We are excited to announce our new API Documentation.
Protected
Deletes a key-signing key (KSK). Before you can delete a KSK, you must deactivate it. The KSK must be deactivated before you can delete it regardless of whether the hosted zone is enabled for DNSSEC signing.
You can use DeactivateKeySigningKey to deactivate the key before you delete it.
Use GetDNSSEC to verify that the KSK is in an INACTIVE status.
INACTIVE
Use a bare-bones client and the command you need to make an API call.
import { Route53Client, DeleteKeySigningKeyCommand } from "@aws-sdk/client-route-53"; // ES Modules import// const { Route53Client, DeleteKeySigningKeyCommand } = require("@aws-sdk/client-route-53"); // CommonJS importconst client = new Route53Client(config);const input = { // DeleteKeySigningKeyRequest HostedZoneId: "STRING_VALUE", // required Name: "STRING_VALUE", // required};const command = new DeleteKeySigningKeyCommand(input);const response = await client.send(command);// { // DeleteKeySigningKeyResponse// ChangeInfo: { // ChangeInfo// Id: "STRING_VALUE", // required// Status: "PENDING" || "INSYNC", // required// SubmittedAt: new Date("TIMESTAMP"), // required// Comment: "STRING_VALUE",// },// };
DeleteKeySigningKeyCommandInput
DeleteKeySigningKeyCommandOutput
input
response
config
ConcurrentModification (client fault)
Another user submitted a request to create, update, or delete the object at the same time that you did. Retry the request.
InvalidInput (client fault)
The input is not valid.
InvalidKeySigningKeyStatus (client fault)
The key-signing key (KSK) status isn't valid or another KSK has the status INTERNAL_FAILURE.
INTERNAL_FAILURE
InvalidKMSArn (client fault)
The KeyManagementServiceArn that you specified isn't valid to use with DNSSEC signing.
InvalidSigningStatus (client fault)
Your hosted zone status isn't valid for this operation. In the hosted zone, change the status to enable DNSSEC or disable DNSSEC.
DNSSEC
NoSuchKeySigningKey (client fault)
The specified key-signing key (KSK) doesn't exist.
Route53ServiceException
Base exception class for all service exceptions from Route53 service.
Readonly
Static
Deletes a key-signing key (KSK). Before you can delete a KSK, you must deactivate it. The KSK must be deactivated before you can delete it regardless of whether the hosted zone is enabled for DNSSEC signing.
You can use DeactivateKeySigningKey to deactivate the key before you delete it.
Use GetDNSSEC to verify that the KSK is in an
INACTIVEstatus.Example
Use a bare-bones client and the command you need to make an API call.
Param
DeleteKeySigningKeyCommandInput
Returns
DeleteKeySigningKeyCommandOutput
See
inputshape.responseshape.configshape.Throws
ConcurrentModification (client fault)
Another user submitted a request to create, update, or delete the object at the same time that you did. Retry the request.
Throws
InvalidInput (client fault)
The input is not valid.
Throws
InvalidKeySigningKeyStatus (client fault)
The key-signing key (KSK) status isn't valid or another KSK has the status
INTERNAL_FAILURE.Throws
InvalidKMSArn (client fault)
The KeyManagementServiceArn that you specified isn't valid to use with DNSSEC signing.
Throws
InvalidSigningStatus (client fault)
Your hosted zone status isn't valid for this operation. In the hosted zone, change the status to enable
DNSSECor disableDNSSEC.Throws
NoSuchKeySigningKey (client fault)
The specified key-signing key (KSK) doesn't exist.
Throws
Route53ServiceException
Base exception class for all service exceptions from Route53 service.