aws route53 create-key-signing-key

Creates a new key-signing key (KSK) associated with a hosted zone. You can only have two KSKs per hosted zone

Options

NameDescription
--caller-reference <string>A unique string that identifies the request
--hosted-zone-id <string>The unique string (ID) used to identify a hosted zone
--key-management-service-arn <string>The Amazon resource name (ARN) for a customer managed customer master key (CMK) in AWS Key Management Service (AWS KMS). The KeyManagementServiceArn must be unique for each key-signing key (KSK) in a single hosted zone. To see an example of KeyManagementServiceArn that grants the correct permissions for DNSSEC, scroll down to Example. You must configure the customer managed CMK as follows: Status Enabled Key spec ECC_NIST_P256 Key usage Sign and verify Key policy The key policy must give permission for the following actions: DescribeKey GetPublicKey Sign The key policy must also include the Amazon Route 53 service in the principal for your account. Specify the following: "Service": "dnssec.route53.aws.amazonaws.com" For more information about working with a customer managed CMK in AWS KMS, see AWS Key Management Service concepts
--name <string>A string used to identify a key-signing key (KSK). Name can include numbers, letters, and underscores (_). Name must be unique for each key-signing key in the same hosted zone
--status <string>A string specifying the initial status of the key-signing key (KSK). You can set the value to ACTIVE or INACTIVE
--cli-input-json <string>Performs service operation based on the JSON string provided. The JSON string follows the format provided by ``--generate-cli-skeleton``. If other arguments are provided on the command line, the CLI values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally
--generate-cli-skeleton <string>Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value ``input``, prints a sample input JSON that can be used as an argument for ``--cli-input-json``. If provided with the value ``output``, it validates the command inputs and returns a sample output JSON for that command