key_signing_key
Gets an individual key_signing_key resource
Overview
| Name | key_signing_key |
| Type | Resource |
| Description | key_signing_key |
| Id | awscc.route53.key_signing_key |
Fields
| Name | Datatype | Description |
|---|---|---|
hosted_zone_id | string | The unique string (ID) used to identify a hosted zone. |
status | string | A string specifying the initial status of the key signing key (KSK). You can set the value to ACTIVE or INACTIVE. |
name | string | An alphanumeric string used to identify a key signing key (KSK). Name must be unique for each key signing key in the same hosted zone. |
key_management_service_arn | string | The Amazon resource name (ARN) for a customer managed key (CMK) in AWS Key Management Service (KMS). The KeyManagementServiceArn must be unique for each key signing key (KSK) in a single hosted zone. |
region | string | AWS region. |
Methods
Currently only SELECT is supported for this resource resource.
Example
SELECT
region,
hosted_zone_id,
status,
name,
key_management_service_arn
FROM awscc.route53.key_signing_key
WHERE data__Identifier = '<HostedZoneId>|<Name>';
Permissions
To operate on the key_signing_key resource, the following permissions are required:
Read
route53:GetDNSSEC
Update
route53:GetDNSSEC,
route53:ActivateKeySigningKey,
route53:DeactivateKeySigningKey,
kms:DescribeKey,
kms:GetPublicKey,
kms:Sign,
kms:CreateGrant
Delete
route53:DeactivateKeySigningKey,
route53:DeleteKeySigningKey,
kms:DescribeKey,
kms:GetPublicKey,
kms:Sign,
kms:CreateGrant