You retain full control of the keys and the cryptographic operations performed by the HSM(s) you create, including exclusive, single-tenant access to each one. Your cryptographic keys are protected by a tamper-resistant HSM that is designed to meet a number of international and US Government standards including NIST FIPS 140-2 and Common Criteria EAL4+.”
Users who sign up for the service will be provided with administrator credentials, allowing them to create user accounts, create and manage encryption keys, and perform other cryptographic-related tasks using their accounts.
It can be accessed via a number of standard APIs once provisioned, including Microsoft Cryptography API (CAPI), PCKS #11 (Cryptographic Token Interface Standard) and Java JCA/JCE (Java Cryptography Architecture / Java Cryptography Extensions).
Even so, it’s certainly not the cheapest solution around, with AWS demanding a cool $5,000 to provision a single CloudHSM, on top of the $1.88 hourly fee it charges (about $1,373 per month, on average).