Class ZoneSigningOptions
Options for enabling key signing from a hosted zone.
Inheritance
System.Object
ZoneSigningOptions
Implements
Namespace: Amazon.CDK.AWS.Route53
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public class ZoneSigningOptions : Object, IZoneSigningOptions
Syntax (vb)
Public Class ZoneSigningOptions
Inherits Object
Implements IZoneSigningOptions
Remarks
ExampleMetadata: infused
Examples
var kmsKey = new Key(this, "KmsCMK", new KeyProps {
KeySpec = KeySpec.ECC_NIST_P256,
KeyUsage = KeyUsage.SIGN_VERIFY
});
var hostedZone = new HostedZone(this, "HostedZone", new HostedZoneProps {
ZoneName = "example.com"
});
// Enable DNSSEC signing for the zone
hostedZone.EnableDnssec(new ZoneSigningOptions { KmsKey = kmsKey });
Synopsis
Constructors
ZoneSigningOptions() |
Properties
KeySigningKeyName | The name for the key signing key. |
KmsKey | The customer-managed KMS key that that will be used to sign the records. |
Constructors
ZoneSigningOptions()
public ZoneSigningOptions()
Properties
KeySigningKeyName
The name for the key signing key.
public string KeySigningKeyName { get; set; }
Property Value
System.String
Remarks
This name must be unique within a hosted zone.
Default: an autogenerated name
KmsKey
The customer-managed KMS key that that will be used to sign the records.
public IKey KmsKey { get; set; }
Property Value
Remarks
The KMS Key must be unique for each KSK within a hosted zone. Additionally, the KMS key must be an asymetric customer-managed key using the ECC_NIST_P256 algorithm.