Refer to the following guide to learn how to use IAM in the cloud\
<https://scribehow.com/shared/Creating_an_IAM_User_and_User_Group_in_AWS_Management_Console__hWNiiXlcRJKFqYZZEJD-cg>

Sign in to **AWS Management Console** as an **IAM User**

**Pre-requisite** - Ensure you have selected the AWS region closest to your location\
For this guide, we will be using us-east-2 (Ohio) as a preferred choice

Type **CloudHSM** in the search bar and click on **CloudHSM** to view the CloudHSM page

**What is CloudHSM in AWS?**

AWS CloudHSM (Hardware Security Module) is a cloud-based service that provides secure cryptographic key storage and operations using dedicated Hardware Security Modules (HSMs). These HSMs are physical devices that are tamper-resistant and specifically designed to securely store cryptographic keys and perform cryptographic operations.

On the AWS CloudHSM page, click on the **Create cluster** button on right side

**What is an Cluster?**

In AWS CloudHSM, a cluster refers to a group of one or more Hardware Security Modules (HSMs) working together within a single logical unit. When you create a CloudHSM cluster, you are essentially setting up a dedicated environment for cryptographic key storage and operations.

**Cluster configuration** wizard will open, select the VPC for CloudHSM cluster

Scroll to the **Availability Zone** section, to select the subnets in the regions

Scroll to the **Cluster source** section and select the option **Create a new cluster** and click on **Next** button to create a new cluster

You can also create a CloudHSM cluster from the Key Management Service

Type **Key Management Service** in the search bar and click on **Key Management Service** to view the Key Management Service page

**What is a Key Management Service in AWS?**

Key Management Service (KMS) in AWS is a managed service that enables you to create and control the encryption keys used to encrypt your data. It provides a centralized key management system that simplifies the process of creating, rotating, and managing encryption keys for AWS services and your own applications.

On the **Key Management Service** dashboard, click on the **AWS CloudHSM key stores** from the left bar

**What are AWS CloudHSM key stores?**

AWS CloudHSM key stores refer to the secure storage locations within the AWS CloudHSM service where cryptographic keys are stored and managed. These key stores are essentially partitions within the HSM hardware where keys are securely stored and operations related to those keys are performed.

**AWS CloudHSM key stores** wizard will open, click on the **AWS CloudHSM** link 

Congratulations on completing the lab and getting started with AWS CloudHSM! Well done!

Amazon Web Services

This guide provides a step-by-step tutorial on how to get started with AWS CloudHSM.

Getting Started with AWS CloudHSM