AWS::SES::EmailIdentity DkimSigningAttributes
Used to configure or change the DKIM authentication settings for an email domain identity. You can use this operation to do any of the following:
-
Update the signing attributes for an identity that uses Bring Your Own DKIM (BYODKIM).
-
Update the key length that should be used for Easy DKIM.
-
Change from using no DKIM authentication to using Easy DKIM.
-
Change from using no DKIM authentication to using BYODKIM.
-
Change from using Easy DKIM to using BYODKIM.
-
Change from using BYODKIM to using Easy DKIM.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "DomainSigningPrivateKey" :String, "DomainSigningSelector" :String, "NextSigningKeyLength" :String}
YAML
DomainSigningPrivateKey:StringDomainSigningSelector:StringNextSigningKeyLength:String
Properties
DomainSigningPrivateKey-
[Bring Your Own DKIM] A private key that's used to generate a DKIM signature.
The private key must use 1024 or 2048-bit RSA encryption, and must be encoded using base64 encoding.
Important
Rather than embedding sensitive information directly in your CFN templates, we recommend you use dynamic parameters in the stack template to reference sensitive information that is stored and managed outside of CFN, such as in the AWS Systems Manager Parameter Store or AWS Secrets Manager.
For more information, see the Do not embed credentials in your templates best practice.
Required: No
Type: String
Update requires: No interruption
DomainSigningSelector-
[Bring Your Own DKIM] A string that's used to identify a public key in the DNS configuration for a domain.
Required: No
Type: String
Update requires: No interruption
NextSigningKeyLength-
[Easy DKIM] The key length of the future DKIM key pair to be generated. This can be changed at most once per day.
Valid Values:
RSA_1024_BIT | RSA_2048_BITRequired: No
Type: String
Pattern:
RSA_1024_BIT|RSA_2048_BITUpdate requires: No interruption
