createKeySigningKey method
Creates a new key signing key (KSK) associated with a hosted zone. You can only have two KSKs per hosted zone.
May throw NoSuchHostedZone. May throw InvalidArgument. May throw InvalidInput. May throw InvalidKMSArn. May throw InvalidKeySigningKeyStatus. May throw InvalidSigningStatus. May throw InvalidKeySigningKeyName. May throw KeySigningKeyAlreadyExists. May throw TooManyKeySigningKeys. May throw ConcurrentModification.
Parameter callerReference
:
A unique string that identifies the request.
Parameter hostedZoneId
:
The unique string (ID) used to identify a hosted zone.
Parameter keyManagementServiceArn
:
The Amazon resource name (ARN) for a customer managed key (CMK) in AWS Key
Management Service (KMS). The KeyManagementServiceArn
must be
unique for each key signing key (KSK) in a single hosted zone. To see an
example of KeyManagementServiceArn
that grants the correct
permissions for DNSSEC, scroll down to Example.
You must configure the CMK as follows:
- Status
- Enabled
- Key spec
- ECC_NIST_P256
- Key usage
- Sign and verify
- Key policy
-
The key policy must give permission for the following actions:
- DescribeKey
- GetPublicKey
- Sign
-
"Service": "api-service.dnssec.route53.aws.internal"
Parameter name
:
An alphanumeric string used to identify a key signing key (KSK).
Name
must be unique for each key signing key in the same
hosted zone.
Parameter status
:
A string specifying the initial status of the key signing key (KSK). You
can set the value to ACTIVE
or INACTIVE
.
Implementation
Future<CreateKeySigningKeyResponse> createKeySigningKey({
required String callerReference,
required String hostedZoneId,
required String keyManagementServiceArn,
required String name,
required String status,
}) async {
ArgumentError.checkNotNull(callerReference, 'callerReference');
_s.validateStringLength(
'callerReference',
callerReference,
1,
128,
isRequired: true,
);
ArgumentError.checkNotNull(hostedZoneId, 'hostedZoneId');
_s.validateStringLength(
'hostedZoneId',
hostedZoneId,
0,
32,
isRequired: true,
);
ArgumentError.checkNotNull(
keyManagementServiceArn, 'keyManagementServiceArn');
ArgumentError.checkNotNull(name, 'name');
_s.validateStringLength(
'name',
name,
3,
128,
isRequired: true,
);
ArgumentError.checkNotNull(status, 'status');
_s.validateStringLength(
'status',
status,
5,
150,
isRequired: true,
);
final $result = await _protocol.sendRaw(
method: 'POST',
requestUri: '/2013-04-01/keysigningkey',
payload: CreateKeySigningKeyRequest(
callerReference: callerReference,
hostedZoneId: hostedZoneId,
keyManagementServiceArn: keyManagementServiceArn,
name: name,
status: status)
.toXml(
'CreateKeySigningKeyRequest',
attributes: [
_s.XmlAttribute(_s.XmlName('xmlns'),
'https://route53.amazonaws.com/doc/2013-04-01/'),
],
),
exceptionFnMap: _exceptionFns,
);
final $elem = await _s.xmlFromResponse($result);
return CreateKeySigningKeyResponse(
changeInfo: ChangeInfo.fromXml(_s.extractXmlChild($elem, 'ChangeInfo')!),
keySigningKey:
KeySigningKey.fromXml(_s.extractXmlChild($elem, 'KeySigningKey')!),
location: _s.extractHeaderStringValue($result.headers, 'Location')!,
);
}