NAME
Paws::Route53::CreateKeySigningKey - Arguments for method CreateKeySigningKey on Paws::Route53
DESCRIPTION
This class represents the parameters used for calling the method CreateKeySigningKey on the Amazon Route 53 service. Use the attributes of this class as arguments to method CreateKeySigningKey.
You shouldn't make instances of this class. Each attribute should be used as a named argument in the call to CreateKeySigningKey.
SYNOPSIS
my $route53 = Paws->service('Route53');
my $CreateKeySigningKeyResponse = $route53->CreateKeySigningKey(
CallerReference => 'MyNonce',
HostedZoneId => 'MyResourceId',
KeyManagementServiceArn => 'MySigningKeyString',
Name => 'MySigningKeyName',
Status => 'MySigningKeyStatus',
);
# Results:
my $ChangeInfo = $CreateKeySigningKeyResponse->ChangeInfo;
my $KeySigningKey = $CreateKeySigningKeyResponse->KeySigningKey;
my $Location = $CreateKeySigningKeyResponse->Location;
# Returns a L<Paws::Route53::CreateKeySigningKeyResponse> object.
Values for attributes that are native types (Int, String, Float, etc) can passed as-is (scalar values). Values for complex Types (objects) can be passed as a HashRef. The keys and values of the hashref will be used to instance the underlying object. For the AWS API documentation, see https://docs.aws.amazon.com/goto/WebAPI/route53/CreateKeySigningKey
ATTRIBUTES
REQUIRED CallerReference => Str
A unique string that identifies the request.
REQUIRED HostedZoneId => Str
The unique string (ID) used to identify a hosted zone.
REQUIRED KeyManagementServiceArn => Str
The Amazon resource name (ARN) for a customer managed customer master key (CMK) in AWS Key Management Service (AWS KMS). The KeyManagementServiceArn
must be unique for each key-signing key (KSK) in a single hosted zone. To see an example of KeyManagementServiceArn
that grants the correct permissions for DNSSEC, scroll down to Example.
You must configure the customer managed CMK as follows:
- Status
-
Enabled
- Key spec
-
ECC_NIST_P256
- Key usage
-
Sign and verify
- Key policy
-
The key policy must give permission for the following actions:
DescribeKey
GetPublicKey
Sign
The key policy must also include the Amazon Route 53 service in the principal for your account. Specify the following:
"Service": "dnssec.route53.aws.amazonaws.com"
For more information about working with a customer managed CMK in AWS KMS, see AWS Key Management Service concepts (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html).
REQUIRED Name => Str
A string used to identify a key-signing key (KSK). Name
can include numbers, letters, and underscores (_). Name
must be unique for each key-signing key in the same hosted zone.
REQUIRED Status => Str
A string specifying the initial status of the key-signing key (KSK). You can set the value to ACTIVE
or INACTIVE
.
SEE ALSO
This class forms part of Paws, documenting arguments for method CreateKeySigningKey in Paws::Route53
BUGS and CONTRIBUTIONS
The source code is located here: https://github.com/pplu/aws-sdk-perl
Please report bugs to: https://github.com/pplu/aws-sdk-perl/issues