// Code generated by software.amazon.smithy.rust.codegen.smithy-rs. DO NOT EDIT.
impl super::Client {
/// Constructs a fluent builder for the [`CreateKeySigningKey`](crate::operation::create_key_signing_key::builders::CreateKeySigningKeyFluentBuilder) operation.
///
/// - The fluent builder is configurable:
/// - [`caller_reference(impl Into<String>)`](crate::operation::create_key_signing_key::builders::CreateKeySigningKeyFluentBuilder::caller_reference) / [`set_caller_reference(Option<String>)`](crate::operation::create_key_signing_key::builders::CreateKeySigningKeyFluentBuilder::set_caller_reference): <p>A unique string that identifies the request.</p>
/// - [`hosted_zone_id(impl Into<String>)`](crate::operation::create_key_signing_key::builders::CreateKeySigningKeyFluentBuilder::hosted_zone_id) / [`set_hosted_zone_id(Option<String>)`](crate::operation::create_key_signing_key::builders::CreateKeySigningKeyFluentBuilder::set_hosted_zone_id): <p>The unique string (ID) used to identify a hosted zone.</p>
/// - [`key_management_service_arn(impl Into<String>)`](crate::operation::create_key_signing_key::builders::CreateKeySigningKeyFluentBuilder::key_management_service_arn) / [`set_key_management_service_arn(Option<String>)`](crate::operation::create_key_signing_key::builders::CreateKeySigningKeyFluentBuilder::set_key_management_service_arn): <p>The Amazon resource name (ARN) for a customer managed key in Key Management Service (KMS). The <code>KeyManagementServiceArn</code> must be unique for each key-signing key (KSK) in a single hosted zone. To see an example of <code>KeyManagementServiceArn</code> that grants the correct permissions for DNSSEC, scroll down to <b>Example</b>. </p> <p>You must configure the customer managed customer managed key as follows:</p> <dl> <dt> Status </dt> <dd> <p>Enabled</p> </dd> <dt> Key spec </dt> <dd> <p>ECC_NIST_P256</p> </dd> <dt> Key usage </dt> <dd> <p>Sign and verify</p> </dd> <dt> Key policy </dt> <dd> <p>The key policy must give permission for the following actions:</p> <ul> <li> <p>DescribeKey</p> </li> <li> <p>GetPublicKey</p> </li> <li> <p>Sign</p> </li> </ul> <p>The key policy must also include the Amazon Route 53 service in the principal for your account. Specify the following:</p> <ul> <li> <p> <code>"Service": "dnssec-route53.amazonaws.com"</code> </p> </li> </ul> </dd> </dl> <p>For more information about working with a customer managed key in KMS, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html">Key Management Service concepts</a>.</p>
/// - [`name(impl Into<String>)`](crate::operation::create_key_signing_key::builders::CreateKeySigningKeyFluentBuilder::name) / [`set_name(Option<String>)`](crate::operation::create_key_signing_key::builders::CreateKeySigningKeyFluentBuilder::set_name): <p>A string used to identify a key-signing key (KSK). <code>Name</code> can include numbers, letters, and underscores (_). <code>Name</code> must be unique for each key-signing key in the same hosted zone.</p>
/// - [`status(impl Into<String>)`](crate::operation::create_key_signing_key::builders::CreateKeySigningKeyFluentBuilder::status) / [`set_status(Option<String>)`](crate::operation::create_key_signing_key::builders::CreateKeySigningKeyFluentBuilder::set_status): <p>A string specifying the initial status of the key-signing key (KSK). You can set the value to <code>ACTIVE</code> or <code>INACTIVE</code>.</p>
/// - On success, responds with [`CreateKeySigningKeyOutput`](crate::operation::create_key_signing_key::CreateKeySigningKeyOutput) with field(s):
/// - [`change_info(Option<ChangeInfo>)`](crate::operation::create_key_signing_key::CreateKeySigningKeyOutput::change_info): <p>A complex type that describes change information about changes made to your hosted zone.</p>
/// - [`key_signing_key(Option<KeySigningKey>)`](crate::operation::create_key_signing_key::CreateKeySigningKeyOutput::key_signing_key): <p>The key-signing key (KSK) that the request creates.</p>
/// - [`location(Option<String>)`](crate::operation::create_key_signing_key::CreateKeySigningKeyOutput::location): <p>The unique URL representing the new key-signing key (KSK).</p>
/// - On failure, responds with [`SdkError<CreateKeySigningKeyError>`](crate::operation::create_key_signing_key::CreateKeySigningKeyError)
pub fn create_key_signing_key(
&self,
) -> crate::operation::create_key_signing_key::builders::CreateKeySigningKeyFluentBuilder {
crate::operation::create_key_signing_key::builders::CreateKeySigningKeyFluentBuilder::new(
self.handle.clone(),
)
}
}