UNPKG

aws-cdk-lib

Version:

Version 2 of the AWS Cloud Development Kit library

github.com/aws/aws-cdk

aws/aws-cdk

104 lines (103 loc) 2.96 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
import { Construct } from 'constructs'; import { IHostedZone } from './hosted-zone-ref'; import * as kms from '../../aws-kms'; import { Resource, IResource } from '../../core'; /** * Properties for constructing a Key Signing Key. */ export interface KeySigningKeyProps { /** * The hosted zone that this key will be used to sign. */ readonly hostedZone: IHostedZone; /** * The customer-managed KMS key that that will be used to sign the records. * * The KMS Key must be unique for each KSK within a hosted zone. Additionally, the * KMS key must be an asymetric customer-managed key using the ECC_NIST_P256 algorithm. * * @see https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-configuring-dnssec-cmk-requirements.html */ readonly kmsKey: kms.IKey; /** * The name for the key signing key. * * This name must be unique within a hosted zone. * * @default an autogenerated name */ readonly keySigningKeyName?: string; /** * The status of the key signing key. * * @default ACTIVE */ readonly status?: KeySigningKeyStatus; } /** * The status for a Key Signing Key. */ export declare enum KeySigningKeyStatus { /** The KSK is being used for signing. */ ACTIVE = "ACTIVE", /** The KSK is not being used for signing. */ INACTIVE = "INACTIVE" } /** * A Key Signing Key for a Route 53 Hosted Zone. */ export interface IKeySigningKey extends IResource { /** * The hosted zone that the key signing key signs. * * @attribute */ readonly hostedZone: IHostedZone; /** * The name of the key signing key. * * @attribute */ readonly keySigningKeyName: string; /** * The ID of the key signing key, derived from the hosted zone ID and its name. * * @attribute */ readonly keySigningKeyId: string; } /** * The attributes of a key signing key. */ export interface KeySigningKeyAttributes { /** * The hosted zone that the key signing key signs. * * @attribute */ readonly hostedZone: IHostedZone; /** * The name of the key signing key. * * @attribute */ readonly keySigningKeyName: string; } /** * A Key Signing Key for a Route 53 Hosted Zone. * * @resource AWS::Route53::KeySigningKey */ export declare class KeySigningKey extends Resource implements IKeySigningKey { /** Uniquely identifies this class. */ static readonly PROPERTY_INJECTION_ID: string; /** * Imports a key signing key from its attributes. */ static fromKeySigningKeyAttributes(scope: Construct, id: string, attrs: KeySigningKeyAttributes): IKeySigningKey; readonly hostedZone: IHostedZone; readonly keySigningKeyName: string; readonly keySigningKeyId: string; constructor(scope: Construct, id: string, props: KeySigningKeyProps); private grantKeyPermissionsForZone; }