aws_sdk_route53/client/
create_key_signing_key.rs

1// Code generated by software.amazon.smithy.rust.codegen.smithy-rs. DO NOT EDIT.
2impl super::Client {
3    /// Constructs a fluent builder for the [`CreateKeySigningKey`](crate::operation::create_key_signing_key::builders::CreateKeySigningKeyFluentBuilder) operation.
4    ///
5    /// - The fluent builder is configurable:
6    ///   - [`caller_reference(impl Into<String>)`](crate::operation::create_key_signing_key::builders::CreateKeySigningKeyFluentBuilder::caller_reference) / [`set_caller_reference(Option<String>)`](crate::operation::create_key_signing_key::builders::CreateKeySigningKeyFluentBuilder::set_caller_reference):<br>required: **true**<br><p>A unique string that identifies the request.</p><br>
7    ///   - [`hosted_zone_id(impl Into<String>)`](crate::operation::create_key_signing_key::builders::CreateKeySigningKeyFluentBuilder::hosted_zone_id) / [`set_hosted_zone_id(Option<String>)`](crate::operation::create_key_signing_key::builders::CreateKeySigningKeyFluentBuilder::set_hosted_zone_id):<br>required: **true**<br><p>The unique string (ID) used to identify a hosted zone.</p><br>
8    ///   - [`key_management_service_arn(impl Into<String>)`](crate::operation::create_key_signing_key::builders::CreateKeySigningKeyFluentBuilder::key_management_service_arn) / [`set_key_management_service_arn(Option<String>)`](crate::operation::create_key_signing_key::builders::CreateKeySigningKeyFluentBuilder::set_key_management_service_arn):<br>required: **true**<br><p>The Amazon resource name (ARN) for a customer managed key in Key Management Service (KMS). The <code>KeyManagementServiceArn</code> must be unique for each key-signing key (KSK) in a single hosted zone. To see an example of <code>KeyManagementServiceArn</code> that grants the correct permissions for DNSSEC, scroll down to <b>Example</b>.</p> <p>You must configure the customer managed customer managed key as follows:</p> <dl>  <dt>   Status  </dt>  <dd>   <p>Enabled</p>  </dd>  <dt>   Key spec  </dt>  <dd>   <p>ECC_NIST_P256</p>  </dd>  <dt>   Key usage  </dt>  <dd>   <p>Sign and verify</p>  </dd>  <dt>   Key policy  </dt>  <dd>   <p>The key policy must give permission for the following actions:</p>   <ul>    <li>     <p>DescribeKey</p></li>    <li>     <p>GetPublicKey</p></li>    <li>     <p>Sign</p></li>   </ul>   <p>The key policy must also include the Amazon Route 53 service in the principal for your account. Specify the following:</p>   <ul>    <li>     <p><code>"Service": "dnssec-route53.amazonaws.com"</code></p></li>   </ul>  </dd> </dl> <p>For more information about working with a customer managed key in KMS, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html">Key Management Service concepts</a>.</p><br>
9    ///   - [`name(impl Into<String>)`](crate::operation::create_key_signing_key::builders::CreateKeySigningKeyFluentBuilder::name) / [`set_name(Option<String>)`](crate::operation::create_key_signing_key::builders::CreateKeySigningKeyFluentBuilder::set_name):<br>required: **true**<br><p>A string used to identify a key-signing key (KSK). <code>Name</code> can include numbers, letters, and underscores (_). <code>Name</code> must be unique for each key-signing key in the same hosted zone.</p><br>
10    ///   - [`status(impl Into<String>)`](crate::operation::create_key_signing_key::builders::CreateKeySigningKeyFluentBuilder::status) / [`set_status(Option<String>)`](crate::operation::create_key_signing_key::builders::CreateKeySigningKeyFluentBuilder::set_status):<br>required: **true**<br><p>A string specifying the initial status of the key-signing key (KSK). You can set the value to <code>ACTIVE</code> or <code>INACTIVE</code>.</p><br>
11    /// - On success, responds with [`CreateKeySigningKeyOutput`](crate::operation::create_key_signing_key::CreateKeySigningKeyOutput) with field(s):
12    ///   - [`change_info(Option<ChangeInfo>)`](crate::operation::create_key_signing_key::CreateKeySigningKeyOutput::change_info): <p>A complex type that describes change information about changes made to your hosted zone.</p>
13    ///   - [`key_signing_key(Option<KeySigningKey>)`](crate::operation::create_key_signing_key::CreateKeySigningKeyOutput::key_signing_key): <p>The key-signing key (KSK) that the request creates.</p>
14    ///   - [`location(String)`](crate::operation::create_key_signing_key::CreateKeySigningKeyOutput::location): <p>The unique URL representing the new key-signing key (KSK).</p>
15    /// - On failure, responds with [`SdkError<CreateKeySigningKeyError>`](crate::operation::create_key_signing_key::CreateKeySigningKeyError)
16    pub fn create_key_signing_key(&self) -> crate::operation::create_key_signing_key::builders::CreateKeySigningKeyFluentBuilder {
17        crate::operation::create_key_signing_key::builders::CreateKeySigningKeyFluentBuilder::new(self.handle.clone())
18    }
19}