Class: Aws::Route53::Types::CreateKeySigningKeyRequest

Inherits:
Struct
  • Object
show all
Includes:
Structure
Defined in:
lib/aws-sdk-route53/types.rb

Overview

Constant Summary collapse

SENSITIVE =
[]

Instance Attribute Summary collapse

Instance Attribute Details

#caller_referenceString

A unique string that identifies the request.

Returns:

  • (String)


1459
1460
1461
1462
1463
1464
1465
1466
1467
# File 'lib/aws-sdk-route53/types.rb', line 1459

class CreateKeySigningKeyRequest < Struct.new(
  :caller_reference,
  :hosted_zone_id,
  :key_management_service_arn,
  :name,
  :status)
  SENSITIVE = []
  include Aws::Structure
end

#hosted_zone_idString

The unique string (ID) used to identify a hosted zone.

Returns:

  • (String)


1459
1460
1461
1462
1463
1464
1465
1466
1467
# File 'lib/aws-sdk-route53/types.rb', line 1459

class CreateKeySigningKeyRequest < Struct.new(
  :caller_reference,
  :hosted_zone_id,
  :key_management_service_arn,
  :name,
  :status)
  SENSITIVE = []
  include Aws::Structure
end

#key_management_service_arnString

The Amazon resource name (ARN) for a customer managed key in Key Management Service (KMS). The ‘KeyManagementServiceArn` must be unique for each key-signing key (KSK) in a single hosted zone. To see an example of `KeyManagementServiceArn` that grants the correct permissions for DNSSEC, scroll down to Example.

You must configure the customer managed customer managed key as follows:

Status

: Enabled

Key spec

: ECC_NIST_P256

Key usage

: Sign and verify

Key policy

: The key policy must give permission for the following actions:

* DescribeKey

* GetPublicKey

* Sign

The key policy must also include the Amazon Route 53 service in
the principal for your account. Specify the following:

* `"Service": "dnssec-route53.amazonaws.com"`

^

For more information about working with a customer managed key in KMS, see [Key Management Service concepts].

[1]: docs.aws.amazon.com/kms/latest/developerguide/concepts.html

Returns:

  • (String)


1459
1460
1461
1462
1463
1464
1465
1466
1467
# File 'lib/aws-sdk-route53/types.rb', line 1459

class CreateKeySigningKeyRequest < Struct.new(
  :caller_reference,
  :hosted_zone_id,
  :key_management_service_arn,
  :name,
  :status)
  SENSITIVE = []
  include Aws::Structure
end

#nameString

A string used to identify a key-signing key (KSK). ‘Name` can include numbers, letters, and underscores (_). `Name` must be unique for each key-signing key in the same hosted zone.

Returns:

  • (String)


1459
1460
1461
1462
1463
1464
1465
1466
1467
# File 'lib/aws-sdk-route53/types.rb', line 1459

class CreateKeySigningKeyRequest < Struct.new(
  :caller_reference,
  :hosted_zone_id,
  :key_management_service_arn,
  :name,
  :status)
  SENSITIVE = []
  include Aws::Structure
end

#statusString

A string specifying the initial status of the key-signing key (KSK). You can set the value to ‘ACTIVE` or `INACTIVE`.

Returns:

  • (String)


1459
1460
1461
1462
1463
1464
1465
1466
1467
# File 'lib/aws-sdk-route53/types.rb', line 1459

class CreateKeySigningKeyRequest < Struct.new(
  :caller_reference,
  :hosted_zone_id,
  :key_management_service_arn,
  :name,
  :status)
  SENSITIVE = []
  include Aws::Structure
end