This article provides a comprehensive guide on cloning AWS CloudHSM clusters across Regions for disaster recovery and redundancy using the CopyBackupToRegion feature.

• Clone clusters in two steps: copy backup to destination Region, then create new cluster
• Synchronize keys including non-exportable keys across Regions automatically
• Use Client SDK 5 (version 5.17+); Client SDK 3 tools no longer supported as of January 2025
• Requires VPCs with public/private subnets in both Regions and cross-Region VPC peering
• Manually maintain user and key synchronization after initial backup creation
• Copy cluster certificates between Regions for encrypted client-HSM connections
• Configure security groups to allow traffic on port 2225 between clusters
• Use cloudhsm-cli commands to replicate keys between source and destination clusters
• Backups stored in AWS-managed S3 buckets with 99.999999999% durability
• Cannot copy backups across partitions like GovCloud or China Regions

This guide enables enterprises to establish fault-tolerant CloudHSM environments with synchronized cryptographic keys across Regions, improving disaster recovery and business continuity.