Struct: kms.CloudHsmClusterInvalidConfigurationException
Overview
The request was rejected because the associated CloudHSM cluster did not meet the configuration requirements for an CloudHSM key store.
-
The CloudHSM cluster must be configured with private subnets in at least two different Availability Zones in the Region.
-
The security group for the cluster (docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html) (cloudhsm-cluster-<cluster-id>-sg) must include inbound rules and outbound rules that allow TCP traffic on ports 2223-2225. The Source in the inbound rules and the Destination in the outbound rules must match the security group ID. These rules are set by default when you create the CloudHSM cluster. Do not delete or change them. To get information about a particular security group, use the DescribeSecurityGroups (docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html) operation.
-
The CloudHSM cluster must contain at least as many HSMs as the operation requires. To add HSMs, use the CloudHSM CreateHsm (docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) operation. For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKey operations, the CloudHSM cluster must have at least two active HSMs, each in a different Availability Zone. For the ConnectCustomKeyStore operation, the CloudHSM must contain at least one active HSM.
For information about the requirements for an CloudHSM cluster that is associated with an CloudHSM key store, see Assemble the Prerequisites (docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) in the Key Management Service Developer Guide. For information about creating a private subnet for an CloudHSM cluster, see Create a Private Subnet (docs.aws.amazon.com/cloudhsm/latest/userguide/create-subnets.html) in the CloudHSM User Guide. For information about cluster security groups, see Configure a Default Security Group (docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html) in the CloudHSM User Guide .
Implemented Interfaces
s3crypto.Cipher, awserr.Error, s3manager.ReadSeekerWriteTo, awserr.RequestFailure, s3manager.WriterReadFrom
Structure Field Summary collapse
Service Operations collapse
-
Code() string
operation
Code returns the exception type name.
- Error() string operation
-
GoString() string
operation
GoString returns the string representation.
-
Message() string
operation
Message returns the exception's message.
-
OrigErr() error
operation
OrigErr always returns nil, satisfies awserr.Error interface.
-
RequestID() string
operation
RequestID returns the service's response RequestID for request.
-
StatusCode() int
operation
Status code returns the HTTP status code for the request's response error.
-
String() string
operation
String returns the string representation.
Structure Field Details
Message_ *string
`locationName:"message" type:"string"`
RespMetadata protocol.ResponseMetadata
`json:"-" xml:"-"`
_ struct{}
`type:"structure"`
Method Details
func (s *CloudHsmClusterInvalidConfigurationException) Code() string
Code returns the exception type name.
8265 8266 8267 |
// File 'service/kms/api.go', line 8265
|
func (s *CloudHsmClusterInvalidConfigurationException) Error() string
8282 8283 8284 |
// File 'service/kms/api.go', line 8282
|
func (s CloudHsmClusterInvalidConfigurationException) GoString() string
GoString returns the string representation.
API parameter values that are decorated as “sensitive” in the API will not be included in the string output. The member name will be present, but the value will be replaced with “sensitive”.
8254 8255 8256 |
// File 'service/kms/api.go', line 8254
|
func (s *CloudHsmClusterInvalidConfigurationException) Message() string
Message returns the exception's message.
8270 8271 8272 8273 8274 8275 |
// File 'service/kms/api.go', line 8270
|
func (s *CloudHsmClusterInvalidConfigurationException) OrigErr() error
OrigErr always returns nil, satisfies awserr.Error interface.
8278 8279 8280 |
// File 'service/kms/api.go', line 8278
|
func (s *CloudHsmClusterInvalidConfigurationException) RequestID() string
RequestID returns the service's response RequestID for request.
8292 8293 8294 |
// File 'service/kms/api.go', line 8292
|
func (s *CloudHsmClusterInvalidConfigurationException) StatusCode() int
Status code returns the HTTP status code for the request's response error.
8287 8288 8289 |
// File 'service/kms/api.go', line 8287
|
func (s CloudHsmClusterInvalidConfigurationException) String() string
String returns the string representation.
API parameter values that are decorated as “sensitive” in the API will not be included in the string output. The member name will be present, but the value will be replaced with “sensitive”.
8245 8246 8247 |
// File 'service/kms/api.go', line 8245
|