DeleteKeySigningKey
Deletes a key-signing key (KSK). Before you can delete a KSK, you must deactivate it. The KSK must be deactivated before you can delete it regardless of whether the hosted zone is enabled for DNSSEC signing.
You can use DeactivateKeySigningKey to deactivate the key before you delete it.
Use GetDNSSEC to verify that the KSK is in an INACTIVE
status.
Request Syntax
DELETE /2013-04-01/keysigningkey/HostedZoneId
/Name
HTTP/1.1
URI Request Parameters
The request uses the following URI parameters.
- HostedZoneId
-
A unique string used to identify a hosted zone.
Length Constraints: Maximum length of 32.
Required: Yes
- Name
-
A string used to identify a key-signing key (KSK).
Length Constraints: Minimum length of 3. Maximum length of 128.
Required: Yes
Request Body
The request does not have a request body.
Response Syntax
HTTP/1.1 200
<?xml version="1.0" encoding="UTF-8"?>
<DeleteKeySigningKeyResponse>
<ChangeInfo>
<Comment>string</Comment>
<Id>string</Id>
<Status>string</Status>
<SubmittedAt>timestamp</SubmittedAt>
</ChangeInfo>
</DeleteKeySigningKeyResponse>
Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in XML format by the service.
- DeleteKeySigningKeyResponse
-
Root level tag for the DeleteKeySigningKeyResponse parameters.
Required: Yes
- ChangeInfo
-
A complex type that describes change information about changes made to your hosted zone.
Type: ChangeInfo object
Errors
For information about the errors that are common to all actions, see Common Errors.
- ConcurrentModification
-
Another user submitted a request to create, update, or delete the object at the same time that you did. Retry the request.
HTTP Status Code: 400
- InvalidInput
-
The input is not valid.
HTTP Status Code: 400
- InvalidKeySigningKeyStatus
-
The key-signing key (KSK) status isn't valid or another KSK has the status
INTERNAL_FAILURE
.HTTP Status Code: 400
- InvalidKMSArn
-
The KeyManagementServiceArn that you specified isn't valid to use with DNSSEC signing.
HTTP Status Code: 400
- InvalidSigningStatus
-
Your hosted zone status isn't valid for this operation. In the hosted zone, change the status to enable
DNSSEC
or disableDNSSEC
.HTTP Status Code: 400
- NoSuchKeySigningKey
-
The specified key-signing key (KSK) doesn't exist.
HTTP Status Code: 404
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following: