ENTERPRISE This is an EJBCA Enterprise feature.
AWS Cloud HSM is a cloud-based HSM service in the Amazon Web Services. The CloudHSM uses FIPS 140-2 Level 3 certified Cavium/Marvell HSMs in the backend and is accessible using the PKCS#11 API. Custom modules are needed for full EJBCA support of the CloudHSM, and this is supported in the EJBCA Cloud.
For step-by-step instructions on how to integrate EJBCA Enterprise Cloud with AWS CloudHSM, see the AWS CloudHSM Integration Guide.
Using PKCS#11 NG in EJBCA 7.5.0 and later has good support for AWS CloudHSM, including key generation in the Admin UI.
Using the Java PKCS#11 provider (called PKCS#11 in the EJBCA Admin UI) there are limitations when using AWS CloudHSM due to the PKCS#11 integration between the currently used Java PKCS#11 Provider and the Liquidsec PKCS#11 driver. Using Java PKCS#11/PKCS#11 Crypto Token is not recommended.