kmsArn property
The Amazon resource name (ARN) used to identify the customer managed key
(CMK) in AWS Key Management Service (KMS). The KmsArn
must be
unique for each key signing key (KSK) in a single hosted zone.
You must configure the CMK as follows:
- Status
- Enabled
- Key spec
- ECC_NIST_P256
- Key usage
- Sign and verify
- Key policy
-
The key policy must give permission for the following actions:
- DescribeKey
- GetPublicKey
- Sign
-
"Service": "api-service.dnssec.route53.aws.internal"
Implementation
final String? kmsArn;