In the context of AWS Cloud Hardware Security Module(HSM), does your application need to reside in the same VPC as the CloudHSM instance?
No, but the server or instance on which your application and the HSM client is running must have network (IP) reachability to the HSM.
Yes, always
No, but they must reside in the same Availability Zone.
No, but it should reside in same Availability Zone as the DB instance.
Explanations:
The application does not need to be in the same VPC as the CloudHSM instance, but the server or instance where it runs must have network (IP) connectivity to the HSM for access.
It is not mandatory for the application to be in the same VPC as the CloudHSM instance; network reachability is the essential requirement.
There is no requirement for the application and CloudHSM to be in the same Availability Zone; they just need network connectivity.
The requirement is network reachability, not being in the same Availability Zone as a database instance, which is unrelated to CloudHSM connectivity.