAccessDeniedException" * "CloudHSMV2.Client.exceptions.CloudHsmInternalFailureException" * "CloudHSMV2.Client.exceptions.CloudHsmInvalidRequestException" * "CloudHSMV2.Client.exceptions.CloudHsmResourceNotFoundException" * "CloudHSMV2.Client.exceptions.CloudHsmServiceException" CloudHSMV2 / Client / list_tags list_tags ********* CloudHSMV2.Client.list_tags(**kwargs) Gets a list of tags for the specified CloudHSM cluster. This is a paginated operation, which means that each response might contain only a subset of all the tags. When the response contains only a subset of tags, it includes a "NextToken" value. Use this value in a subsequent "ListTags" request to get more tags. When you receive a response with no "NextToken" (or an empty or null value), that means there are no more tags to get. **Cross-account use:** No. You cannot perform this operation on an CloudHSM resource in a different Amazon Web Services account. See also: AWS API Documentation **Request Syntax** response = client.list_tags( ResourceId='string', NextToken='string', MaxResults=123 ) Parameters: * **ResourceId** (*string*) -- **[REQUIRED]** The cluster identifier (ID) for the cluster whose tags you are getting. To find the cluster ID, use DescribeClusters. * **NextToken** (*string*) -- The "NextToken" value that you received in the previous response. Use this value to get more tags. * **MaxResults** (*integer*) -- The maximum number of tags to return in the response. When there are more tags than the number you specify, the response contains a "NextToken" value. Return type: dict Returns: **Response Syntax** { 'TagList': [ { 'Key': 'string', 'Value': 'string' }, ], 'NextToken': 'string' } **Response Structure** * *(dict) --* * **TagList** *(list) --* A list of tags. * *(dict) --* Contains a tag. A tag is a key-value pair. * **Key** *(string) --* The key of the tag. * **Value** *(string) --* The value of the tag. * **NextToken** *(string) --* An opaque string that indicates that the response contains only a subset of tags. Use this value in a subsequent "ListTags" request to get more tags. **Exceptions** * "CloudHSMV2.Client.exceptions.CloudHsmAccessDeniedException" * "CloudHSMV2.Client.exceptions.CloudHsmInternalFailureException" * "CloudHSMV2.Client.exceptions.CloudHsmInvalidRequestException" * "CloudHSMV2.Client.exceptions.CloudHsmResourceNotFoundException" * "CloudHSMV2.Client.exceptions.CloudHsmServiceException" * "CloudHSMV2.Client.exceptions.CloudHsmTagException" CloudHSMV2 / Client / initialize_cluster initialize_cluster ****************** CloudHSMV2.Client.initialize_cluster(**kwargs) Claims an CloudHSM cluster by submitting the cluster certificate issued by your issuing certificate authority (CA) and the CA's root certificate. Before you can claim a cluster, you must sign the cluster's certificate signing request (CSR) with your issuing CA. To get the cluster's CSR, use DescribeClusters. **Cross-account use:** No. You cannot perform this operation on an CloudHSM cluster in a different Amazon Web Services account. See also: AWS API Documentation **Request Syntax** response = client.initialize_cluster( ClusterId='string', SignedCert='string', TrustAnchor='string' ) Parameters: * **ClusterId** (*string*) -- **[REQUIRED]** The identifier (ID) of the cluster that you are claiming. To find the cluster ID, use DescribeClusters. * **SignedCert** (*string*) -- **[REQUIRED]** The cluster certificate issued (signed) by your issuing certificate authority (CA). The certificate must be in PEM format and can contain a maximum of 5000 characters. * **TrustAnchor** (*string*) -- **[REQUIRED]** The issuing certificate of the issuing certificate authority (CA) that issued (signed) the cluster certificate. You must use a self-signed certificate. The certificate used to sign the HSM CSR must be directly available, and thus must be the root certificate. The certificate must be in PEM format and can contain a maximum of 5000 characters. Return type: dict Returns: **Response Syntax** { 'State': 'CREATE_IN_PROGRESS'|'UNINITIALIZED'|'INITIALIZE_IN_PROGRESS'|'INITIALIZED'|'ACTIVE'|'UPDATE_IN_PROGRESS'|'MODIFY_IN_PROGRESS'|'ROLLBACK_IN_PROGRESS'|'DELETE_IN_PROGRESS'|'DELETED'|'DEGRADED', 'StateMessage': 'string' } **Response Structure** * *(dict) --* * **State** *(string) --* The cluster's state. * **StateMessage** *(string) --* A description of the cluster's state. **Exceptions** * "CloudHSMV2.Client.exceptions.CloudHsmAccessDeniedException" * "CloudHSMV2.Client.exceptions.CloudHsmInternalFailureException" * "CloudHSMV2.Client.exceptions.CloudHsmInvalidRequestException" * "CloudHSMV2.Client.exceptions.CloudHsmResourceNotFoundException" * "CloudHSMV2.Client.exceptions.CloudHsmServiceException" CloudHSMV2 / Client / delete_hsm delete_hsm ********** CloudHSMV2.Client.delete_hsm(**kwargs) Deletes the specified HSM. To specify an HSM, you can use its identifier (ID), the IP address of the HSM's elastic network interface (ENI), or the ID of the HSM's ENI. You need to specify only one of these values. To find these values, use DescribeClusters. **Cross-account use:** No. You cannot perform this operation on an CloudHSM hsm in a different Amazon Web Services account. See also: AWS API Documentation **Request Syntax** response = client.delete_hsm( ClusterId='string', HsmId='string', EniId='string', EniIp='string' ) Parameters: * **ClusterId** (*string*) -- **[REQUIRED]** The identifier (ID) of the cluster that contains the HSM that you are deleting. * **HsmId** (*string*) -- The identifier (ID) of the HSM that you are deleting. * **EniId** (*string*) -- The identifier (ID) of the elastic network interface (ENI) of the HSM that you are deleting. * **EniIp** (*string*) -- The IP address of the elastic network interface (ENI) of the HSM that you are deleting. Return type: dict Returns: **Response Syntax** { 'HsmId': 'string' } **Response Structure** * *(dict) --* * **HsmId** *(string) --* The identifier (ID) of the HSM that was deleted. **Exceptions** * "CloudHSMV2.Client.exceptions.CloudHsmInternalFailureException" * "CloudHSMV2.Client.exceptions.CloudHsmServiceException" * "CloudHSMV2.Client.exceptions.CloudHsmResourceNotFoundException" * "CloudHSMV2.Client.exceptions.CloudHsmInvalidRequestException" * "CloudHSMV2.Client.exceptions.CloudHsmAccessDeniedException" CloudHSMV2 / Client / untag_resource untag_resource ************** CloudHSMV2.Client.untag_resource(**kwargs) Removes the specified tag or tags from the specified CloudHSM cluster. **Cross-account use:** No. You cannot perform this operation on an CloudHSM resource in a different Amazon Web Services account. See also: AWS API Documentation **Request Syntax** response = client.untag_resource( ResourceId='string', TagKeyList=[ 'string', ] ) Parameters: * **ResourceId** (*string*) -- **[REQUIRED]** The cluster identifier (ID) for the cluster whose tags you are removing. To find the cluster ID, use DescribeClusters. * **TagKeyList** (*list*) -- **[REQUIRED]** A list of one or more tag keys for the tags that you are removing. Specify only the tag keys, not the tag values. * *(string) --* Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "CloudHSMV2.Client.exceptions.CloudHsmAccessDeniedException" * "CloudHSMV2.Client.exceptions.CloudHsmInternalFailureException" * "CloudHSMV2.Client.exceptions.CloudHsmInvalidRequestException" * "CloudHSMV2.Client.exceptions.CloudHsmResourceNotFoundException" * "CloudHSMV2.Client.exceptions.CloudHsmServiceException" * "CloudHSMV2.Client.exceptions.CloudHsmTagException" CloudHSMV2 / Client / copy_backup_to_region copy_backup_to_region ********************* CloudHSMV2.Client.copy_backup_to_region(**kwargs) Copy an CloudHSM cluster backup to a different region. **Cross-account use:** No. You cannot perform this operation on an CloudHSM backup in a different Amazon Web Services account. See also: AWS API Documentation **Request Syntax** response = client.copy_backup_to_region( DestinationRegion='string', BackupId='string', TagList=[ { 'Key': 'string', 'Value': 'string' }, ] ) Parameters: * **DestinationRegion** (*string*) -- **[REQUIRED]** The AWS region that will contain your copied CloudHSM cluster backup. * **BackupId** (*string*) -- **[REQUIRED]** The ID of the backup that will be copied to the destination region. * **TagList** (*list*) -- Tags to apply to the destination backup during creation. If you specify tags, only these tags will be applied to the destination backup. If you do not specify tags, the service copies tags from the source backup to the destination backup. * *(dict) --* Contains a tag. A tag is a key-value pair. * **Key** *(string) --* **[REQUIRED]** The key of the tag. * **Value** *(string) --* **[REQUIRED]** The value of the tag. Return type: dict Returns: **Response Syntax** { 'DestinationBackup': { 'CreateTimestamp': datetime(2015, 1, 1), 'SourceRegion': 'string', 'SourceBackup': 'string', 'SourceCluster': 'string' } } **Response Structure** * *(dict) --* * **DestinationBackup** *(dict) --* Information on the backup that will be copied to the destination region, including CreateTimestamp, SourceBackup, SourceCluster, and Source Region. CreateTimestamp of the destination backup will be the same as that of the source backup. You will need to use the "sourceBackupID" returned in this operation to use the DescribeBackups operation on the backup that will be copied to the destination region. * **CreateTimestamp** *(datetime) --* The date and time when both the source backup was created. * **SourceRegion** *(string) --* The AWS region that contains the source backup from which the new backup was copied. * **SourceBackup** *(string) --* The identifier (ID) of the source backup from which the new backup was copied. * **SourceCluster** *(string) --* The identifier (ID) of the cluster containing the source backup from which the new backup was copied. **Exceptions** * "CloudHSMV2.Client.exceptions.CloudHsmAccessDeniedException" * "CloudHSMV2.Client.exceptions.CloudHsmInternalFailureException" * "CloudHSMV2.Client.exceptions.CloudHsmInvalidRequestException" * "CloudHSMV2.Client.exceptions.CloudHsmResourceNotFoundException" * "CloudHSMV2.Client.exceptions.CloudHsmServiceException" * "CloudHSMV2.Client.exceptions.CloudHsmTagException" CloudHSMV2 / Client / get_waiter get_waiter ********** CloudHSMV2.Client.get_waiter(waiter_name) Returns an object that can wait for some condition. Parameters: **waiter_name** (*str*) -- The name of the waiter to get. See the waiters section of the service docs for a list of available waiters. Returns: The specified waiter object. Return type: "botocore.waiter.Waiter" CloudHSMV2 / Client / close close ***** CloudHSMV2.Client.close() Closes underlying endpoint connections. CloudHSMV2 / Client / put_resource_policy put_resource_policy ******************* CloudHSMV2.Client.put_resource_policy(**kwargs) Creates or updates an CloudHSM resource policy. A resource policy helps you to define the IAM entity (for example, an Amazon Web Services account) that can manage your CloudHSM resources. The following resources support CloudHSM resource policies: * Backup - The resource policy allows you to describe the backup and restore a cluster from the backup in another Amazon Web Services account. In order to share a backup, it must be in a 'READY' state and you must own it. Warning: While you can share a backup using the CloudHSM PutResourcePolicy operation, we recommend using Resource Access Manager (RAM) instead. Using RAM provides multiple benefits as it creates the policy for you, allows multiple resources to be shared at one time, and increases the discoverability of shared resources. If you use PutResourcePolicy and want consumers to be able to describe the backups you share with them, you must promote the backup to a standard RAM Resource Share using the RAM PromoteResourceShareCreatedFromPolicy API operation. For more information, see Working with shared backups in the CloudHSM User Guide **Cross-account use:** No. You cannot perform this operation on an CloudHSM resource in a different Amazon Web Services account. See also: AWS API Documentation **Request Syntax** response = client.put_resource_policy( ResourceArn='string', Policy='string' ) Parameters: * **ResourceArn** (*string*) -- Amazon Resource Name (ARN) of the resource to which you want to attach a policy. * **Policy** (*string*) -- The policy you want to associate with a resource. For an example policy, see Working with shared backups in the CloudHSM User Guide Return type: dict Returns: **Response Syntax** { 'ResourceArn': 'string', 'Policy': 'string' } **Response Structure** * *(dict) --* * **ResourceArn** *(string) --* Amazon Resource Name (ARN) of the resource to which a policy is attached. * **Policy** *(string) --* The policy attached to a resource. **Exceptions** * "CloudHSMV2.Client.exceptions.CloudHsmInternalFailureException" * "CloudHSMV2.Client.exceptions.CloudHsmServiceException" * "CloudHSMV2.Client.exceptions.CloudHsmInvalidRequestException" * "CloudHSMV2.Client.exceptions.CloudHsmResourceNotFoundException" * "CloudHSMV2.Client.exceptions.CloudHsmAccessDeniedException" CloudHSMV2 / Client / get_resource_policy get_resource_policy ******************* CloudHSMV2.Client.get_resource_policy(**kwargs) Retrieves the resource policy document attached to a given resource. **Cross-account use:** No. You cannot perform this operation on an CloudHSM resource in a different Amazon Web Services account. See also: AWS API Documentation **Request Syntax** response = client.get_resource_policy( ResourceArn='string' ) Parameters: **ResourceArn** (*string*) -- Amazon Resource Name (ARN) of the resource to which a policy is attached. Return type: dict Returns: **Response Syntax** { 'Policy': 'string' } **Response Structure** * *(dict) --* * **Policy** *(string) --* The policy attached to a resource. **Exceptions** * "CloudHSMV2.Client.exceptions.CloudHsmInternalFailureException" * "CloudHSMV2.Client.exceptions.CloudHsmServiceException" * "CloudHSMV2.Client.exceptions.CloudHsmInvalidRequestException" * "CloudHSMV2.Client.exceptions.CloudHsmResourceNotFoundException" * "CloudHSMV2.Client.exceptions.CloudHsmAccessDeniedException" CloudHSMV2 / Client / modify_cluster modify_cluster ************** CloudHSMV2.Client.modify_cluster(**kwargs) Modifies CloudHSM cluster. **Cross-account use:** No. You cannot perform this operation on an CloudHSM cluster in a different Amazon Web Services account. See also: AWS API Documentation **Request Syntax** response = client.modify_cluster( HsmType='string', BackupRetentionPolicy={ 'Type': 'DAYS', 'Value': 'string' }, ClusterId='string' ) Parameters: * **HsmType** (*string*) -- The desired HSM type of the cluster. * **BackupRetentionPolicy** (*dict*) -- A policy that defines how the service retains backups. * **Type** *(string) --* The type of backup retention policy. For the "DAYS" type, the value is the number of days to retain backups. * **Value** *(string) --* Use a value between 7 - 379. * **ClusterId** (*string*) -- **[REQUIRED]** The identifier (ID) of the cluster that you want to modify. To find the cluster ID, use DescribeClusters. Return type: dict Returns: **Response Syntax** { 'Cluster': { 'BackupPolicy': 'DEFAULT', 'BackupRetentionPolicy': { 'Type': 'DAYS', 'Value': 'string' }, 'ClusterId': 'string', 'CreateTimestamp': datetime(2015, 1, 1), 'Hsms': [ { 'AvailabilityZone': 'string', 'ClusterId': 'string', 'SubnetId': 'string', 'EniId': 'string', 'EniIp': 'string', 'EniIpV6': 'string', 'HsmId': 'string', 'HsmType': 'string', 'State': 'CREATE_IN_PROGRESS'|'ACTIVE'|'DEGRADED'|'DELETE_IN_PROGRESS'|'DELETED', 'StateMessage': 'string' }, ], 'HsmType': 'string', 'HsmTypeRollbackExpiration': datetime(2015, 1, 1), 'PreCoPassword': 'string', 'SecurityGroup': 'string', 'SourceBackupId': 'string', 'State': 'CREATE_IN_PROGRESS'|'UNINITIALIZED'|'INITIALIZE_IN_PROGRESS'|'INITIALIZED'|'ACTIVE'|'UPDATE_IN_PROGRESS'|'MODIFY_IN_PROGRESS'|'ROLLBACK_IN_PROGRESS'|'DELETE_IN_PROGRESS'|'DELETED'|'DEGRADED', 'StateMessage': 'string', 'SubnetMapping': { 'string': 'string' }, 'VpcId': 'string', 'NetworkType': 'IPV4'|'DUALSTACK', 'Certificates': { 'ClusterCsr': 'string', 'HsmCertificate': 'string', 'AwsHardwareCertificate': 'string', 'ManufacturerHardwareCertificate': 'string', 'ClusterCertificate': 'string' }, 'TagList': [ { 'Key': 'string', 'Value': 'string' }, ], 'Mode': 'FIPS'|'NON_FIPS' } } **Response Structure** * *(dict) --* * **Cluster** *(dict) --* Contains information about an CloudHSM cluster. * **BackupPolicy** *(string) --* The cluster's backup policy. * **BackupRetentionPolicy** *(dict) --* A policy that defines how the service retains backups. * **Type** *(string) --* The type of backup retention policy. For the "DAYS" type, the value is the number of days to retain backups. * **Value** *(string) --* Use a value between 7 - 379. * **ClusterId** *(string) --* The cluster's identifier (ID). * **CreateTimestamp** *(datetime) --* The date and time when the cluster was created. * **Hsms** *(list) --* Contains information about the HSMs in the cluster. * *(dict) --* Contains information about a hardware security module (HSM) in an CloudHSM cluster. * **AvailabilityZone** *(string) --* The Availability Zone that contains the HSM. * **ClusterId** *(string) --* The identifier (ID) of the cluster that contains the HSM. * **SubnetId** *(string) --* The subnet that contains the HSM's elastic network interface (ENI). * **EniId** *(string) --* The identifier (ID) of the HSM's elastic network interface (ENI). * **EniIp** *(string) --* The IP address of the HSM's elastic network interface (ENI). * **EniIpV6** *(string) --* The IPv6 address (if any) of the HSM's elastic network interface (ENI). * **HsmId** *(string) --* The HSM's identifier (ID). * **HsmType** *(string) --* The type of HSM. * **State** *(string) --* The HSM's state. * **StateMessage** *(string) --* A description of the HSM's state. * **HsmType** *(string) --* The type of HSM that the cluster contains. * **HsmTypeRollbackExpiration** *(datetime) --* The timestamp until when the cluster can be rolled back to its original HSM type. * **PreCoPassword** *(string) --* The default password for the cluster's Pre-Crypto Officer (PRECO) user. * **SecurityGroup** *(string) --* The identifier (ID) of the cluster's security group. * **SourceBackupId** *(string) --* The identifier (ID) of the backup used to create the cluster. This value exists only when the cluster was created from a backup. * **State** *(string) --* The cluster's state. * **StateMessage** *(string) --* A description of the cluster's state. * **SubnetMapping** *(dict) --* A map from availability zone to the cluster’s subnet in that availability zone. * *(string) --* * *(string) --* * **VpcId** *(string) --* The identifier (ID) of the virtual private cloud (VPC) that contains the cluster. * **NetworkType** *(string) --* The cluster's NetworkType can be IPv4 (the default) or DUALSTACK. The IPv4 NetworkType restricts communication between your application and the hardware security modules (HSMs) to the IPv4 protocol only. The DUALSTACK NetworkType enables communication over both IPv4 and IPv6 protocols. To use DUALSTACK, configure your virtual private cloud (VPC) and subnets to support both IPv4 and IPv6. This configuration involves adding IPv6 Classless Inter-Domain Routing (CIDR) blocks to the existing IPv4 CIDR blocks in your subnets. The NetworkType you choose affects the network addressing options for your cluster. DUALSTACK provides more flexibility by supporting both IPv4 and IPv6 communication. * **Certificates** *(dict) --* Contains one or more certificates or a certificate signing request (CSR). * **ClusterCsr** *(string) --* The cluster's certificate signing request (CSR). The CSR exists only when the cluster's state is "UNINITIALIZED". * **HsmCertificate** *(string) --* The HSM certificate issued (signed) by the HSM hardware. * **AwsHardwareCertificate** *(string) --* The HSM hardware certificate issued (signed) by CloudHSM. * **ManufacturerHardwareCertificate** *(string) --* The HSM hardware certificate issued (signed) by the hardware manufacturer. * **ClusterCertificate** *(string) --* The cluster certificate issued (signed) by the issuing certificate authority (CA) of the cluster's owner. * **TagList** *(list) --* The list of tags for the cluster. * *(dict) --* Contains a tag. A tag is a key-value pair. * **Key** *(string) --* The key of the tag. * **Value** *(string) --* The value of the tag. * **Mode** *(string) --* The mode of the cluster. **Exceptions** * "CloudHSMV2.Client.exceptions.CloudHsmAccessDeniedException" * "CloudHSMV2.Client.exceptions.CloudHsmInternalFailureException" * "CloudHSMV2.Client.exceptions.CloudHsmInvalidRequestException" * "CloudHSMV2.Client.exceptions.CloudHsmResourceNotFoundException" * "CloudHSMV2.Client.exceptions.CloudHsmServiceException" CloudHSMV2 / Client / modify_backup_attributes modify_backup_attributes ************************ CloudHSMV2.Client.modify_backup_attributes(**kwargs) Modifies attributes for CloudHSM backup. **Cross-account use:** No. You cannot perform this operation on an CloudHSM backup in a different Amazon Web Services account. See also: AWS API Documentation **Request Syntax** response = client.modify_backup_attributes( BackupId='string', NeverExpires=True|False ) Parameters: * **BackupId** (*string*) -- **[REQUIRED]** The identifier (ID) of the backup to modify. To find the ID of a backup, use the DescribeBackups operation. * **NeverExpires** (*boolean*) -- **[REQUIRED]** Specifies whether the service should exempt a backup from the retention policy for the cluster. "True" exempts a backup from the retention policy. "False" means the service applies the backup retention policy defined at the cluster. Return type: dict Returns: **Response Syntax** { 'Backup': { 'BackupId': 'string', 'BackupArn': 'string', 'BackupState': 'CREATE_IN_PROGRESS'|'READY'|'DELETED'|'PENDING_DELETION', 'ClusterId': 'string', 'CreateTimestamp': datetime(2015, 1, 1), 'CopyTimestamp': datetime(2015, 1, 1), 'NeverExpires': True|False, 'SourceRegion': 'string', 'SourceBackup': 'string', 'SourceCluster': 'string', 'DeleteTimestamp': datetime(2015, 1, 1), 'TagList': [ { 'Key': 'string', 'Value': 'string' }, ], 'HsmType': 'string', 'Mode': 'FIPS'|'NON_FIPS' } } **Response Structure** * *(dict) --* * **Backup** *(dict) --* Contains information about a backup of an CloudHSM cluster. All backup objects contain the "BackupId", "BackupState", "ClusterId", and "CreateTimestamp" parameters. Backups that were copied into a destination region additionally contain the "CopyTimestamp", "SourceBackup", "SourceCluster", and "SourceRegion" parameters. A backup that is pending deletion will include the "DeleteTimestamp" parameter. * **BackupId** *(string) --* The identifier (ID) of the backup. * **BackupArn** *(string) --* The Amazon Resource Name (ARN) of the backup. * **BackupState** *(string) --* The state of the backup. * **ClusterId** *(string) --* The identifier (ID) of the cluster that was backed up. * **CreateTimestamp** *(datetime) --* The date and time when the backup was created. * **CopyTimestamp** *(datetime) --* The date and time when the backup was copied from a source backup. * **NeverExpires** *(boolean) --* Specifies whether the service should exempt a backup from the retention policy for the cluster. "True" exempts a backup from the retention policy. "False" means the service applies the backup retention policy defined at the cluster. * **SourceRegion** *(string) --* The AWS Region that contains the source backup from which the new backup was copied. * **SourceBackup** *(string) --* The identifier (ID) of the source backup from which the new backup was copied. * **SourceCluster** *(string) --* The identifier (ID) of the cluster containing the source backup from which the new backup was copied. * **DeleteTimestamp** *(datetime) --* The date and time when the backup will be permanently deleted. * **TagList** *(list) --* The list of tags for the backup. * *(dict) --* Contains a tag. A tag is a key-value pair. * **Key** *(string) --* The key of the tag. * **Value** *(string) --* The value of the tag. * **HsmType** *(string) --* The HSM type used to create the backup. * **Mode** *(string) --* The mode of the cluster that was backed up. **Exceptions** * "CloudHSMV2.Client.exceptions.CloudHsmAccessDeniedException" * "CloudHSMV2.Client.exceptions.CloudHsmInternalFailureException" * "CloudHSMV2.Client.exceptions.CloudHsmInvalidRequestException" * "CloudHSMV2.Client.exceptions.CloudHsmResourceNotFoundException" * "CloudHSMV2.Client.exceptions.CloudHsmServiceException" CloudHSMV2 / Client / create_hsm create_hsm ********** CloudHSMV2.Client.create_hsm(**kwargs) Creates a new hardware security module (HSM) in the specified CloudHSM cluster. **Cross-account use:** No. You cannot perform this operation on an CloudHSM cluster in a different Amazon Web Service account. See also: AWS API Documentation **Request Syntax** response = client.create_hsm( ClusterId='string', AvailabilityZone='string', IpAddress='string' ) Parameters: * **ClusterId** (*string*) -- **[REQUIRED]** The identifier (ID) of the HSM's cluster. To find the cluster ID, use DescribeClusters. * **AvailabilityZone** (*string*) -- **[REQUIRED]** The Availability Zone where you are creating the HSM. To find the cluster's Availability Zones, use DescribeClusters. * **IpAddress** (*string*) -- The HSM's IP address. If you specify an IP address, use an available address from the subnet that maps to the Availability Zone where you are creating the HSM. If you don't specify an IP address, one is chosen for you from that subnet. Return type: dict Returns: **Response Syntax** { 'Hsm': { 'AvailabilityZone': 'string', 'ClusterId': 'string', 'SubnetId': 'string', 'EniId': 'string', 'EniIp': 'string', 'EniIpV6': 'string', 'HsmId': 'string', 'HsmType': 'string', 'State': 'CREATE_IN_PROGRESS'|'ACTIVE'|'DEGRADED'|'DELETE_IN_PROGRESS'|'DELETED', 'StateMessage': 'string' } } **Response Structure** * *(dict) --* * **Hsm** *(dict) --* Information about the HSM that was created. * **AvailabilityZone** *(string) --* The Availability Zone that contains the HSM. * **ClusterId** *(string) --* The identifier (ID) of the cluster that contains the HSM. * **SubnetId** *(string) --* The subnet that contains the HSM's elastic network interface (ENI). * **EniId** *(string) --* The identifier (ID) of the HSM's elastic network interface (ENI). * **EniIp** *(string) --* The IP address of the HSM's elastic network interface (ENI). * **EniIpV6** *(string) --* The IPv6 address (if any) of the HSM's elastic network interface (ENI). * **HsmId** *(string) --* The HSM's identifier (ID). * **HsmType** *(string) --* The type of HSM. * **State** *(string) --* The HSM's state. * **StateMessage** *(string) --* A description of the HSM's state. **Exceptions** * "CloudHSMV2.Client.exceptions.CloudHsmInternalFailureException" * "CloudHSMV2.Client.exceptions.CloudHsmServiceException" * "CloudHSMV2.Client.exceptions.CloudHsmInvalidRequestException" * "CloudHSMV2.Client.exceptions.CloudHsmResourceNotFoundException" * "CloudHSMV2.Client.exceptions.CloudHsmAccessDeniedException" CloudHSMV2 / Client / describe_backups describe_backups **************** CloudHSMV2.Client.describe_backups(**kwargs) Gets information about backups of CloudHSM clusters. Lists either the backups you own or the backups shared with you when the Shared parameter is true. This is a paginated operation, which means that each response might contain only a subset of all the backups. When the response contains only a subset of backups, it includes a "NextToken" value. Use this value in a subsequent "DescribeBackups" request to get more backups. When you receive a response with no "NextToken" (or an empty or null value), that means there are no more backups to get. **Cross-account use:** Yes. Customers can describe backups in other Amazon Web Services accounts that are shared with them. See also: AWS API Documentation **Request Syntax** response = client.describe_backups( NextToken='string', MaxResults=123, Filters={ 'string': [ 'string', ] }, Shared=True|False, SortAscending=True|False ) Parameters: * **NextToken** (*string*) -- The "NextToken" value that you received in the previous response. Use this value to get more backups. * **MaxResults** (*integer*) -- The maximum number of backups to return in the response. When there are more backups than the number you specify, the response contains a "NextToken" value. * **Filters** (*dict*) -- One or more filters to limit the items returned in the response. Use the "backupIds" filter to return only the specified backups. Specify backups by their backup identifier (ID). Use the "sourceBackupIds" filter to return only the backups created from a source backup. The "sourceBackupID" of a source backup is returned by the CopyBackupToRegion operation. Use the "clusterIds" filter to return only the backups for the specified clusters. Specify clusters by their cluster identifier (ID). Use the "states" filter to return only backups that match the specified state. Use the "neverExpires" filter to return backups filtered by the value in the "neverExpires" parameter. "True" returns all backups exempt from the backup retention policy. "False" returns all backups with a backup retention policy defined at the cluster. * *(string) --* * *(list) --* * *(string) --* * **Shared** (*boolean*) -- Describe backups that are shared with you. Note: By default when using this option, the command returns backups that have been shared using a standard Resource Access Manager resource share. In order for a backup that was shared using the PutResourcePolicy command to be returned, the share must be promoted to a standard resource share using the RAM PromoteResourceShareCreatedFromPolicy API operation. For more information about sharing backups, see Working with shared backups in the CloudHSM User Guide. * **SortAscending** (*boolean*) -- Designates whether or not to sort the return backups by ascending chronological order of generation. Return type: dict Returns: **Response Syntax** { 'Backups': [ { 'BackupId': 'string', 'BackupArn': 'string', 'BackupState': 'CREATE_IN_PROGRESS'|'READY'|'DELETED'|'PENDING_DELETION', 'ClusterId': 'string', 'CreateTimestamp': datetime(2015, 1, 1), 'CopyTimestamp': datetime(2015, 1, 1), 'NeverExpires': True|False, 'SourceRegion': 'string', 'SourceBackup': 'string', 'SourceCluster': 'string', 'DeleteTimestamp': datetime(2015, 1, 1), 'TagList': [ { 'Key': 'string', 'Value': 'string' }, ], 'HsmType': 'string', 'Mode': 'FIPS'|'NON_FIPS' }, ], 'NextToken': 'string' } **Response Structure** * *(dict) --* * **Backups** *(list) --* A list of backups. * *(dict) --* Contains information about a backup of an CloudHSM cluster. All backup objects contain the "BackupId", "BackupState", "ClusterId", and "CreateTimestamp" parameters. Backups that were copied into a destination region additionally contain the "CopyTimestamp", "SourceBackup", "SourceCluster", and "SourceRegion" parameters. A backup that is pending deletion will include the "DeleteTimestamp" parameter. * **BackupId** *(string) --* The identifier (ID) of the backup. * **BackupArn** *(string) --* The Amazon Resource Name (ARN) of the backup. * **BackupState** *(string) --* The state of the backup. * **ClusterId** *(string) --* The identifier (ID) of the cluster that was backed up. * **CreateTimestamp** *(datetime) --* The date and time when the backup was created. * **CopyTimestamp** *(datetime) --* The date and time when the backup was copied from a source backup. * **NeverExpires** *(boolean) --* Specifies whether the service should exempt a backup from the retention policy for the cluster. "True" exempts a backup from the retention policy. "False" means the service applies the backup retention policy defined at the cluster. * **SourceRegion** *(string) --* The AWS Region that contains the source backup from which the new backup was copied. * **SourceBackup** *(string) --* The identifier (ID) of the source backup from which the new backup was copied. * **SourceCluster** *(string) --* The identifier (ID) of the cluster containing the source backup from which the new backup was copied. * **DeleteTimestamp** *(datetime) --* The date and time when the backup will be permanently deleted. * **TagList** *(list) --* The list of tags for the backup. * *(dict) --* Contains a tag. A tag is a key-value pair. * **Key** *(string) --* The key of the tag. * **Value** *(string) --* The value of the tag. * **HsmType** *(string) --* The HSM type used to create the backup. * **Mode** *(string) --* The mode of the cluster that was backed up. * **NextToken** *(string) --* An opaque string that indicates that the response contains only a subset of backups. Use this value in a subsequent "DescribeBackups" request to get more backups. **Exceptions** * "CloudHSMV2.Client.exceptions.CloudHsmAccessDeniedException" * "CloudHSMV2.Client.exceptions.CloudHsmInternalFailureException" * "CloudHSMV2.Client.exceptions.CloudHsmInvalidRequestException" * "CloudHSMV2.Client.exceptions.CloudHsmResourceNotFoundException" * "CloudHSMV2.Client.exceptions.CloudHsmServiceException" * "CloudHSMV2.Client.exceptions.CloudHsmTagException" CloudHSMV2 / Client / restore_backup restore_backup ************** CloudHSMV2.Client.restore_backup(**kwargs) Restores a specified CloudHSM backup that is in the "PENDING_DELETION" state. For more information on deleting a backup, see DeleteBackup. **Cross-account use:** No. You cannot perform this operation on an CloudHSM backup in a different Amazon Web Services account. See also: AWS API Documentation **Request Syntax** response = client.restore_backup( BackupId='string' ) Parameters: **BackupId** (*string*) -- **[REQUIRED]** The ID of the backup to be restored. To find the ID of a backup, use the DescribeBackups operation. Return type: dict Returns: **Response Syntax** { 'Backup': { 'BackupId': 'string', 'BackupArn': 'string', 'BackupState': 'CREATE_IN_PROGRESS'|'READY'|'DELETED'|'PENDING_DELETION', 'ClusterId': 'string', 'CreateTimestamp': datetime(2015, 1, 1), 'CopyTimestamp': datetime(2015, 1, 1), 'NeverExpires': True|False, 'SourceRegion': 'string', 'SourceBackup': 'string', 'SourceCluster': 'string', 'DeleteTimestamp': datetime(2015, 1, 1), 'TagList': [ { 'Key': 'string', 'Value': 'string' }, ], 'HsmType': 'string', 'Mode': 'FIPS'|'NON_FIPS' } } **Response Structure** * *(dict) --* * **Backup** *(dict) --* Information on the "Backup" object created. * **BackupId** *(string) --* The identifier (ID) of the backup. * **BackupArn** *(string) --* The Amazon Resource Name (ARN) of the backup. * **BackupState** *(string) --* The state of the backup. * **ClusterId** *(string) --* The identifier (ID) of the cluster that was backed up. * **CreateTimestamp** *(datetime) --* The date and time when the backup was created. * **CopyTimestamp** *(datetime) --* The date and time when the backup was copied from a source backup. * **NeverExpires** *(boolean) --* Specifies whether the service should exempt a backup from the retention policy for the cluster. "True" exempts a backup from the retention policy. "False" means the service applies the backup retention policy defined at the cluster. * **SourceRegion** *(string) --* The AWS Region that contains the source backup from which the new backup was copied. * **SourceBackup** *(string) --* The identifier (ID) of the source backup from which the new backup was copied. * **SourceCluster** *(string) --* The identifier (ID) of the cluster containing the source backup from which the new backup was copied. * **DeleteTimestamp** *(datetime) --* The date and time when the backup will be permanently deleted. * **TagList** *(list) --* The list of tags for the backup. * *(dict) --* Contains a tag. A tag is a key-value pair. * **Key** *(string) --* The key of the tag. * **Value** *(string) --* The value of the tag. * **HsmType** *(string) --* The HSM type used to create the backup. * **Mode** *(string) --* The mode of the cluster that was backed up. **Exceptions** * "CloudHSMV2.Client.exceptions.CloudHsmAccessDeniedException" * "CloudHSMV2.Client.exceptions.CloudHsmInternalFailureException" * "CloudHSMV2.Client.exceptions.CloudHsmInvalidRequestException" * "CloudHSMV2.Client.exceptions.CloudHsmResourceNotFoundException" * "CloudHSMV2.Client.exceptions.CloudHsmServiceException" CloudHSMV2 / Client / tag_resource tag_resource ************ CloudHSMV2.Client.tag_resource(**kwargs) Adds or overwrites one or more tags for the specified CloudHSM cluster. **Cross-account use:** No. You cannot perform this operation on an CloudHSM resource in a different Amazon Web Services account. See also: AWS API Documentation **Request Syntax** response = client.tag_resource( ResourceId='string', TagList=[ { 'Key': 'string', 'Value': 'string' }, ] ) Parameters: * **ResourceId** (*string*) -- **[REQUIRED]** The cluster identifier (ID) for the cluster that you are tagging. To find the cluster ID, use DescribeClusters. * **TagList** (*list*) -- **[REQUIRED]** A list of one or more tags. * *(dict) --* Contains a tag. A tag is a key-value pair. * **Key** *(string) --* **[REQUIRED]** The key of the tag. * **Value** *(string) --* **[REQUIRED]** The value of the tag. Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "CloudHSMV2.Client.exceptions.CloudHsmAccessDeniedException" * "CloudHSMV2.Client.exceptions.CloudHsmInternalFailureException" * "CloudHSMV2.Client.exceptions.CloudHsmInvalidRequestException" * "CloudHSMV2.Client.exceptions.CloudHsmResourceLimitExceededExcep tion" * "CloudHSMV2.Client.exceptions.CloudHsmResourceNotFoundException" * "CloudHSMV2.Client.exceptions.CloudHsmServiceException" * "CloudHSMV2.Client.exceptions.CloudHsmTagException" CloudHSMV2 / Client / describe_clusters describe_clusters ***************** CloudHSMV2.Client.describe_clusters(**kwargs) Gets information about CloudHSM clusters. This is a paginated operation, which means that each response might contain only a subset of all the clusters. When the response contains only a subset of clusters, it includes a "NextToken" value. Use this value in a subsequent "DescribeClusters" request to get more clusters. When you receive a response with no "NextToken" (or an empty or null value), that means there are no more clusters to get. **Cross-account use:** No. You cannot perform this operation on CloudHSM clusters in a different Amazon Web Services account. See also: AWS API Documentation **Request Syntax** response = client.describe_clusters( Filters={ 'string': [ 'string', ] }, NextToken='string', MaxResults=123 ) Parameters: * **Filters** (*dict*) -- One or more filters to limit the items returned in the response. Use the "clusterIds" filter to return only the specified clusters. Specify clusters by their cluster identifier (ID). Use the "vpcIds" filter to return only the clusters in the specified virtual private clouds (VPCs). Specify VPCs by their VPC identifier (ID). Use the "states" filter to return only clusters that match the specified state. * *(string) --* * *(list) --* * *(string) --* * **NextToken** (*string*) -- The "NextToken" value that you received in the previous response. Use this value to get more clusters. * **MaxResults** (*integer*) -- The maximum number of clusters to return in the response. When there are more clusters than the number you specify, the response contains a "NextToken" value. Return type: dict Returns: **Response Syntax** { 'Clusters': [ { 'BackupPolicy': 'DEFAULT', 'BackupRetentionPolicy': { 'Type': 'DAYS', 'Value': 'string' }, 'ClusterId': 'string', 'CreateTimestamp': datetime(2015, 1, 1), 'Hsms': [ { 'AvailabilityZone': 'string', 'ClusterId': 'string', 'SubnetId': 'string', 'EniId': 'string', 'EniIp': 'string', 'EniIpV6': 'string', 'HsmId': 'string', 'HsmType': 'string', 'State': 'CREATE_IN_PROGRESS'|'ACTIVE'|'DEGRADED'|'DELETE_IN_PROGRESS'|'DELETED', 'StateMessage': 'string' }, ], 'HsmType': 'string', 'HsmTypeRollbackExpiration': datetime(2015, 1, 1), 'PreCoPassword': 'string', 'SecurityGroup': 'string', 'SourceBackupId': 'string', 'State': 'CREATE_IN_PROGRESS'|'UNINITIALIZED'|'INITIALIZE_IN_PROGRESS'|'INITIALIZED'|'ACTIVE'|'UPDATE_IN_PROGRESS'|'MODIFY_IN_PROGRESS'|'ROLLBACK_IN_PROGRESS'|'DELETE_IN_PROGRESS'|'DELETED'|'DEGRADED', 'StateMessage': 'string', 'SubnetMapping': { 'string': 'string' }, 'VpcId': 'string', 'NetworkType': 'IPV4'|'DUALSTACK', 'Certificates': { 'ClusterCsr': 'string', 'HsmCertificate': 'string', 'AwsHardwareCertificate': 'string', 'ManufacturerHardwareCertificate': 'string', 'ClusterCertificate': 'string' }, 'TagList': [ { 'Key': 'string', 'Value': 'string' }, ], 'Mode': 'FIPS'|'NON_FIPS' }, ], 'NextToken': 'string' } **Response Structure** * *(dict) --* * **Clusters** *(list) --* A list of clusters. * *(dict) --* Contains information about an CloudHSM cluster. * **BackupPolicy** *(string) --* The cluster's backup policy. * **BackupRetentionPolicy** *(dict) --* A policy that defines how the service retains backups. * **Type** *(string) --* The type of backup retention policy. For the "DAYS" type, the value is the number of days to retain backups. * **Value** *(string) --* Use a value between 7 - 379. * **ClusterId** *(string) --* The cluster's identifier (ID). * **CreateTimestamp** *(datetime) --* The date and time when the cluster was created. * **Hsms** *(list) --* Contains information about the HSMs in the cluster. * *(dict) --* Contains information about a hardware security module (HSM) in an CloudHSM cluster. * **AvailabilityZone** *(string) --* The Availability Zone that contains the HSM. * **ClusterId** *(string) --* The identifier (ID) of the cluster that contains the HSM. * **SubnetId** *(string) --* The subnet that contains the HSM's elastic network interface (ENI). * **EniId** *(string) --* The identifier (ID) of the HSM's elastic network interface (ENI). * **EniIp** *(string) --* The IP address of the HSM's elastic network interface (ENI). * **EniIpV6** *(string) --* The IPv6 address (if any) of the HSM's elastic network interface (ENI). * **HsmId** *(string) --* The HSM's identifier (ID). * **HsmType** *(string) --* The type of HSM. * **State** *(string) --* The HSM's state. * **StateMessage** *(string) --* A description of the HSM's state. * **HsmType** *(string) --* The type of HSM that the cluster contains. * **HsmTypeRollbackExpiration** *(datetime) --* The timestamp until when the cluster can be rolled back to its original HSM type. * **PreCoPassword** *(string) --* The default password for the cluster's Pre-Crypto Officer (PRECO) user. * **SecurityGroup** *(string) --* The identifier (ID) of the cluster's security group. * **SourceBackupId** *(string) --* The identifier (ID) of the backup used to create the cluster. This value exists only when the cluster was created from a backup. * **State** *(string) --* The cluster's state. * **StateMessage** *(string) --* A description of the cluster's state. * **SubnetMapping** *(dict) --* A map from availability zone to the cluster’s subnet in that availability zone. * *(string) --* * *(string) --* * **VpcId** *(string) --* The identifier (ID) of the virtual private cloud (VPC) that contains the cluster. * **NetworkType** *(string) --* The cluster's NetworkType can be IPv4 (the default) or DUALSTACK. The IPv4 NetworkType restricts communication between your application and the hardware security modules (HSMs) to the IPv4 protocol only. The DUALSTACK NetworkType enables communication over both IPv4 and IPv6 protocols. To use DUALSTACK, configure your virtual private cloud (VPC) and subnets to support both IPv4 and IPv6. This configuration involves adding IPv6 Classless Inter-Domain Routing (CIDR) blocks to the existing IPv4 CIDR blocks in your subnets. The NetworkType you choose affects the network addressing options for your cluster. DUALSTACK provides more flexibility by supporting both IPv4 and IPv6 communication. * **Certificates** *(dict) --* Contains one or more certificates or a certificate signing request (CSR). * **ClusterCsr** *(string) --* The cluster's certificate signing request (CSR). The CSR exists only when the cluster's state is "UNINITIALIZED". * **HsmCertificate** *(string) --* The HSM certificate issued (signed) by the HSM hardware. * **AwsHardwareCertificate** *(string) --* The HSM hardware certificate issued (signed) by CloudHSM. * **ManufacturerHardwareCertificate** *(string) --* The HSM hardware certificate issued (signed) by the hardware manufacturer. * **ClusterCertificate** *(string) --* The cluster certificate issued (signed) by the issuing certificate authority (CA) of the cluster's owner. * **TagList** *(list) --* The list of tags for the cluster. * *(dict) --* Contains a tag. A tag is a key-value pair. * **Key** *(string) --* The key of the tag. * **Value** *(string) --* The value of the tag. * **Mode** *(string) --* The mode of the cluster. * **NextToken** *(string) --* An opaque string that indicates that the response contains only a subset of clusters. Use this value in a subsequent "DescribeClusters" request to get more clusters. **Exceptions** * "CloudHSMV2.Client.exceptions.CloudHsmAccessDeniedException" * "CloudHSMV2.Client.exceptions.CloudHsmInternalFailureException" * "CloudHSMV2.Client.exceptions.CloudHsmInvalidRequestException" * "CloudHSMV2.Client.exceptions.CloudHsmServiceException" * "CloudHSMV2.Client.exceptions.CloudHsmTagException" CloudHSMV2 / Client / delete_resource_policy delete_resource_policy ********************** CloudHSMV2.Client.delete_resource_policy(**kwargs) Deletes an CloudHSM resource policy. Deleting a resource policy will result in the resource being unshared and removed from any RAM resource shares. Deleting the resource policy attached to a backup will not impact any clusters created from that backup. **Cross-account use:** No. You cannot perform this operation on an CloudHSM resource in a different Amazon Web Services account. See also: AWS API Documentation **Request Syntax** response = client.delete_resource_policy( ResourceArn='string' ) Parameters: **ResourceArn** (*string*) -- Amazon Resource Name (ARN) of the resource from which the policy will be removed. Return type: dict Returns: **Response Syntax** { 'ResourceArn': 'string', 'Policy': 'string' } **Response Structure** * *(dict) --* * **ResourceArn** *(string) --* Amazon Resource Name (ARN) of the resource from which the policy was deleted. * **Policy** *(string) --* The policy previously attached to the resource. **Exceptions** * "CloudHSMV2.Client.exceptions.CloudHsmInternalFailureException" * "CloudHSMV2.Client.exceptions.CloudHsmServiceException" * "CloudHSMV2.Client.exceptions.CloudHsmInvalidRequestException" * "CloudHSMV2.Client.exceptions.CloudHsmResourceNotFoundException" * "CloudHSMV2.Client.exceptions.CloudHsmAccessDeniedException"