UNPKG

@pulumi/aws

Version:

A Pulumi package for creating and managing Amazon Web Services (AWS) cloud resources.

pulumi/pulumi-aws

164 lines • 7.34 kB

JavaScript

"use strict"; // *** WARNING: this file was generated by pulumi-language-nodejs. *** // *** Do not edit by hand unless you're certain you know what you are doing! *** Object.defineProperty(exports, "__esModule", { value: true }); exports.KeySigningKey = void 0; const pulumi = require("@pulumi/pulumi"); const utilities = require("../utilities"); /** * Manages a Route 53 Key Signing Key. To manage Domain Name System Security Extensions (DNSSEC) for a Hosted Zone, see the `aws.route53.HostedZoneDnsSec` resource. For more information about managing DNSSEC in Route 53, see the [Route 53 Developer Guide](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-configuring-dnssec.html). * * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * * const current = aws.getCallerIdentity({}); * const example = new aws.kms.Key("example", { * customerMasterKeySpec: "ECC_NIST_P256", * deletionWindowInDays: 7, * keyUsage: "SIGN_VERIFY", * policy: JSON.stringify({ * Statement: [ * { * Action: [ * "kms:DescribeKey", * "kms:GetPublicKey", * "kms:Sign", * ], * Effect: "Allow", * Principal: { * Service: "dnssec-route53.amazonaws.com", * }, * Sid: "Allow Route 53 DNSSEC Service", * Resource: "*", * Condition: { * StringEquals: { * "aws:SourceAccount": current.then(current => current.accountId), * }, * ArnLike: { * "aws:SourceArn": "arn:aws:route53:::hostedzone/*", * }, * }, * }, * { * Action: "kms:CreateGrant", * Effect: "Allow", * Principal: { * Service: "dnssec-route53.amazonaws.com", * }, * Sid: "Allow Route 53 DNSSEC Service to CreateGrant", * Resource: "*", * Condition: { * Bool: { * "kms:GrantIsForAWSResource": "true", * }, * }, * }, * { * Action: "kms:*", * Effect: "Allow", * Principal: { * AWS: current.then(current => `arn:aws:iam::${current.accountId}:root`), * }, * Resource: "*", * Sid: "Enable IAM User Permissions", * }, * ], * Version: "2012-10-17", * }), * }); * const exampleZone = new aws.route53.Zone("example", {name: "example.com"}); * const exampleKeySigningKey = new aws.route53.KeySigningKey("example", { * hostedZoneId: test.id, * keyManagementServiceArn: testAwsKmsKey.arn, * name: "example", * }); * const exampleHostedZoneDnsSec = new aws.route53.HostedZoneDnsSec("example", {hostedZoneId: exampleKeySigningKey.hostedZoneId}, { * dependsOn: [exampleKeySigningKey], * }); * ``` * * ## Import * * Using `pulumi import`, import `aws_route53_key_signing_key` resources using the Route 53 Hosted Zone identifier and KMS Key identifier, separated by a comma (`,`). For example: * * ```sh * $ pulumi import aws:route53/keySigningKey:KeySigningKey example Z1D633PJN98FT9,example * ``` */ class KeySigningKey extends pulumi.CustomResource { /** * Get an existing KeySigningKey resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name, id, state, opts) { return new KeySigningKey(name, state, { ...opts, id: id }); } /** * Returns true if the given object is an instance of KeySigningKey. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj) { if (obj === undefined || obj === null) { return false; } return obj['__pulumiType'] === KeySigningKey.__pulumiType; } constructor(name, argsOrState, opts) { let resourceInputs = {}; opts = opts || {}; if (opts.id) { const state = argsOrState; resourceInputs["digestAlgorithmMnemonic"] = state?.digestAlgorithmMnemonic; resourceInputs["digestAlgorithmType"] = state?.digestAlgorithmType; resourceInputs["digestValue"] = state?.digestValue; resourceInputs["dnskeyRecord"] = state?.dnskeyRecord; resourceInputs["dsRecord"] = state?.dsRecord; resourceInputs["flag"] = state?.flag; resourceInputs["hostedZoneId"] = state?.hostedZoneId; resourceInputs["keyManagementServiceArn"] = state?.keyManagementServiceArn; resourceInputs["keyTag"] = state?.keyTag; resourceInputs["name"] = state?.name; resourceInputs["publicKey"] = state?.publicKey; resourceInputs["signingAlgorithmMnemonic"] = state?.signingAlgorithmMnemonic; resourceInputs["signingAlgorithmType"] = state?.signingAlgorithmType; resourceInputs["status"] = state?.status; } else { const args = argsOrState; if (args?.hostedZoneId === undefined && !opts.urn) { throw new Error("Missing required property 'hostedZoneId'"); } if (args?.keyManagementServiceArn === undefined && !opts.urn) { throw new Error("Missing required property 'keyManagementServiceArn'"); } resourceInputs["hostedZoneId"] = args?.hostedZoneId; resourceInputs["keyManagementServiceArn"] = args?.keyManagementServiceArn; resourceInputs["name"] = args?.name; resourceInputs["status"] = args?.status; resourceInputs["digestAlgorithmMnemonic"] = undefined /*out*/; resourceInputs["digestAlgorithmType"] = undefined /*out*/; resourceInputs["digestValue"] = undefined /*out*/; resourceInputs["dnskeyRecord"] = undefined /*out*/; resourceInputs["dsRecord"] = undefined /*out*/; resourceInputs["flag"] = undefined /*out*/; resourceInputs["keyTag"] = undefined /*out*/; resourceInputs["publicKey"] = undefined /*out*/; resourceInputs["signingAlgorithmMnemonic"] = undefined /*out*/; resourceInputs["signingAlgorithmType"] = undefined /*out*/; } opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); super(KeySigningKey.__pulumiType, name, resourceInputs, opts); } } exports.KeySigningKey = KeySigningKey; /** @internal */ KeySigningKey.__pulumiType = 'aws:route53/keySigningKey:KeySigningKey'; //# sourceMappingURL=keySigningKey.js.map