AWS::Route53::KeySigningKey

Route53 KeySigningKey

Represents a key signing key (KSK) associated with a hosted zone. You can only have two KSKs per hosted zone.

Properties

4 configurable properties. 4 required. Click a row to see details.

Filter:

Property	Type	Flags
`HostedZoneId`	`string`	RequiredCreate-only
`KeyManagementServiceArn`	`string`	RequiredCreate-only
`Name`	`string`	RequiredCreate-only
`Status`	`string`	Required

Sample CloudFormation Template

A minimal template with required properties and common optional ones.

template.yaml

AWSTemplateFormatVersion: "2010-09-09"
Description: Sample template for AWS::Route53::KeySigningKey

Resources:
  MyResource:
    Type: AWS::Route53::KeySigningKey
    Properties:
      Status: "ACTIVE"
      HostedZoneId: "my-hostedzoneid"
      Name: "my-name"
      KeyManagementServiceArn: "arn:aws:service:region:account:resource"

Required IAM Permissions

Permissions CloudFormation needs in your IAM role to manage this resource.

create

route53:CreateKeySigningKeykms:DescribeKeykms:GetPublicKeykms:Signkms:CreateGrant

read

route53:GetDNSSEC

update

route53:GetDNSSECroute53:ActivateKeySigningKeyroute53:DeactivateKeySigningKeykms:DescribeKeykms:GetPublicKeykms:Signkms:CreateGrant

delete

route53:DeactivateKeySigningKeyroute53:DeleteKeySigningKeykms:DescribeKeykms:GetPublicKeykms:Signkms:CreateGrant

list

route53:GetDNSSECroute53:ListHostedZones

Get the Route53 Cheat Sheet

Everything you need to know about Route53 on one page. HD quality, print-friendly.

Download Free Infographic

Quick Facts

ServiceRoute53

Properties4

Required4

TaggingNot supported

Primary IDHostedZoneId

Supported Operations

CreateReadUpdateDeleteList

Immutable After Creation

These properties cannot be changed after the resource is created. Updating them triggers a replacement.

HostedZoneIdNameKeyManagementServiceArn

Related Resources

External Links

AWS Documentation