Create Key Signing Key
route53_create_key_signing_key | R Documentation |
Creates a new key-signing key (KSK) associated with a hosted zone¶
Description¶
Creates a new key-signing key (KSK) associated with a hosted zone. You can only have two KSKs per hosted zone.
Usage¶
route53_create_key_signing_key(CallerReference, HostedZoneId,
KeyManagementServiceArn, Name, Status)
Arguments¶
CallerReference
[required] A unique string that identifies the request.
HostedZoneId
[required] The unique string (ID) used to identify a hosted zone.
KeyManagementServiceArn
[required] The Amazon resource name (ARN) for a customer managed key in Key Management Service (KMS). The
KeyManagementServiceArn
must be unique for each key-signing key (KSK) in a single hosted zone. To see an example ofKeyManagementServiceArn
that grants the correct permissions for DNSSEC, scroll down to Example.You must configure the customer managed customer managed key as follows:
Status
Enabled
Key spec
ECC_NIST_P256
Key usage
Sign and verify
Key policy
The key policy must give permission for the following actions:
DescribeKey
GetPublicKey
Sign
The key policy must also include the Amazon Route 53 service in the principal for your account. Specify the following:
"Service": "dnssec-route53.amazonaws.com"
For more information about working with a customer managed key in KMS, see Key Management Service concepts.
Name
[required] A string used to identify a key-signing key (KSK).
Name
can include numbers, letters, and underscores (_).Name
must be unique for each key-signing key in the same hosted zone.Status
[required] A string specifying the initial status of the key-signing key (KSK). You can set the value to
ACTIVE
orINACTIVE
.
Value¶
A list with the following syntax:
list(
ChangeInfo = list(
Id = "string",
Status = "PENDING"|"INSYNC",
SubmittedAt = as.POSIXct(
"2015-01-01"
),
Comment = "string"
),
KeySigningKey = list(
Name = "string",
KmsArn = "string",
Flag = 123,
SigningAlgorithmMnemonic = "string",
SigningAlgorithmType = 123,
DigestAlgorithmMnemonic = "string",
DigestAlgorithmType = 123,
KeyTag = 123,
DigestValue = "string",
PublicKey = "string",
DSRecord = "string",
DNSKEYRecord = "string",
Status = "string",
StatusMessage = "string",
CreatedDate = as.POSIXct(
"2015-01-01"
),
LastModifiedDate = as.POSIXct(
"2015-01-01"
)
),
Location = "string"
)