Package software.amazon.awssdk.services.route53.model

Class CreateKeySigningKeyRequest

java.lang.Object
software.amazon.awssdk.core.SdkRequest
software.amazon.awssdk.awscore.AwsRequest
software.amazon.awssdk.services.route53.model.Route53Request
software.amazon.awssdk.services.route53.model.CreateKeySigningKeyRequest
All Implemented Interfaces:
SdkPojo, ToCopyableBuilder<CreateKeySigningKeyRequest.Builder,CreateKeySigningKeyRequest>
@Generated("software.amazon.awssdk:codegen") public final class CreateKeySigningKeyRequest extends Route53Request implements ToCopyableBuilder<CreateKeySigningKeyRequest.Builder,CreateKeySigningKeyRequest>

  • Method Details

    • callerReference

      public final String callerReference()

      A unique string that identifies the request.

      Returns:
      A unique string that identifies the request.

    • hostedZoneId

      public final String hostedZoneId()

      The unique string (ID) used to identify a hosted zone.

      Returns:
      The unique string (ID) used to identify a hosted zone.

    • keyManagementServiceArn

      public final String keyManagementServiceArn()

      The Amazon resource name (ARN) for a customer managed key in Key Management Service (KMS). The KeyManagementServiceArn must be unique for each key-signing key (KSK) in a single hosted zone. To see an example of KeyManagementServiceArn that grants the correct permissions for DNSSEC, scroll down to Example.

      You must configure the customer managed customer managed key as follows:

      Status

      Enabled

      Key spec

      ECC_NIST_P256

      Key usage

      Sign and verify

      Key policy

      The key policy must give permission for the following actions:

      • DescribeKey

      • GetPublicKey

      • Sign

      The key policy must also include the Amazon Route 53 service in the principal for your account. Specify the following:

      • "Service": "dnssec-route53.amazonaws.com"

      For more information about working with a customer managed key in KMS, see Key Management Service concepts.

      Returns:
      The Amazon resource name (ARN) for a customer managed key in Key Management Service (KMS). The KeyManagementServiceArn must be unique for each key-signing key (KSK) in a single hosted zone. To see an example of KeyManagementServiceArn that grants the correct permissions for DNSSEC, scroll down to Example.

      You must configure the customer managed customer managed key as follows:

      Status

      Enabled

      Key spec

      ECC_NIST_P256

      Key usage

      Sign and verify

      Key policy

      The key policy must give permission for the following actions:

      • DescribeKey

      • GetPublicKey

      • Sign

      The key policy must also include the Amazon Route 53 service in the principal for your account. Specify the following:

      • "Service": "dnssec-route53.amazonaws.com"

      For more information about working with a customer managed key in KMS, see Key Management Service concepts.

    • name

      public final String name()

      A string used to identify a key-signing key (KSK). Name can include numbers, letters, and underscores (_). Name must be unique for each key-signing key in the same hosted zone.

      Returns:
      A string used to identify a key-signing key (KSK). Name can include numbers, letters, and underscores (_). Name must be unique for each key-signing key in the same hosted zone.

    • status

      public final String status()

      A string specifying the initial status of the key-signing key (KSK). You can set the value to ACTIVE or INACTIVE.

      Returns:
      A string specifying the initial status of the key-signing key (KSK). You can set the value to ACTIVE or INACTIVE.

    • toBuilder

      public CreateKeySigningKeyRequest.Builder toBuilder()
      Specified by:
      toBuilder in interface ToCopyableBuilder<CreateKeySigningKeyRequest.Builder,CreateKeySigningKeyRequest>
      Specified by:
      toBuilder in class Route53Request

    • builder

      public static CreateKeySigningKeyRequest.Builder builder()

    • serializableBuilderClass

      public static Class<? extends CreateKeySigningKeyRequest.Builder> serializableBuilderClass()

    • hashCode

      public final int hashCode()
      Overrides:
      hashCode in class AwsRequest

    • equals

      public final boolean equals(Object obj)
      Overrides:
      equals in class AwsRequest

    • equalsBySdkFields

      public final boolean equalsBySdkFields(Object obj)
      Specified by:
      equalsBySdkFields in interface SdkPojo

    • toString

      public final String toString()
      Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be redacted from this string using a placeholder value.
      Overrides:
      toString in class Object

    • getValueForField

      public final <T> Optional<T> getValueForField(String fieldName, Class<T> clazz)
      Overrides:
      getValueForField in class SdkRequest

    • sdkFields

      public final List<SdkField<?>> sdkFields()
      Specified by:
      sdkFields in interface SdkPojo

    • sdkFieldNameToField

      public final Map<String,SdkField<?>> sdkFieldNameToField()
      Specified by:
      sdkFieldNameToField in interface SdkPojo