Interface CreateKeySigningKeyRequest.Builder
- All Superinterfaces:
AwsRequest.Builder
,Buildable
,CopyableBuilder<CreateKeySigningKeyRequest.Builder,
,CreateKeySigningKeyRequest> Route53Request.Builder
,SdkBuilder<CreateKeySigningKeyRequest.Builder,
,CreateKeySigningKeyRequest> SdkPojo
,SdkRequest.Builder
- Enclosing class:
CreateKeySigningKeyRequest
-
Method Summary
Modifier and TypeMethodDescriptioncallerReference
(String callerReference) A unique string that identifies the request.hostedZoneId
(String hostedZoneId) The unique string (ID) used to identify a hosted zone.keyManagementServiceArn
(String keyManagementServiceArn) The Amazon resource name (ARN) for a customer managed key in Key Management Service (KMS).A string used to identify a key-signing key (KSK).overrideConfiguration
(Consumer<AwsRequestOverrideConfiguration.Builder> builderConsumer) Add an optional request override configuration.overrideConfiguration
(AwsRequestOverrideConfiguration overrideConfiguration) Add an optional request override configuration.A string specifying the initial status of the key-signing key (KSK).Methods inherited from interface software.amazon.awssdk.awscore.AwsRequest.Builder
overrideConfiguration
Methods inherited from interface software.amazon.awssdk.utils.builder.CopyableBuilder
copy
Methods inherited from interface software.amazon.awssdk.services.route53.model.Route53Request.Builder
build
Methods inherited from interface software.amazon.awssdk.utils.builder.SdkBuilder
applyMutation, build
Methods inherited from interface software.amazon.awssdk.core.SdkPojo
equalsBySdkFields, sdkFields
-
Method Details
-
callerReference
A unique string that identifies the request.
- Parameters:
callerReference
- A unique string that identifies the request.- Returns:
- Returns a reference to this object so that method calls can be chained together.
-
hostedZoneId
The unique string (ID) used to identify a hosted zone.
- Parameters:
hostedZoneId
- The unique string (ID) used to identify a hosted zone.- Returns:
- Returns a reference to this object so that method calls can be chained together.
-
keyManagementServiceArn
The Amazon resource name (ARN) for a customer managed key in Key Management Service (KMS). The
KeyManagementServiceArn
must be unique for each key-signing key (KSK) in a single hosted zone. To see an example ofKeyManagementServiceArn
that grants the correct permissions for DNSSEC, scroll down to Example.You must configure the customer managed customer managed key as follows:
- Status
-
Enabled
- Key spec
-
ECC_NIST_P256
- Key usage
-
Sign and verify
- Key policy
-
The key policy must give permission for the following actions:
-
DescribeKey
-
GetPublicKey
-
Sign
The key policy must also include the Amazon Route 53 service in the principal for your account. Specify the following:
-
"Service": "dnssec-route53.amazonaws.com"
-
For more information about working with a customer managed key in KMS, see Key Management Service concepts.
- Parameters:
keyManagementServiceArn
- The Amazon resource name (ARN) for a customer managed key in Key Management Service (KMS). TheKeyManagementServiceArn
must be unique for each key-signing key (KSK) in a single hosted zone. To see an example ofKeyManagementServiceArn
that grants the correct permissions for DNSSEC, scroll down to Example.You must configure the customer managed customer managed key as follows:
- Status
-
Enabled
- Key spec
-
ECC_NIST_P256
- Key usage
-
Sign and verify
- Key policy
-
The key policy must give permission for the following actions:
-
DescribeKey
-
GetPublicKey
-
Sign
The key policy must also include the Amazon Route 53 service in the principal for your account. Specify the following:
-
"Service": "dnssec-route53.amazonaws.com"
-
For more information about working with a customer managed key in KMS, see Key Management Service concepts.
- Returns:
- Returns a reference to this object so that method calls can be chained together.
-
name
A string used to identify a key-signing key (KSK).
Name
can include numbers, letters, and underscores (_).Name
must be unique for each key-signing key in the same hosted zone.- Parameters:
name
- A string used to identify a key-signing key (KSK).Name
can include numbers, letters, and underscores (_).Name
must be unique for each key-signing key in the same hosted zone.- Returns:
- Returns a reference to this object so that method calls can be chained together.
-
status
A string specifying the initial status of the key-signing key (KSK). You can set the value to
ACTIVE
orINACTIVE
.- Parameters:
status
- A string specifying the initial status of the key-signing key (KSK). You can set the value toACTIVE
orINACTIVE
.- Returns:
- Returns a reference to this object so that method calls can be chained together.
-
overrideConfiguration
CreateKeySigningKeyRequest.Builder overrideConfiguration(AwsRequestOverrideConfiguration overrideConfiguration) Description copied from interface:AwsRequest.Builder
Add an optional request override configuration.- Specified by:
overrideConfiguration
in interfaceAwsRequest.Builder
- Parameters:
overrideConfiguration
- The override configuration.- Returns:
- This object for method chaining.
-
overrideConfiguration
CreateKeySigningKeyRequest.Builder overrideConfiguration(Consumer<AwsRequestOverrideConfiguration.Builder> builderConsumer) Description copied from interface:AwsRequest.Builder
Add an optional request override configuration.- Specified by:
overrideConfiguration
in interfaceAwsRequest.Builder
- Parameters:
builderConsumer
- AConsumer
to which an emptyAwsRequestOverrideConfiguration.Builder
will be given.- Returns:
- This object for method chaining.
-