Interface CreateKeySigningKeyRequest.Builder

All Superinterfaces:
AwsRequest.Builder, Buildable, CopyableBuilder<CreateKeySigningKeyRequest.Builder,CreateKeySigningKeyRequest>, Route53Request.Builder, SdkBuilder<CreateKeySigningKeyRequest.Builder,CreateKeySigningKeyRequest>, SdkPojo, SdkRequest.Builder
Enclosing class:
CreateKeySigningKeyRequest
@Mutable @NotThreadSafe public static interface CreateKeySigningKeyRequest.Builder extends Route53Request.Builder, SdkPojo, CopyableBuilder<CreateKeySigningKeyRequest.Builder,CreateKeySigningKeyRequest>

  • Method Details

    • callerReference

      CreateKeySigningKeyRequest.Builder callerReference(String callerReference)

      A unique string that identifies the request.

      Parameters:
      callerReference - A unique string that identifies the request.
      Returns:
      Returns a reference to this object so that method calls can be chained together.

    • hostedZoneId

      CreateKeySigningKeyRequest.Builder hostedZoneId(String hostedZoneId)

      The unique string (ID) used to identify a hosted zone.

      Parameters:
      hostedZoneId - The unique string (ID) used to identify a hosted zone.
      Returns:
      Returns a reference to this object so that method calls can be chained together.

    • keyManagementServiceArn

      CreateKeySigningKeyRequest.Builder keyManagementServiceArn(String keyManagementServiceArn)

      The Amazon resource name (ARN) for a customer managed key in Key Management Service (KMS). The KeyManagementServiceArn must be unique for each key-signing key (KSK) in a single hosted zone. To see an example of KeyManagementServiceArn that grants the correct permissions for DNSSEC, scroll down to Example.

      You must configure the customer managed customer managed key as follows:

      Status

      Enabled

      Key spec

      ECC_NIST_P256

      Key usage

      Sign and verify

      Key policy

      The key policy must give permission for the following actions:

      • DescribeKey

      • GetPublicKey

      • Sign

      The key policy must also include the Amazon Route 53 service in the principal for your account. Specify the following:

      • "Service": "dnssec-route53.amazonaws.com"

      For more information about working with a customer managed key in KMS, see Key Management Service concepts.

      Parameters:
      keyManagementServiceArn - The Amazon resource name (ARN) for a customer managed key in Key Management Service (KMS). The KeyManagementServiceArn must be unique for each key-signing key (KSK) in a single hosted zone. To see an example of KeyManagementServiceArn that grants the correct permissions for DNSSEC, scroll down to Example.

      You must configure the customer managed customer managed key as follows:

      Status

      Enabled

      Key spec

      ECC_NIST_P256

      Key usage

      Sign and verify

      Key policy

      The key policy must give permission for the following actions:

      • DescribeKey

      • GetPublicKey

      • Sign

      The key policy must also include the Amazon Route 53 service in the principal for your account. Specify the following:

      • "Service": "dnssec-route53.amazonaws.com"

      For more information about working with a customer managed key in KMS, see Key Management Service concepts.

      Returns:
      Returns a reference to this object so that method calls can be chained together.

    • name

      CreateKeySigningKeyRequest.Builder name(String name)

      A string used to identify a key-signing key (KSK). Name can include numbers, letters, and underscores (_). Name must be unique for each key-signing key in the same hosted zone.

      Parameters:
      name - A string used to identify a key-signing key (KSK). Name can include numbers, letters, and underscores (_). Name must be unique for each key-signing key in the same hosted zone.
      Returns:
      Returns a reference to this object so that method calls can be chained together.

    • status

      CreateKeySigningKeyRequest.Builder status(String status)

      A string specifying the initial status of the key-signing key (KSK). You can set the value to ACTIVE or INACTIVE.

      Parameters:
      status - A string specifying the initial status of the key-signing key (KSK). You can set the value to ACTIVE or INACTIVE.
      Returns:
      Returns a reference to this object so that method calls can be chained together.

    • overrideConfiguration

      CreateKeySigningKeyRequest.Builder overrideConfiguration(AwsRequestOverrideConfiguration overrideConfiguration)
      Description copied from interface: AwsRequest.Builder
      Add an optional request override configuration.
      Specified by:
      overrideConfiguration in interface AwsRequest.Builder
      Parameters:
      overrideConfiguration - The override configuration.
      Returns:
      This object for method chaining.

    • overrideConfiguration

      CreateKeySigningKeyRequest.Builder overrideConfiguration(Consumer<AwsRequestOverrideConfiguration.Builder> builderConsumer)
      Description copied from interface: AwsRequest.Builder
      Add an optional request override configuration.
      Specified by:
      overrideConfiguration in interface AwsRequest.Builder
      Parameters:
      builderConsumer - A Consumer to which an empty AwsRequestOverrideConfiguration.Builder will be given.
      Returns:
      This object for method chaining.