Class: Aws::Route53::Types::CreateKeySigningKeyRequest
- Inherits:
-
Struct
- Object
- Struct
- Aws::Route53::Types::CreateKeySigningKeyRequest
- Includes:
- Structure
- Defined in:
- lib/aws-sdk-route53/types.rb
Overview
Constant Summary collapse
- SENSITIVE =
[]
Instance Attribute Summary collapse
-
#caller_reference ⇒ String
A unique string that identifies the request.
-
#hosted_zone_id ⇒ String
The unique string (ID) used to identify a hosted zone.
-
#key_management_service_arn ⇒ String
The Amazon resource name (ARN) for a customer managed key in Key Management Service (KMS).
-
#name ⇒ String
A string used to identify a key-signing key (KSK).
-
#status ⇒ String
A string specifying the initial status of the key-signing key (KSK).
Instance Attribute Details
#caller_reference ⇒ String
A unique string that identifies the request.
1459 1460 1461 1462 1463 1464 1465 1466 1467 |
# File 'lib/aws-sdk-route53/types.rb', line 1459 class CreateKeySigningKeyRequest < Struct.new( :caller_reference, :hosted_zone_id, :key_management_service_arn, :name, :status) SENSITIVE = [] include Aws::Structure end |
#hosted_zone_id ⇒ String
The unique string (ID) used to identify a hosted zone.
1459 1460 1461 1462 1463 1464 1465 1466 1467 |
# File 'lib/aws-sdk-route53/types.rb', line 1459 class CreateKeySigningKeyRequest < Struct.new( :caller_reference, :hosted_zone_id, :key_management_service_arn, :name, :status) SENSITIVE = [] include Aws::Structure end |
#key_management_service_arn ⇒ String
The Amazon resource name (ARN) for a customer managed key in Key Management Service (KMS). The ‘KeyManagementServiceArn` must be unique for each key-signing key (KSK) in a single hosted zone. To see an example of `KeyManagementServiceArn` that grants the correct permissions for DNSSEC, scroll down to Example.
You must configure the customer managed customer managed key as follows:
Status
: Enabled
Key spec
: ECC_NIST_P256
Key usage
: Sign and verify
Key policy
: The key policy must give permission for the following actions:
* DescribeKey
* GetPublicKey
* Sign
The key policy must also include the Amazon Route 53 service in
the principal for your account. Specify the following:
* `"Service": "dnssec-route53.amazonaws.com"`
^
For more information about working with a customer managed key in KMS, see [Key Management Service concepts].
[1]: docs.aws.amazon.com/kms/latest/developerguide/concepts.html
1459 1460 1461 1462 1463 1464 1465 1466 1467 |
# File 'lib/aws-sdk-route53/types.rb', line 1459 class CreateKeySigningKeyRequest < Struct.new( :caller_reference, :hosted_zone_id, :key_management_service_arn, :name, :status) SENSITIVE = [] include Aws::Structure end |
#name ⇒ String
A string used to identify a key-signing key (KSK). ‘Name` can include numbers, letters, and underscores (_). `Name` must be unique for each key-signing key in the same hosted zone.
1459 1460 1461 1462 1463 1464 1465 1466 1467 |
# File 'lib/aws-sdk-route53/types.rb', line 1459 class CreateKeySigningKeyRequest < Struct.new( :caller_reference, :hosted_zone_id, :key_management_service_arn, :name, :status) SENSITIVE = [] include Aws::Structure end |
#status ⇒ String
A string specifying the initial status of the key-signing key (KSK). You can set the value to ‘ACTIVE` or `INACTIVE`.
1459 1460 1461 1462 1463 1464 1465 1466 1467 |
# File 'lib/aws-sdk-route53/types.rb', line 1459 class CreateKeySigningKeyRequest < Struct.new( :caller_reference, :hosted_zone_id, :key_management_service_arn, :name, :status) SENSITIVE = [] include Aws::Structure end |