aws-cdk-lib.aws_route53.CfnKeySigningKeyProps

interface CfnKeySigningKeyProps

LanguageType name
.NETAmazon.CDK.AWS.Route53.CfnKeySigningKeyProps
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awsroute53#CfnKeySigningKeyProps
Javasoftware.amazon.awscdk.services.route53.CfnKeySigningKeyProps
Pythonaws_cdk.aws_route53.CfnKeySigningKeyProps
TypeScript aws-cdk-lib » aws_route53 » CfnKeySigningKeyProps

Properties for defining a CfnKeySigningKey.

Example

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import { aws_route53 as route53 } from 'aws-cdk-lib';
const cfnKeySigningKeyProps: route53.CfnKeySigningKeyProps = {
  hostedZoneId: 'hostedZoneId',
  keyManagementServiceArn: 'keyManagementServiceArn',
  name: 'name',
  status: 'status',
};

Properties

NameTypeDescription
hostedZoneIdstringThe unique string (ID) that is used to identify a hosted zone.
keyManagementServiceArnstringThe Amazon resource name (ARN) for a customer managed customer master key (CMK) in AWS Key Management Service ( AWS KMS ).
namestringA string used to identify a key-signing key (KSK).
statusstringA string that represents the current key-signing key (KSK) status.

hostedZoneId

Type: string

The unique string (ID) that is used to identify a hosted zone.

For example: Z00001111A1ABCaaABC11 .


keyManagementServiceArn

Type: string

The Amazon resource name (ARN) for a customer managed customer master key (CMK) in AWS Key Management Service ( AWS KMS ).

The KeyManagementServiceArn must be unique for each key-signing key (KSK) in a single hosted zone. For example: arn:aws:kms:us-east-1:111122223333:key/111a2222-a11b-1ab1-2ab2-1ab21a2b3a111 .


name

Type: string

A string used to identify a key-signing key (KSK).

Name can include numbers, letters, and underscores (_). Name must be unique for each key-signing key in the same hosted zone.


status

Type: string

A string that represents the current key-signing key (KSK) status.

Status can have one of the following values:

  • ACTIVE - The KSK is being used for signing.
  • INACTIVE - The KSK is not being used for signing.
  • DELETING - The KSK is in the process of being deleted.
  • ACTION_NEEDED - There is a problem with the KSK that requires you to take action to resolve. For example, the customer managed key might have been deleted, or the permissions for the customer managed key might have been changed.
  • INTERNAL_FAILURE - There was an error during a request. Before you can continue to work with DNSSEC signing, including actions that involve this KSK, you must correct the problem. For example, you may need to activate or deactivate the KSK.