Interface IZoneSigningOptions
Options for enabling key signing from a hosted zone.
Namespace: Amazon.CDK.AWS.Route53
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public interface IZoneSigningOptions
Syntax (vb)
Public Interface IZoneSigningOptions
Remarks
ExampleMetadata: infused
Examples
var kmsKey = new Key(this, "KmsCMK", new KeyProps {
KeySpec = KeySpec.ECC_NIST_P256,
KeyUsage = KeyUsage.SIGN_VERIFY
});
var hostedZone = new HostedZone(this, "HostedZone", new HostedZoneProps {
ZoneName = "example.com"
});
// Enable DNSSEC signing for the zone
hostedZone.EnableDnssec(new ZoneSigningOptions { KmsKey = kmsKey });
Synopsis
Properties
KeySigningKeyName | The name for the key signing key. |
KmsKey | The customer-managed KMS key that that will be used to sign the records. |
Properties
KeySigningKeyName
The name for the key signing key.
virtual string KeySigningKeyName { get; }
Property Value
System.String
Remarks
This name must be unique within a hosted zone.
Default: an autogenerated name
KmsKey
The customer-managed KMS key that that will be used to sign the records.
IKey KmsKey { get; }
Property Value
Remarks
The KMS Key must be unique for each KSK within a hosted zone. Additionally, the KMS key must be an asymetric customer-managed key using the ECC_NIST_P256 algorithm.