Your application hosted on AWS makes use of CloudHSM for getting SSL certificates.
These certificates are installed on EC2 Instances behind an Autoscaling Group.
How can you ensure that the CloudHSM modules are scaled along with the EC2 Instances for ensuring on-time delivery of the SSL certificates?
Click on the arrows to vote for the correct answer
A. B. C. D.Answer - B.
The AWS Documentation mentions the following.
AWS CloudHSM provides hardware security modules (HSMs) in a cluster.
A cluster is a collection of individual HSMs that AWS CloudHSM keeps in sync.
You can think of a cluster as one logical HSM.
When you perform a task or operation on one HSM in a cluster, the other HSMs in that cluster are automatically kept up to date.
You can create a cluster that has from 1 to 28 HSMs (the default limit is 6 HSMs per AWS account per AWS Region)
You can place the HSMs in different Availability Zones in an AWS Region.
Adding more HSMs to a cluster provides higher performance.
Spreading clusters across Availability Zones provides redundancy and high availability.
Options A, C and D are incorrect since the Load balancing capability already comes along with the cluster.
For more information on clusters in CloudHSM, please refer to the below URL.
https://docs.aws.amazon.com/cloudhsm/latest/userguide/clusters.htmlTo ensure that CloudHSM modules are scaled along with EC2 Instances, we need to understand the architecture of CloudHSM and EC2 Autoscaling Group.
Amazon CloudHSM is a hardware security module that provides secure key storage and cryptographic operations within the AWS Cloud environment. CloudHSM allows customers to generate, store, and use their own encryption keys in a way that meets regulatory compliance requirements for cryptographic keys.
EC2 Autoscaling Group allows customers to automatically launch or terminate Amazon Elastic Compute Cloud (Amazon EC2) instances in response to changing application demand.
Now, let's review each option:
A. Create a Network Load balancer and place the CloudHSM device behind it.
This option is not relevant for our requirement because it only focuses on the load balancer and does not address the scaling of CloudHSM modules.
B. Just specify the number of HSM modules in the cluster.
This option can be used to specify the number of HSM modules in the cluster. However, it does not address the scaling of CloudHSM modules with EC2 Instances.
C. Create an Application Load balancer and place the CloudHSM device behind it.
This option is also not relevant for our requirement because it only focuses on the load balancer and does not address the scaling of CloudHSM modules.
D. Create another Autoscaling Group for the CloudHSM modules.
This option is the correct one because we need to ensure that the CloudHSM modules are scaled along with EC2 Instances. We can create another Autoscaling Group for CloudHSM modules, which will launch or terminate CloudHSM instances based on the demand of SSL certificates.
By creating a separate Autoscaling Group for CloudHSM modules, we can ensure that there are always enough CloudHSM modules available to deliver SSL certificates on time.
Therefore, the correct answer is D. Create another Autoscaling Group for the CloudHSM modules.