Wondering how to stop using the CloudHSM classic services? We can help you.
Here, at Bobcares, we assist our customers with several AWS queries as part of our AWS Support Services.
Today, let us see how we can stop using CloudHSM Classic and confirm that we are not billed for further usage.
Stop using the CloudHSM classic services
Recently we had a customer who didn’t want to use AWS CloudHSM Classic anymore.
We can also decide not to use it after the trial period expires.
Our Support Techs recommend the steps below to stop using it and avoid unnecessary charges:
- Delete logs on the HSM appliance.
- Zeroize the HSM appliance.
- De-provision the HSM appliance.
Now, let us see how our Support Techs perform each of these in detail.
Delete the logs on the HSM appliance
1. Initially, from the Luna shell, we rotate all logs. To do so, we run:
lunash:> syslog rotate
2. Then to delete all logs we run:
lunash:> syslog cleanup
However, make note that deleting the AWS CloudFormation stack does not delete the CloudHSM Classic device.
Until and unless the CloudHSM Classic device is no longer in the account, do not delete the elastic network interface for the CloudHSM Classic device.
In addition, to avoid errors while running AWS CLI commands, we make sure to use the most recent AWS CLI version.
Zeroize the HSM appliance
1. To perform this, we need to log in to the control (client) instance.
2. Then, we can connect to the HSM appliance over SSH. For that, we run:
$ ssh -i private_key_file [email protected]_ip_address
Here the private_key_file is the HSM’s private key file and hsm_ip_address is the IP address of the HSM appliance.
3. After that, we run the following command:
lunash:> hsm login
4. Intentionally we can enter an incorrect administrator password three times in a row.
An attempt to log in with the wrong password eventually zeroizes the HSM appliance.
De-provision the HSM appliance
For this step, we use the delete-hsm command or the DeleteHsm AWS CloudHSM API command.
We can run the DescribeHsm API call command to confirm that the device successfully de-provisions.
Then we verify that the device is in the TERMINATED state.
Any other state indicates that the HSM appliance failed to zeroize before it was de-provisioned, and the billing will continue.
[Finding it difficult? We are here to assist you]
In short, we saw how our Support Techs clear the CloudHSM query for our customers.