software.amazon.awssdk.services.route53.model

Interface CreateKeySigningKeyRequest.Builder

All Superinterfaces:

AwsRequest.Builder, Buildable, CopyableBuilder<CreateKeySigningKeyRequest.Builder,CreateKeySigningKeyRequest>, Route53Request.Builder, SdkBuilder<CreateKeySigningKeyRequest.Builder,CreateKeySigningKeyRequest>, SdkPojo, SdkRequest.Builder

Enclosing class:

CreateKeySigningKeyRequest

public static interface CreateKeySigningKeyRequest.Builder
extends Route53Request.Builder, SdkPojo, CopyableBuilder<CreateKeySigningKeyRequest.Builder,CreateKeySigningKeyRequest>

Method Summary

Modifier and Type	Method and Description
CreateKeySigningKeyRequest.Builder	callerReference(String callerReference) A unique string that identifies the request.
CreateKeySigningKeyRequest.Builder	hostedZoneId(String hostedZoneId) The unique string (ID) used to identify a hosted zone.
CreateKeySigningKeyRequest.Builder	keyManagementServiceArn(String keyManagementServiceArn) The Amazon resource name (ARN) for a customer managed customer master key (CMK) in AWS Key Management Service (AWS KMS).
CreateKeySigningKeyRequest.Builder	name(String name) A string used to identify a key-signing key (KSK).
CreateKeySigningKeyRequest.Builder	overrideConfiguration(AwsRequestOverrideConfiguration overrideConfiguration)
CreateKeySigningKeyRequest.Builder	overrideConfiguration(Consumer<AwsRequestOverrideConfiguration.Builder> builderConsumer)
CreateKeySigningKeyRequest.Builder	status(String status) A string specifying the initial status of the key-signing key (KSK).

Methods inherited from interface software.amazon.awssdk.services.route53.model.Route53Request.Builder

build

Methods inherited from interface software.amazon.awssdk.awscore.AwsRequest.Builder

overrideConfiguration

Methods inherited from interface software.amazon.awssdk.core.SdkPojo

equalsBySdkFields, sdkFields

Methods inherited from interface software.amazon.awssdk.utils.builder.CopyableBuilder

copy

Methods inherited from interface software.amazon.awssdk.utils.builder.SdkBuilder

applyMutation, build

Method Detail

callerReference

CreateKeySigningKeyRequest.Builder callerReference(String callerReference)

A unique string that identifies the request.

Parameters:

callerReference - A unique string that identifies the request.

Returns:

Returns a reference to this object so that method calls can be chained together.

hostedZoneId

CreateKeySigningKeyRequest.Builder hostedZoneId(String hostedZoneId)

The unique string (ID) used to identify a hosted zone.

Parameters:

hostedZoneId - The unique string (ID) used to identify a hosted zone.

Returns:

Returns a reference to this object so that method calls can be chained together.

keyManagementServiceArn

CreateKeySigningKeyRequest.Builder keyManagementServiceArn(String keyManagementServiceArn)

The Amazon resource name (ARN) for a customer managed customer master key (CMK) in AWS Key Management Service (AWS KMS). The KeyManagementServiceArn must be unique for each key-signing key (KSK) in a single hosted zone. To see an example of KeyManagementServiceArn that grants the correct permissions for DNSSEC, scroll down to Example.

You must configure the customer managed CMK as follows:

Status

Enabled

Key spec

ECC_NIST_P256

Key usage

Sign and verify

Key policy

The key policy must give permission for the following actions:

• DescribeKey

• GetPublicKey

• Sign

The key policy must also include the Amazon Route 53 service in the principal for your account. Specify the following:

• "Service": "api-service.dnssec.route53.aws.internal"

For more information about working with a customer managed CMK in AWS KMS, see AWS Key Management Service concepts.

Parameters:

keyManagementServiceArn - The Amazon resource name (ARN) for a customer managed customer master key (CMK) in AWS Key Management Service (AWS KMS). The KeyManagementServiceArn must be unique for each key-signing key (KSK) in a single hosted zone. To see an example of KeyManagementServiceArn that grants the correct permissions for DNSSEC, scroll down to Example.

You must configure the customer managed CMK as follows:

Status

Enabled

Key spec

ECC_NIST_P256

Key usage

Sign and verify

Key policy

The key policy must give permission for the following actions:

• DescribeKey

• GetPublicKey

• Sign

The key policy must also include the Amazon Route 53 service in the principal for your account. Specify the following:

• "Service": "api-service.dnssec.route53.aws.internal"

For more information about working with a customer managed CMK in AWS KMS, see AWS Key Management Service concepts.

Returns:

Returns a reference to this object so that method calls can be chained together.

name

CreateKeySigningKeyRequest.Builder name(String name)

A string used to identify a key-signing key (KSK). Name can include numbers, letters, and underscores (_). Name must be unique for each key-signing key in the same hosted zone.

Parameters:

name - A string used to identify a key-signing key (KSK). Name can include numbers, letters, and underscores (_). Name must be unique for each key-signing key in the same hosted zone.

Returns:

Returns a reference to this object so that method calls can be chained together.

status

CreateKeySigningKeyRequest.Builder status(String status)

A string specifying the initial status of the key-signing key (KSK). You can set the value to ACTIVE or INACTIVE.

Parameters:

status - A string specifying the initial status of the key-signing key (KSK). You can set the value to ACTIVE or INACTIVE.

Returns:

Returns a reference to this object so that method calls can be chained together.

overrideConfiguration

CreateKeySigningKeyRequest.Builder overrideConfiguration(AwsRequestOverrideConfiguration overrideConfiguration)

Specified by:

overrideConfiguration in interface AwsRequest.Builder

overrideConfiguration

CreateKeySigningKeyRequest.Builder overrideConfiguration(Consumer<AwsRequestOverrideConfiguration.Builder> builderConsumer)

Specified by:

overrideConfiguration in interface AwsRequest.Builder