Class: Aws::Route53::Types::CreateKeySigningKeyRequest

Inherits:

Struct

• Object
• Struct
• Aws::Route53::Types::CreateKeySigningKeyRequest

Includes:

Structure

Defined in:

lib/aws-sdk-route53/types.rb

Overview

See Also:

• AWS API Documentation

Constant Summary

SENSITIVE =

[]

Instance Attribute Summary

• #caller_reference ⇒ String

  A unique string that identifies the request.

• #hosted_zone_id ⇒ String

  The unique string (ID) used to identify a hosted zone.

• #key_management_service_arn ⇒ String

  The Amazon resource name (ARN) for a customer managed key in Key Management Service (KMS).

• #name ⇒ String

  A string used to identify a key-signing key (KSK).

• #status ⇒ String

  A string specifying the initial status of the key-signing key (KSK).

Instance Attribute Details

#caller_reference ⇒ String

A unique string that identifies the request.

Returns:

• (String)

# File 'lib/aws-sdk-route53/types.rb', line 1457

class CreateKeySigningKeyRequest < Struct.new(
  :caller_reference,
  :hosted_zone_id,
  :key_management_service_arn,
  :name,
  :status)
  SENSITIVE = []
  include Aws::Structure
end

#hosted_zone_id ⇒ String

The unique string (ID) used to identify a hosted zone.

Returns:

• (String)

# File 'lib/aws-sdk-route53/types.rb', line 1457

class CreateKeySigningKeyRequest < Struct.new(
  :caller_reference,
  :hosted_zone_id,
  :key_management_service_arn,
  :name,
  :status)
  SENSITIVE = []
  include Aws::Structure
end

#key_management_service_arn ⇒ String

The Amazon resource name (ARN) for a customer managed key in Key Management Service (KMS). The ‘KeyManagementServiceArn` must be unique for each key-signing key (KSK) in a single hosted zone. To see an example of `KeyManagementServiceArn` that grants the correct permissions for DNSSEC, scroll down to Example.

You must configure the customer managed customer managed key as follows:

Status

: Enabled

Key spec

: ECC_NIST_P256

Key usage

: Sign and verify

Key policy

: The key policy must give permission for the following actions:

* DescribeKey

* GetPublicKey

* Sign

The key policy must also include the Amazon Route 53 service in
the principal for your account. Specify the following:

* `"Service": "dnssec-route53.amazonaws.com"`

^

For more information about working with a customer managed key in KMS, see [Key Management Service concepts].

[1]: docs.aws.amazon.com/kms/latest/developerguide/concepts.html

Returns:

• (String)

# File 'lib/aws-sdk-route53/types.rb', line 1457

class CreateKeySigningKeyRequest < Struct.new(
  :caller_reference,
  :hosted_zone_id,
  :key_management_service_arn,
  :name,
  :status)
  SENSITIVE = []
  include Aws::Structure
end

#name ⇒ String

A string used to identify a key-signing key (KSK). ‘Name` can include numbers, letters, and underscores (_). `Name` must be unique for each key-signing key in the same hosted zone.

Returns:

• (String)

# File 'lib/aws-sdk-route53/types.rb', line 1457

class CreateKeySigningKeyRequest < Struct.new(
  :caller_reference,
  :hosted_zone_id,
  :key_management_service_arn,
  :name,
  :status)
  SENSITIVE = []
  include Aws::Structure
end

#status ⇒ String

A string specifying the initial status of the key-signing key (KSK). You can set the value to ‘ACTIVE` or `INACTIVE`.

Returns:

• (String)

# File 'lib/aws-sdk-route53/types.rb', line 1457

class CreateKeySigningKeyRequest < Struct.new(
  :caller_reference,
  :hosted_zone_id,
  :key_management_service_arn,
  :name,
  :status)
  SENSITIVE = []
  include Aws::Structure
end