Overview:
AWS CloudHSM has introduced a new instance type, hsm2m.medium, which is intended to provide enhanced security compliance aligned with FIPS 140-3 standards. However, organizations using this instance type are reporting significant increases in authentication latency, particularly during periods of high concurrency when multiple clients authenticate simultaneously.
Update:
In December 2025, AWS deployed firmware fixes addressing these known issues with hsm2m.medium instance type, including login latency and findkey performance degradation.
Customer creating new hsm2m.medium clusters on or after December 20, 2025 will automatically benefit from these improvements. However, customers who created their hsm2m.medium clusters before December 20, 2025 must reset their CloudHSM user passwords for the performance improvements to take effect. For more details, please refer to the AWS Known Issues.
We have tested hsm2m.medium with the updated firmware, we were unable to reproduce the previously observed latency issues, including those under concurrent client access scenarios.
Additional Details:
AWS CloudHSM’s hsm2m.medium instance type initially introduced increased latency during authentication requests, particularly when multiple clients attempted to authenticate concurrently. These behaviors were documented by AWS on their known issues page.
AWS has since released firmware updates to address these issues. Customers with existing hsm2m.medium clusters created prior to December 20, 2025 must reset their CloudHSM user passwords to activate the improvements. In our testing following the firmware update, we were unable to reproduce the latency behavior previously observed.