Describe an AWS CloudHSM error using KMU
Use the Error2String helper command in the AWS CloudHSM key_mgmt_util to return the error that corresponds to a key_mgmt_util hexadecimal error code. You can use this command when troubleshooting your commands and scripts.
Before you run any key_mgmt_util command, you must start key_mgmt_util and log in to the HSM as a crypto user (CU).
Syntax
Error2String -h Error2String -r<response-code>
Examples
These examples show how to use Error2String to get the error string for a key_mgmt_util error code.
Example : Get an error description
This command gets the error description for the 0xdb error code. The
        description explains that an attempt to log in to key_mgmt_util failed because the user has the
        wrong user type. Only crypto users (CU) can log in to key_mgmt_util.
Command:Error2String -r 0xdbError Code db maps to HSM Error: Invalid User Type.
Example : Find the error code
This example shows where to find the error code in a key_mgmt_util error. The error code,
        0xc6, appears after the string:
        Cfm3.<command-name> returned: 
In this example, getKeyInfo indicates
        that the current user (user 4) can use the key in cryptographic operations. Nevertheless,
        when the user tries to use deleteKey to
        delete the key, the command returns error code 0xc6. 
Command:deleteKey -k 262162Cfm3DeleteKey returned:<0xc6>: HSM Error: Key Access is denied Cluster Error StatusCommand:getKeyInfo -k 262162Cfm3GetKey returned: 0x00 : HSM Return: SUCCESS Owned by user 3 also, shared to following 1 user(s): 4
If the 0xc6 error is reported to you, you can use an
        Error2String command like this one to look up the error. In this case,
        the deleteKey command failed with an access denied error because the key is
        shared with the current user but owned by a different user. Only key owners have permission
        to delete a key.
Command:Error2String -r 0xa8Error Code c6 maps to HSM Error: Key Access is denied
Parameters
- -h
- 
      Displays help for the command. Required: Yes 
- -r
- 
          Specifies a hexadecimal error code. The 0xhexadecimal indicator is required.Required: Yes