Note

You are viewing the documentation for an older version of boto (boto2).

Boto3, the next version of Boto, is now stable and recommended for general use. It can be used side-by-side with Boto in the same project, so it is easy to start using Boto3 in your existing projects as well as new projects. Going forward, API updates and all new feature work will be focused on Boto3.

For more information, see the documentation for boto3.

CloudHSM

boto.cloudhsm

boto.cloudhsm.connect_to_region(region_name, **kw_params)
boto.cloudhsm.regions()

Get all available regions for the AWS CloudHSM service.

Return type:list
Returns:A list of boto.regioninfo.RegionInfo

boto.cloudhsm.layer1

class boto.cloudhsm.layer1.CloudHSMConnection(**kwargs)

AWS CloudHSM Service

APIVersion = '2014-05-30'
DefaultRegionEndpoint = 'cloudhsm.us-east-1.amazonaws.com'
DefaultRegionName = 'us-east-1'
ResponseError

alias of JSONResponseError

ServiceName = 'CloudHSM'
TargetPrefix = 'CloudHsmFrontendService'
create_hapg(label)

Creates a high-availability partition group. A high- availability partition group is a group of partitions that spans multiple physical HSMs.

Parameters:label (string) – The label of the new high-availability partition group.
create_hsm(subnet_id, ssh_key, iam_role_arn, subscription_type, eni_ip=None, external_id=None, client_token=None, syslog_ip=None)

Creates an uninitialized HSM instance. Running this command provisions an HSM appliance and will result in charges to your AWS account for the HSM.

Parameters:
  • subnet_id (string) – The identifier of the subnet in your VPC in which to place the HSM.
  • ssh_key (string) – The SSH public key to install on the HSM.
  • eni_ip (string) – The IP address to assign to the HSM’s ENI.
  • iam_role_arn (string) – The ARN of an IAM role to enable the AWS CloudHSM service to allocate an ENI on your behalf.
  • external_id (string) – The external ID from IamRoleArn, if present.
  • subscription_type (string) – The subscription type.
  • client_token (string) – A user-defined token to ensure idempotence. Subsequent calls to this action with the same token will be ignored.
  • syslog_ip (string) – The IP address for the syslog monitoring server.
create_luna_client(certificate, label=None)

Creates an HSM client.

Parameters:
  • label (string) – The label for the client.
  • certificate (string) – The contents of a Base64-Encoded X.509 v3 certificate to be installed on the HSMs used by this client.
delete_hapg(hapg_arn)

Deletes a high-availability partition group.

Parameters:hapg_arn (string) – The ARN of the high-availability partition group to delete.
delete_hsm(hsm_arn)

Deletes an HSM. Once complete, this operation cannot be undone and your key material cannot be recovered.

Parameters:hsm_arn (string) – The ARN of the HSM to delete.
delete_luna_client(client_arn)

Deletes a client.

Parameters:client_arn (string) – The ARN of the client to delete.
describe_hapg(hapg_arn)

Retrieves information about a high-availability partition group.

Parameters:hapg_arn (string) – The ARN of the high-availability partition group to describe.
describe_hsm(hsm_arn=None, hsm_serial_number=None)

Retrieves information about an HSM. You can identify the HSM by its ARN or its serial number.

Parameters:
  • hsm_arn (string) – The ARN of the HSM. Either the HsmArn or the SerialNumber parameter must be specified.
  • hsm_serial_number (string) – The serial number of the HSM. Either the HsmArn or the HsmSerialNumber parameter must be specified.
describe_luna_client(client_arn=None, certificate_fingerprint=None)

Retrieves information about an HSM client.

Parameters:
  • client_arn (string) – The ARN of the client.
  • certificate_fingerprint (string) – The certificate fingerprint.
get_config(client_arn, client_version, hapg_list)

Gets the configuration files necessary to connect to all high availability partition groups the client is associated with.

Parameters:
  • client_arn (string) – The ARN of the client.
  • client_version (string) – The client version.
  • hapg_list (list) – A list of ARNs that identify the high-availability partition groups that are associated with the client.
list_available_zones()

Lists the Availability Zones that have available AWS CloudHSM capacity.

list_hapgs(next_token=None)

Lists the high-availability partition groups for the account.

This operation supports pagination with the use of the NextToken member. If more results are available, the NextToken member of the response contains a token that you pass in the next call to ListHapgs to retrieve the next set of items.

Parameters:next_token (string) – The NextToken value from a previous call to ListHapgs. Pass null if this is the first call.
list_hsms(next_token=None)

Retrieves the identifiers of all of the HSMs provisioned for the current customer.

This operation supports pagination with the use of the NextToken member. If more results are available, the NextToken member of the response contains a token that you pass in the next call to ListHsms to retrieve the next set of items.

Parameters:next_token (string) – The NextToken value from a previous call to ListHsms. Pass null if this is the first call.
list_luna_clients(next_token=None)

Lists all of the clients.

This operation supports pagination with the use of the NextToken member. If more results are available, the NextToken member of the response contains a token that you pass in the next call to ListLunaClients to retrieve the next set of items.

Parameters:next_token (string) – The NextToken value from a previous call to ListLunaClients. Pass null if this is the first call.
make_request(action, body)
modify_hapg(hapg_arn, label=None, partition_serial_list=None)

Modifies an existing high-availability partition group.

Parameters:
  • hapg_arn (string) – The ARN of the high-availability partition group to modify.
  • label (string) – The new label for the high-availability partition group.
  • partition_serial_list (list) – The list of partition serial numbers to make members of the high-availability partition group.
modify_hsm(hsm_arn, subnet_id=None, eni_ip=None, iam_role_arn=None, external_id=None, syslog_ip=None)

Modifies an HSM.

Parameters:
  • hsm_arn (string) – The ARN of the HSM to modify.
  • subnet_id (string) – The new identifier of the subnet that the HSM is in.
  • eni_ip (string) – The new IP address for the elastic network interface attached to the HSM.
  • iam_role_arn (string) – The new IAM role ARN.
  • external_id (string) – The new external ID.
  • syslog_ip (string) – The new IP address for the syslog monitoring server.
modify_luna_client(client_arn, certificate)

Modifies the certificate used by the client.

This action can potentially start a workflow to install the new certificate on the client’s HSMs.

Parameters:
  • client_arn (string) – The ARN of the client.
  • certificate (string) – The new certificate for the client.

boto.cloudhsm.exceptions

exception boto.cloudhsm.exceptions.CloudHsmInternalException(status, reason, body=None, *args)
exception boto.cloudhsm.exceptions.CloudHsmServiceException(status, reason, body=None, *args)
exception boto.cloudhsm.exceptions.InvalidRequestException(status, reason, body=None, *args)