class Aws::Route53::Types::KeySigningKey


@see docs.aws.amazon.com/goto/WebAPI/route53-2013-04-01/KeySigningKey AWS API Documentation
@return [Time]
The last time that the key-signing key (KSK) was changed.
@!attribute [rw] last_modified_date
@return [Time]
The date when the key-signing key (KSK) was created.
@!attribute [rw] created_date
@return [String]
you can take to correct the issue.
includes information about what the problem might be and steps that
statuses: ‘ACTION_NEEDED` or `INTERNAL_FAILURE`. The status message
The status message provided for the following key-signing key (KSK)
@!attribute [rw] status_message
@return [String]
activate or deactivate the KSK.
you must correct the problem. For example, you may need to
work with DNSSEC signing, including actions that involve this KSK,
: There was an error during a request. Before you can continue to
INTERNAL_FAILURE
have been changed.
deleted, or the permissions for the customer managed key might
to resolve. For example, the customer managed key might have been
: There is a problem with the KSK that requires you to take action
ACTION_NEEDED
: The KSK is in the process of being deleted.
DELETING
: The KSK is not being used for signing.
INACTIVE
: The KSK is being used for signing.
ACTIVE
Status can have one of the following values:
A string that represents the current key-signing key (KSK) status.
@!attribute [rw] status
@return [String]
A string that represents a DNSKEY record.
@!attribute [rw] dnskey_record
@return [String]
A string that represents a delegation signer (DS) record.
@!attribute [rw] ds_record
@return [String]<br>: tools.ietf.org/rfc/rfc4034.txt<br><br><br><br>RFC-4034 Page 5].
The public key, represented as a Base64 encoding, as required by [
@!attribute [rw] public_key
@return [String]
information provided by the DNS system.
verify DNSSEC signatures that are used to secure certain kinds of
records are used to publish the public key that resolvers can use to
A cryptographic digest of a DNSKEY resource record (RR). DNSKEY
@!attribute [rw] digest_value
@return [Integer]<br>: tools.ietf.org/rfc/rfc4034.txt<br><br><br><br>Appendix B].
The process used to calculate the value is described in [RFC-4034
An integer used to identify the DNSSEC record for the domain name.
@!attribute [rw] key_tag
@return [Integer]<br>: tools.ietf.org/html/rfc8624#section-3.3<br><br><br><br>3.3][1].
This value must follow the guidelines provided by [RFC-8624 Section
An integer used to represent the delegation signer digest algorithm.
@!attribute [rw] digest_algorithm_type
@return [String]<br>: tools.ietf.org/html/rfc8624#section-3.3<br><br><br><br>3.3][1].
This value must follow the guidelines provided by [RFC-8624 Section
A string used to represent the delegation signer digest algorithm.
@!attribute [rw] digest_algorithm_mnemonic
@return [Integer]<br>: tools.ietf.org/html/rfc8624#section-3.1<br><br><br><br>follow the guidelines provided by [RFC-8624 Section 3.1].
An integer used to represent the signing algorithm. This value must
@!attribute [rw] signing_algorithm_type
@return [String]<br>: tools.ietf.org/html/rfc8624#section-3.1<br><br><br><br>follow the guidelines provided by [RFC-8624 Section 3.1].
A string used to represent the signing algorithm. This value must
@!attribute [rw] signing_algorithm_mnemonic
@return [Integer]
(KSK), this value is always 257.
An integer that specifies how the key is used. For key-signing key
@!attribute [rw] flag
@return [String]<br>: docs.aws.amazon.com/kms/latest/developerguide/concepts.html<br><br><br><br>KMS, see [Key Management Service concepts].
For more information about working with the customer managed key in
^
* `“Service”: “dnssec-route53.amazonaws.com”`
the principal for your account. Specify the following:
The key policy must also include the Amazon Route 53 service in
* Sign
* GetPublicKey
* DescribeKey
: The key policy must give permission for the following actions:
Key policy
: Sign and verify
Key usage
: ECC_NIST_P256
Key spec
: Enabled
Status
You must configure the customer managed key as follows:
each key-signing key (KSK) in a single hosted zone.
key in Key Management Service (KMS). The `KmsArn` must be unique for
The Amazon resource name (ARN) used to identify the customer managed
@!attribute [rw] kms_arn
@return [String]
unique for each key-signing key in the same hosted zone.
include numbers, letters, and underscores (_). `Name` must be
A string used to identify a key-signing key (KSK). `Name` can
@!attribute [rw] name
associated with a hosted zone; it cannot exist by itself.
the DNS and is used to authenticate the ZSK. A KSK is always
signature for the zone signing key (ZSK). The public key is stored in
public/private key pair. The private key is used to generate a digital
A key-signing key (KSK) is a complex type that represents a