Copyright | (c) 2013-2023 Brendan Hay |
---|---|
License | Mozilla Public License, v. 2.0. |
Maintainer | Brendan Hay |
Stability | auto-generated |
Portability | non-portable (GHC extensions) |
Safe Haskell | Safe-Inferred |
Language | Haskell2010 |
Creates a new key-signing key (KSK) associated with a hosted zone. You can only have two KSKs per hosted zone.
Synopsis
- data CreateKeySigningKey = CreateKeySigningKey' {}
- newCreateKeySigningKey :: Text -> ResourceId -> Text -> Text -> Text -> CreateKeySigningKey
- createKeySigningKey_callerReference :: Lens' CreateKeySigningKey Text
- createKeySigningKey_hostedZoneId :: Lens' CreateKeySigningKey ResourceId
- createKeySigningKey_keyManagementServiceArn :: Lens' CreateKeySigningKey Text
- createKeySigningKey_name :: Lens' CreateKeySigningKey Text
- createKeySigningKey_status :: Lens' CreateKeySigningKey Text
- data CreateKeySigningKeyResponse = CreateKeySigningKeyResponse' {}
- newCreateKeySigningKeyResponse :: Int -> ChangeInfo -> KeySigningKey -> Text -> CreateKeySigningKeyResponse
- createKeySigningKeyResponse_httpStatus :: Lens' CreateKeySigningKeyResponse Int
- createKeySigningKeyResponse_changeInfo :: Lens' CreateKeySigningKeyResponse ChangeInfo
- createKeySigningKeyResponse_keySigningKey :: Lens' CreateKeySigningKeyResponse KeySigningKey
- createKeySigningKeyResponse_location :: Lens' CreateKeySigningKeyResponse Text
Creating a Request
data CreateKeySigningKey Source #
See: newCreateKeySigningKey
smart constructor.
CreateKeySigningKey' | |
|
Instances
newCreateKeySigningKey Source #
:: Text | |
-> ResourceId | |
-> Text | |
-> Text | |
-> Text | |
-> CreateKeySigningKey |
Create a value of CreateKeySigningKey
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
CreateKeySigningKey
, createKeySigningKey_callerReference
- A unique string that identifies the request.
CreateKeySigningKey
, createKeySigningKey_hostedZoneId
- The unique string (ID) used to identify a hosted zone.
$sel:keyManagementServiceArn:CreateKeySigningKey'
, createKeySigningKey_keyManagementServiceArn
- The Amazon resource name (ARN) for a customer managed key in Key
Management Service (KMS). The KeyManagementServiceArn
must be unique
for each key-signing key (KSK) in a single hosted zone. To see an
example of KeyManagementServiceArn
that grants the correct permissions
for DNSSEC, scroll down to Example.
You must configure the customer managed customer managed key as follows:
- Status
- Enabled
- Key spec
- ECC_NIST_P256
- Key usage
- Sign and verify
- Key policy
- The key policy must give permission for the following actions:
- DescribeKey
- GetPublicKey
- Sign
The key policy must also include the Amazon Route 53 service in the principal for your account. Specify the following:
"Service": "dnssec-route53.amazonaws.com"
For more information about working with a customer managed key in KMS, see Key Management Service concepts.
CreateKeySigningKey
, createKeySigningKey_name
- A string used to identify a key-signing key (KSK). Name
can include
numbers, letters, and underscores (_). Name
must be unique for each
key-signing key in the same hosted zone.
CreateKeySigningKey
, createKeySigningKey_status
- A string specifying the initial status of the key-signing key (KSK). You
can set the value to ACTIVE
or INACTIVE
.
Request Lenses
createKeySigningKey_callerReference :: Lens' CreateKeySigningKey Text Source #
A unique string that identifies the request.
createKeySigningKey_hostedZoneId :: Lens' CreateKeySigningKey ResourceId Source #
The unique string (ID) used to identify a hosted zone.
createKeySigningKey_keyManagementServiceArn :: Lens' CreateKeySigningKey Text Source #
The Amazon resource name (ARN) for a customer managed key in Key
Management Service (KMS). The KeyManagementServiceArn
must be unique
for each key-signing key (KSK) in a single hosted zone. To see an
example of KeyManagementServiceArn
that grants the correct permissions
for DNSSEC, scroll down to Example.
You must configure the customer managed customer managed key as follows:
- Status
- Enabled
- Key spec
- ECC_NIST_P256
- Key usage
- Sign and verify
- Key policy
- The key policy must give permission for the following actions:
- DescribeKey
- GetPublicKey
- Sign
The key policy must also include the Amazon Route 53 service in the principal for your account. Specify the following:
"Service": "dnssec-route53.amazonaws.com"
For more information about working with a customer managed key in KMS, see Key Management Service concepts.
createKeySigningKey_name :: Lens' CreateKeySigningKey Text Source #
A string used to identify a key-signing key (KSK). Name
can include
numbers, letters, and underscores (_). Name
must be unique for each
key-signing key in the same hosted zone.
createKeySigningKey_status :: Lens' CreateKeySigningKey Text Source #
A string specifying the initial status of the key-signing key (KSK). You
can set the value to ACTIVE
or INACTIVE
.
Destructuring the Response
data CreateKeySigningKeyResponse Source #
See: newCreateKeySigningKeyResponse
smart constructor.
CreateKeySigningKeyResponse' | |
|
Instances
newCreateKeySigningKeyResponse Source #
:: Int | |
-> ChangeInfo | |
-> KeySigningKey | |
-> Text | |
-> CreateKeySigningKeyResponse |
Create a value of CreateKeySigningKeyResponse
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:httpStatus:CreateKeySigningKeyResponse'
, createKeySigningKeyResponse_httpStatus
- The response's http status code.
$sel:changeInfo:CreateKeySigningKeyResponse'
, createKeySigningKeyResponse_changeInfo
- Undocumented member.
$sel:keySigningKey:CreateKeySigningKeyResponse'
, createKeySigningKeyResponse_keySigningKey
- The key-signing key (KSK) that the request creates.
$sel:location:CreateKeySigningKeyResponse'
, createKeySigningKeyResponse_location
- The unique URL representing the new key-signing key (KSK).
Response Lenses
createKeySigningKeyResponse_httpStatus :: Lens' CreateKeySigningKeyResponse Int Source #
The response's http status code.
createKeySigningKeyResponse_changeInfo :: Lens' CreateKeySigningKeyResponse ChangeInfo Source #
Undocumented member.
createKeySigningKeyResponse_keySigningKey :: Lens' CreateKeySigningKeyResponse KeySigningKey Source #
The key-signing key (KSK) that the request creates.
createKeySigningKeyResponse_location :: Lens' CreateKeySigningKeyResponse Text Source #
The unique URL representing the new key-signing key (KSK).