Providing devices as a service

What is claimed is: 1 . A computer-implemented method, comprising: under the control of one or more computer systems configured with executable instructions, receiving, by a computing resource provider, a request identifying a customer account to add a hardware security module to a virtual network of the computing resource service provider; in response to the request: selecting a hardware security module from a plurality of hardware security modules available to the computing resource provider; configuring the hardware security module to be made available on a customer-defined subset of the virtual network for processing cryptographic requests; and routing cryptographic requests initiated by a customer network associated with the customer account to the hardware security module for processing, via the customer-defined subset of the virtual network. 2 . The computer-implemented method of claim 1 , wherein: the customer network is an on-premise network associated with the customer account; and the customer-defined subset of the virtual network comprises one or more devices of the computing resource service provider having corresponding network addresses defined by the customer account. 3 . The computer-implemented method of claim 1 , wherein the customer network is connected to the virtual network via a virtual private network connection. 4 . The computer-implemented method of claim 1 , further comprising: receiving, by the virtual network from a device on the customer network, a cryptographic request; and routing the cryptographic request to the customer-defined subset so as to be processed by the hardware security module. 5 . The computer-implemented method of claim 1 , further comprising: using a first administrative account of the hardware security module to create a second administrative account with device administration rights; providing a credential for the second administrative account to enable a controlling entity to change the credential so as to revoke access to the second account from the computing resource provider. 6 . The computer-implemented method of claim 1 , further comprising presenting the hardware security module as a device on the customer network. 7 . A system, comprising: a set of computing resources that implements a network; a web server configured to receive requests from one or more other networks remotely connected to the system; and a management subsystem configured to: receive a request forwarded by the web server to add a security module to the network having a corresponding set of network addresses available to the one or more other networks; and based at least in part on the request, configure at least a subset of the set of computing resources such that one or more devices associated with the one or more other networks become capable of communicating with the security module by addressing communications to the security module with a network address from the set of network addresses. 8 . The system of claim 7 , wherein configuring the subset of the set of computing resources includes: adding a network interface to the network such that the network interface has the network address; and connecting the network interface to the security module. 9 . The system of claim 8 , wherein the network is a virtual local area network. 10 . The system of claim 7 , wherein the security module is a hardware security module. 11 . The system of claim 7 , wherein: the set of computing resources is hosted by a computing resource provider; and the request is a webservice call from the one or more other networks. 12 . The system of claim 7 , wherein: the set of computing resources is hosted by a computing resource provider; at a time after configuring the set of computing resources, the security module stores, in a manner inaccessible to the computing resource provider, cryptographic information for a device associated with the one or more other networks. 13 . One or more computer-readable storage media having collectively stored thereon instructions that, when executed by one or more processors of a computer system, cause the computer system to: receive, from a first network, a request to add a security module to a second network, the second network being hosted on behalf of the first network, and having a corresponding set of network addresses; based at least in part on the request, reconfigure at least a subset of the set of computing resources so that the communications to the security module are directed to a first network address from the corresponding set of network addresses and associated with the security module. 14 . The one or more computer-readable storage media of claim 13 , wherein causing reconfiguration of the computing resources includes generating a network interface that connects the second network to the security module. 15 . The one or more computer-readable storage media of claim 13 , wherein the security module is a hardware security module. 16 . The one or more computer-readable storage media of claim 13 , wherein causing reconfiguration of the computing resources includes causing allocation of the security module to exclusive use by the first network and the second network. 17 . The one or more computer-readable storage media of claim 13 , wherein: the first network is an on-premise network associated with a customer of a computing resource provider; and the second network is hosted by the computing resource provider and managed by the customer. 18 . The one or more computer-readable storage media of claim 13 , wherein the second network comprises devices having network addresses defined by the customer via the first network. 19 . The one or more computer-readable storage media of claim 13 , wherein: the security module has a network address outside of the set of network addresses; and causing reconfiguration of the computing resources includes connecting the first network to a network address translation device associated with the second network that translates network addresses to enable communications between the first network and the security module. 20 . The one or more computer-readable storage media of claim 13 , wherein the request is an application programming interface call.