Struct aws_sdk_route53::client::fluent_builders::CreateKeySigningKey

source · [−]

pub struct CreateKeySigningKey { /* private fields */ }

Expand description

Fluent builder constructing a request to CreateKeySigningKey.

Creates a new key-signing key (KSK) associated with a hosted zone. You can only have two KSKs per hosted zone.

Implementations

source

impl CreateKeySigningKey

source

pub async fn send(
self
) -> Result<CreateKeySigningKeyOutput, SdkError<CreateKeySigningKeyError>>

Sends the request and returns the response.

If an error occurs, an SdkError will be returned with additional details that can be matched against.

By default, any retryable failures will be retried twice. Retry behavior is configurable with the RetryConfig, which can be set when configuring the client.

source

pub fn caller_reference(self, input: impl Into<String>) -> Self

A unique string that identifies the request.

source

pub fn set_caller_reference(self, input: Option<String>) -> Self

A unique string that identifies the request.

source

pub fn hosted_zone_id(self, input: impl Into<String>) -> Self

The unique string (ID) used to identify a hosted zone.

source

pub fn set_hosted_zone_id(self, input: Option<String>) -> Self

The unique string (ID) used to identify a hosted zone.

source

pub fn key_management_service_arn(self, input: impl Into<String>) -> Self

The Amazon resource name (ARN) for a customer managed key in Key Management Service (KMS). The KeyManagementServiceArn must be unique for each key-signing key (KSK) in a single hosted zone. To see an example of KeyManagementServiceArn that grants the correct permissions for DNSSEC, scroll down to Example.

You must configure the customer managed customer managed key as follows:

Status

Enabled

Key spec

ECC_NIST_P256

Key usage

Sign and verify

Key policy

The key policy must give permission for the following actions:

DescribeKey
GetPublicKey
Sign

The key policy must also include the Amazon Route 53 service in the principal for your account. Specify the following:

"Service": "dnssec-route53.amazonaws.com"

For more information about working with a customer managed key in KMS, see Key Management Service concepts.

source

pub fn set_key_management_service_arn(self, input: Option<String>) -> Self

The Amazon resource name (ARN) for a customer managed key in Key Management Service (KMS). The KeyManagementServiceArn must be unique for each key-signing key (KSK) in a single hosted zone. To see an example of KeyManagementServiceArn that grants the correct permissions for DNSSEC, scroll down to Example.

You must configure the customer managed customer managed key as follows:

Status

Enabled

Key spec

ECC_NIST_P256

Key usage

Sign and verify

Key policy

The key policy must give permission for the following actions:

DescribeKey
GetPublicKey
Sign

The key policy must also include the Amazon Route 53 service in the principal for your account. Specify the following:

"Service": "dnssec-route53.amazonaws.com"

For more information about working with a customer managed key in KMS, see Key Management Service concepts.

source

pub fn name(self, input: impl Into<String>) -> Self

A string used to identify a key-signing key (KSK). Name can include numbers, letters, and underscores (_). Name must be unique for each key-signing key in the same hosted zone.

source

pub fn set_name(self, input: Option<String>) -> Self

A string used to identify a key-signing key (KSK). Name can include numbers, letters, and underscores (_). Name must be unique for each key-signing key in the same hosted zone.

source