class Aws::Route53::Types::CreateKeySigningKeyRequest

@note When making an API call, you may pass CreateKeySigningKeyRequest

data as a hash:

    {
      caller_reference: "Nonce", # required
      hosted_zone_id: "ResourceId", # required
      key_management_service_arn: "SigningKeyString", # required
      name: "SigningKeyName", # required
      status: "SigningKeyStatus", # required
    }

@!attribute [rw] caller_reference

A unique string that identifies the request.
@return [String]

@!attribute [rw] hosted_zone_id

The unique string (ID) used to identify a hosted zone.
@return [String]

@!attribute [rw] key_management_service_arn

The Amazon resource name (ARN) for a customer managed customer
master key (CMK) in Key Management Service (KMS). The
`KeyManagementServiceArn` must be unique for each key-signing key
(KSK) in a single hosted zone. To see an example of
`KeyManagementServiceArn` that grants the correct permissions for
DNSSEC, scroll down to **Example**.

You must configure the customer managed CMK as follows:

Status

: Enabled

Key spec

: ECC\_NIST\_P256

Key usage

: Sign and verify

Key policy

: The key policy must give permission for the following actions:

  * DescribeKey

  * GetPublicKey

  * Sign

  The key policy must also include the Amazon Route 53 service in
  the principal for your account. Specify the following:

  * `"Service": "dnssec-route53.amazonaws.com"`

  ^

For more information about working with a customer managed CMK in
KMS, see [Key Management Service concepts][1].

[1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html
@return [String]

@!attribute [rw] name

A string used to identify a key-signing key (KSK). `Name` can
include numbers, letters, and underscores (\_). `Name` must be
unique for each key-signing key in the same hosted zone.
@return [String]

@!attribute [rw] status

A string specifying the initial status of the key-signing key (KSK).
You can set the value to `ACTIVE` or `INACTIVE`.
@return [String]

@see docs.aws.amazon.com/goto/WebAPI/route53-2013-04-01/CreateKeySigningKeyRequest AWS API Documentation

Constants

SENSITIVE