KeySigningKeyProps

class aws_cdk.aws_route53.KeySigningKeyProps(*, hosted_zone, kms_key, key_signing_key_name=None, status=None)

Bases: object

Properties for constructing a Key Signing Key.

Parameters:

• hosted_zone (IHostedZone) – The hosted zone that this key will be used to sign.

• kms_key (IKey) – The customer-managed KMS key that that will be used to sign the records. The KMS Key must be unique for each KSK within a hosted zone. Additionally, the KMS key must be an asymetric customer-managed key using the ECC_NIST_P256 algorithm.

• key_signing_key_name (Optional[str]) – The name for the key signing key. This name must be unique within a hosted zone. Default: an autogenerated name

• status (Optional[KeySigningKeyStatus]) – The status of the key signing key. Default: ACTIVE

ExampleMetadata:

infused

Example:

# hosted_zone: route53.HostedZone
# kms_key: kms.Key

route53.KeySigningKey(self, "KeySigningKey",
    hosted_zone=hosted_zone,
    kms_key=kms_key,
    key_signing_key_name="ksk",
    status=route53.KeySigningKeyStatus.ACTIVE
)

Attributes

hosted_zone

The hosted zone that this key will be used to sign.

key_signing_key_name

The name for the key signing key.

This name must be unique within a hosted zone.

Default:

an autogenerated name

kms_key

The customer-managed KMS key that that will be used to sign the records.

The KMS Key must be unique for each KSK within a hosted zone. Additionally, the KMS key must be an asymetric customer-managed key using the ECC_NIST_P256 algorithm.

See:

https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-configuring-dnssec-cmk-requirements.html

status

The status of the key signing key.

Default:

ACTIVE