Class: Aws::Route53::Types::CreateKeySigningKeyRequest

Inherits:
Struct
  • Object
show all
Includes:
Structure
Defined in:
lib/aws-sdk-route53/types.rb

Overview

Note:

When making an API call, you may pass CreateKeySigningKeyRequest data as a hash:

{
  caller_reference: "Nonce", # required
  hosted_zone_id: "ResourceId", # required
  key_management_service_arn: "SigningKeyString", # required
  name: "SigningKeyName", # required
  status: "SigningKeyStatus", # required
}

Constant Summary collapse

SENSITIVE =
[]

Instance Attribute Summary collapse

Instance Attribute Details

#caller_referenceString

A unique string that identifies the request.

Returns:

  • (String)

1374
1375
1376
1377
1378
1379
1380
1381
1382
# File 'lib/aws-sdk-route53/types.rb', line 1374

class CreateKeySigningKeyRequest < Struct.new(
  :caller_reference,
  :hosted_zone_id,
  :key_management_service_arn,
  :name,
  :status)
  SENSITIVE = []
  include Aws::Structure
end

#hosted_zone_idString

The unique string (ID) used to identify a hosted zone.

Returns:

  • (String)

1374
1375
1376
1377
1378
1379
1380
1381
1382
# File 'lib/aws-sdk-route53/types.rb', line 1374

class CreateKeySigningKeyRequest < Struct.new(
  :caller_reference,
  :hosted_zone_id,
  :key_management_service_arn,
  :name,
  :status)
  SENSITIVE = []
  include Aws::Structure
end

#key_management_service_arnString

The Amazon resource name (ARN) for a customer managed customer master key (CMK) in AWS Key Management Service (AWS KMS). The `KeyManagementServiceArn` must be unique for each key-signing key (KSK) in a single hosted zone. To see an example of `KeyManagementServiceArn` that grants the correct permissions for DNSSEC, scroll down to *Example*.

You must configure the customer managed CMK as follows:

Status

: Enabled

Key spec

: ECC_NIST_P256

Key usage

: Sign and verify

Key policy

: The key policy must give permission for the following actions:

* DescribeKey

* GetPublicKey

* Sign

The key policy must also include the Amazon Route 53 service in
the principal for your account. Specify the following:

* `"Service": "dnssec.route53.aws.amazonaws.com"`

^

For more information about working with a customer managed CMK in AWS KMS, see [AWS Key Management Service concepts].

[1]: docs.aws.amazon.com/kms/latest/developerguide/concepts.html

Returns:

  • (String)

1374
1375
1376
1377
1378
1379
1380
1381
1382
# File 'lib/aws-sdk-route53/types.rb', line 1374

class CreateKeySigningKeyRequest < Struct.new(
  :caller_reference,
  :hosted_zone_id,
  :key_management_service_arn,
  :name,
  :status)
  SENSITIVE = []
  include Aws::Structure
end

#nameString

A string used to identify a key-signing key (KSK). `Name` can include numbers, letters, and underscores (_). `Name` must be unique for each key-signing key in the same hosted zone.

Returns:

  • (String)

1374
1375
1376
1377
1378
1379
1380
1381
1382
# File 'lib/aws-sdk-route53/types.rb', line 1374

class CreateKeySigningKeyRequest < Struct.new(
  :caller_reference,
  :hosted_zone_id,
  :key_management_service_arn,
  :name,
  :status)
  SENSITIVE = []
  include Aws::Structure
end

#statusString

A string specifying the initial status of the key-signing key (KSK). You can set the value to `ACTIVE` or `INACTIVE`.

Returns:

  • (String)

1374
1375
1376
1377
1378
1379
1380
1381
1382
# File 'lib/aws-sdk-route53/types.rb', line 1374

class CreateKeySigningKeyRequest < Struct.new(
  :caller_reference,
  :hosted_zone_id,
  :key_management_service_arn,
  :name,
  :status)
  SENSITIVE = []
  include Aws::Structure
end