key_signing_keys
Creates, updates, deletes or gets a key_signing_key resource or lists key_signing_keys in a region
Overview
| Name | key_signing_keys |
| Type | Resource |
| Description | Represents a key signing key (KSK) associated with a hosted zone. You can only have two KSKs per hosted zone. |
| Id | aws.route53.key_signing_keys |
Fields
| Name | Datatype | Description |
|---|---|---|
hosted_zone_id | string | The unique string (ID) used to identify a hosted zone. |
status | string | A string specifying the initial status of the key signing key (KSK). You can set the value to ACTIVE or INACTIVE. |
name | string | An alphanumeric string used to identify a key signing key (KSK). Name must be unique for each key signing key in the same hosted zone. |
key_management_service_arn | string | The Amazon resource name (ARN) for a customer managed key (CMK) in AWS Key Management Service (KMS). The KeyManagementServiceArn must be unique for each key signing key (KSK) in a single hosted zone. |
region | string | AWS region. |
For more information, see AWS::Route53::KeySigningKey.
Methods
| Name | Accessible by | Required Params |
|---|---|---|
create_resource | INSERT | Status, HostedZoneId, Name, KeyManagementServiceArn, region |
delete_resource | DELETE | data__Identifier, region |
update_resource | UPDATE | data__Identifier, data__PatchDocument, region |
list_resources | SELECT | region |
get_resource | SELECT | data__Identifier, region |
SELECT examples
Gets all key_signing_keys in a region.
SELECT
region,
hosted_zone_id,
status,
name,
key_management_service_arn
FROM aws.route53.key_signing_keys
;
Gets all properties from an individual key_signing_key.
SELECT
region,
hosted_zone_id,
status,
name,
key_management_service_arn
FROM aws.route53.key_signing_keys
WHERE data__Identifier = '<HostedZoneId>|<Name>';
INSERT example
Use the following StackQL query and manifest file to create a new key_signing_key resource, using stack-deploy.
- Required Properties
- All Properties
- Manifest
/*+ create */
INSERT INTO aws.route53.key_signing_keys (
HostedZoneId,
Status,
Name,
KeyManagementServiceArn,
region
)
SELECT
'{{ HostedZoneId }}',
'{{ Status }}',
'{{ Name }}',
'{{ KeyManagementServiceArn }}',
'{{ region }}';
/*+ create */
INSERT INTO aws.route53.key_signing_keys (
HostedZoneId,
Status,
Name,
KeyManagementServiceArn,
region
)
SELECT
'{{ HostedZoneId }}',
'{{ Status }}',
'{{ Name }}',
'{{ KeyManagementServiceArn }}',
'{{ region }}';
version: 1
name: stack name
description: stack description
providers:
- aws
globals:
- name: region
value: '{{ vars.AWS_REGION }}'
resources:
- name: key_signing_key
props:
- name: HostedZoneId
value: '{{ HostedZoneId }}'
- name: Status
value: '{{ Status }}'
- name: Name
value: '{{ Name }}'
- name: KeyManagementServiceArn
value: '{{ KeyManagementServiceArn }}'
DELETE example
/*+ delete */
DELETE FROM aws.route53.key_signing_keys
WHERE data__Identifier = '<HostedZoneId|Name>'
AND region = 'us-east-1';
Permissions
To operate on the key_signing_keys resource, the following permissions are required:
Create
route53:CreateKeySigningKey,
kms:DescribeKey,
kms:GetPublicKey,
kms:Sign,
kms:CreateGrant
Read
route53:GetDNSSEC
Update
route53:GetDNSSEC,
route53:ActivateKeySigningKey,
route53:DeactivateKeySigningKey,
kms:DescribeKey,
kms:GetPublicKey,
kms:Sign,
kms:CreateGrant
Delete
route53:DeactivateKeySigningKey,
route53:DeleteKeySigningKey,
kms:DescribeKey,
kms:GetPublicKey,
kms:Sign,
kms:CreateGrant
List
route53:GetDNSSEC,
route53:ListHostedZones