1. Packages
  2. AWS
  3. API Docs
  4. route53domains
  5. DelegationSignerRecord
AWS v6.60.0 published on Tuesday, Nov 19, 2024 by Pulumi

aws.route53domains.DelegationSignerRecord

Explore with Pulumi AI

aws logo
AWS v6.60.0 published on Tuesday, Nov 19, 2024 by Pulumi

    Provides a resource to manage a delegation signer record in the parent DNS zone for domains registered with Route53.

    Example Usage

    Basic Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const current = aws.getCallerIdentity({});
    const example = new aws.kms.Key("example", {
        customerMasterKeySpec: "ECC_NIST_P256",
        deletionWindowInDays: 7,
        keyUsage: "SIGN_VERIFY",
        policy: JSON.stringify({
            Statement: [
                {
                    Action: [
                        "kms:DescribeKey",
                        "kms:GetPublicKey",
                        "kms:Sign",
                    ],
                    Effect: "Allow",
                    Principal: {
                        Service: "dnssec-route53.amazonaws.com",
                    },
                    Sid: "Allow Route 53 DNSSEC Service",
                    Resource: "*",
                    Condition: {
                        StringEquals: {
                            "aws:SourceAccount": current.then(current => current.accountId),
                        },
                        ArnLike: {
                            "aws:SourceArn": "arn:aws:route53:::hostedzone/*",
                        },
                    },
                },
                {
                    Action: "kms:CreateGrant",
                    Effect: "Allow",
                    Principal: {
                        Service: "dnssec-route53.amazonaws.com",
                    },
                    Sid: "Allow Route 53 DNSSEC Service to CreateGrant",
                    Resource: "*",
                    Condition: {
                        Bool: {
                            "kms:GrantIsForAWSResource": "true",
                        },
                    },
                },
                {
                    Action: "kms:*",
                    Effect: "Allow",
                    Principal: {
                        AWS: current.then(current => `arn:aws:iam::${current.accountId}:root`),
                    },
                    Resource: "*",
                    Sid: "Enable IAM User Permissions",
                },
            ],
            Version: "2012-10-17",
        }),
    });
    const exampleZone = new aws.route53.Zone("example", {name: "example.com"});
    const exampleKeySigningKey = new aws.route53.KeySigningKey("example", {
        hostedZoneId: test.id,
        keyManagementServiceArn: testAwsKmsKey.arn,
        name: "example",
    });
    const exampleHostedZoneDnsSec = new aws.route53.HostedZoneDnsSec("example", {hostedZoneId: exampleKeySigningKey.hostedZoneId}, {
        dependsOn: [exampleKeySigningKey],
    });
    const exampleDelegationSignerRecord = new aws.route53domains.DelegationSignerRecord("example", {
        domainName: "example.com",
        signingAttributes: {
            algorithm: exampleKeySigningKey.signingAlgorithmType,
            flags: exampleKeySigningKey.flag,
            publicKey: exampleKeySigningKey.publicKey,
        },
    });
    
    import pulumi
    import json
    import pulumi_aws as aws
    
    current = aws.get_caller_identity()
    example = aws.kms.Key("example",
        customer_master_key_spec="ECC_NIST_P256",
        deletion_window_in_days=7,
        key_usage="SIGN_VERIFY",
        policy=json.dumps({
            "Statement": [
                {
                    "Action": [
                        "kms:DescribeKey",
                        "kms:GetPublicKey",
                        "kms:Sign",
                    ],
                    "Effect": "Allow",
                    "Principal": {
                        "Service": "dnssec-route53.amazonaws.com",
                    },
                    "Sid": "Allow Route 53 DNSSEC Service",
                    "Resource": "*",
                    "Condition": {
                        "StringEquals": {
                            "aws:SourceAccount": current.account_id,
                        },
                        "ArnLike": {
                            "aws:SourceArn": "arn:aws:route53:::hostedzone/*",
                        },
                    },
                },
                {
                    "Action": "kms:CreateGrant",
                    "Effect": "Allow",
                    "Principal": {
                        "Service": "dnssec-route53.amazonaws.com",
                    },
                    "Sid": "Allow Route 53 DNSSEC Service to CreateGrant",
                    "Resource": "*",
                    "Condition": {
                        "Bool": {
                            "kms:GrantIsForAWSResource": "true",
                        },
                    },
                },
                {
                    "Action": "kms:*",
                    "Effect": "Allow",
                    "Principal": {
                        "AWS": f"arn:aws:iam::{current.account_id}:root",
                    },
                    "Resource": "*",
                    "Sid": "Enable IAM User Permissions",
                },
            ],
            "Version": "2012-10-17",
        }))
    example_zone = aws.route53.Zone("example", name="example.com")
    example_key_signing_key = aws.route53.KeySigningKey("example",
        hosted_zone_id=test["id"],
        key_management_service_arn=test_aws_kms_key["arn"],
        name="example")
    example_hosted_zone_dns_sec = aws.route53.HostedZoneDnsSec("example", hosted_zone_id=example_key_signing_key.hosted_zone_id,
    opts = pulumi.ResourceOptions(depends_on=[example_key_signing_key]))
    example_delegation_signer_record = aws.route53domains.DelegationSignerRecord("example",
        domain_name="example.com",
        signing_attributes={
            "algorithm": example_key_signing_key.signing_algorithm_type,
            "flags": example_key_signing_key.flag,
            "public_key": example_key_signing_key.public_key,
        })
    
    package main
    
    import (
    	"encoding/json"
    	"fmt"
    
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws"
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kms"
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/route53"
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/route53domains"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		current, err := aws.GetCallerIdentity(ctx, &aws.GetCallerIdentityArgs{}, nil)
    		if err != nil {
    			return err
    		}
    		tmpJSON0, err := json.Marshal(map[string]interface{}{
    			"Statement": []interface{}{
    				map[string]interface{}{
    					"Action": []string{
    						"kms:DescribeKey",
    						"kms:GetPublicKey",
    						"kms:Sign",
    					},
    					"Effect": "Allow",
    					"Principal": map[string]interface{}{
    						"Service": "dnssec-route53.amazonaws.com",
    					},
    					"Sid":      "Allow Route 53 DNSSEC Service",
    					"Resource": "*",
    					"Condition": map[string]interface{}{
    						"StringEquals": map[string]interface{}{
    							"aws:SourceAccount": current.AccountId,
    						},
    						"ArnLike": map[string]interface{}{
    							"aws:SourceArn": "arn:aws:route53:::hostedzone/*",
    						},
    					},
    				},
    				map[string]interface{}{
    					"Action": "kms:CreateGrant",
    					"Effect": "Allow",
    					"Principal": map[string]interface{}{
    						"Service": "dnssec-route53.amazonaws.com",
    					},
    					"Sid":      "Allow Route 53 DNSSEC Service to CreateGrant",
    					"Resource": "*",
    					"Condition": map[string]interface{}{
    						"Bool": map[string]interface{}{
    							"kms:GrantIsForAWSResource": "true",
    						},
    					},
    				},
    				map[string]interface{}{
    					"Action": "kms:*",
    					"Effect": "Allow",
    					"Principal": map[string]interface{}{
    						"AWS": fmt.Sprintf("arn:aws:iam::%v:root", current.AccountId),
    					},
    					"Resource": "*",
    					"Sid":      "Enable IAM User Permissions",
    				},
    			},
    			"Version": "2012-10-17",
    		})
    		if err != nil {
    			return err
    		}
    		json0 := string(tmpJSON0)
    		_, err = kms.NewKey(ctx, "example", &kms.KeyArgs{
    			CustomerMasterKeySpec: pulumi.String("ECC_NIST_P256"),
    			DeletionWindowInDays:  pulumi.Int(7),
    			KeyUsage:              pulumi.String("SIGN_VERIFY"),
    			Policy:                pulumi.String(json0),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = route53.NewZone(ctx, "example", &route53.ZoneArgs{
    			Name: pulumi.String("example.com"),
    		})
    		if err != nil {
    			return err
    		}
    		exampleKeySigningKey, err := route53.NewKeySigningKey(ctx, "example", &route53.KeySigningKeyArgs{
    			HostedZoneId:            pulumi.Any(test.Id),
    			KeyManagementServiceArn: pulumi.Any(testAwsKmsKey.Arn),
    			Name:                    pulumi.String("example"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = route53.NewHostedZoneDnsSec(ctx, "example", &route53.HostedZoneDnsSecArgs{
    			HostedZoneId: exampleKeySigningKey.HostedZoneId,
    		}, pulumi.DependsOn([]pulumi.Resource{
    			exampleKeySigningKey,
    		}))
    		if err != nil {
    			return err
    		}
    		_, err = route53domains.NewDelegationSignerRecord(ctx, "example", &route53domains.DelegationSignerRecordArgs{
    			DomainName: pulumi.String("example.com"),
    			SigningAttributes: &route53domains.DelegationSignerRecordSigningAttributesArgs{
    				Algorithm: exampleKeySigningKey.SigningAlgorithmType,
    				Flags:     exampleKeySigningKey.Flag,
    				PublicKey: exampleKeySigningKey.PublicKey,
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using System.Text.Json;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var current = Aws.GetCallerIdentity.Invoke();
    
        var example = new Aws.Kms.Key("example", new()
        {
            CustomerMasterKeySpec = "ECC_NIST_P256",
            DeletionWindowInDays = 7,
            KeyUsage = "SIGN_VERIFY",
            Policy = JsonSerializer.Serialize(new Dictionary<string, object?>
            {
                ["Statement"] = new[]
                {
                    new Dictionary<string, object?>
                    {
                        ["Action"] = new[]
                        {
                            "kms:DescribeKey",
                            "kms:GetPublicKey",
                            "kms:Sign",
                        },
                        ["Effect"] = "Allow",
                        ["Principal"] = new Dictionary<string, object?>
                        {
                            ["Service"] = "dnssec-route53.amazonaws.com",
                        },
                        ["Sid"] = "Allow Route 53 DNSSEC Service",
                        ["Resource"] = "*",
                        ["Condition"] = new Dictionary<string, object?>
                        {
                            ["StringEquals"] = new Dictionary<string, object?>
                            {
                                ["aws:SourceAccount"] = current.Apply(getCallerIdentityResult => getCallerIdentityResult.AccountId),
                            },
                            ["ArnLike"] = new Dictionary<string, object?>
                            {
                                ["aws:SourceArn"] = "arn:aws:route53:::hostedzone/*",
                            },
                        },
                    },
                    new Dictionary<string, object?>
                    {
                        ["Action"] = "kms:CreateGrant",
                        ["Effect"] = "Allow",
                        ["Principal"] = new Dictionary<string, object?>
                        {
                            ["Service"] = "dnssec-route53.amazonaws.com",
                        },
                        ["Sid"] = "Allow Route 53 DNSSEC Service to CreateGrant",
                        ["Resource"] = "*",
                        ["Condition"] = new Dictionary<string, object?>
                        {
                            ["Bool"] = new Dictionary<string, object?>
                            {
                                ["kms:GrantIsForAWSResource"] = "true",
                            },
                        },
                    },
                    new Dictionary<string, object?>
                    {
                        ["Action"] = "kms:*",
                        ["Effect"] = "Allow",
                        ["Principal"] = new Dictionary<string, object?>
                        {
                            ["AWS"] = $"arn:aws:iam::{current.Apply(getCallerIdentityResult => getCallerIdentityResult.AccountId)}:root",
                        },
                        ["Resource"] = "*",
                        ["Sid"] = "Enable IAM User Permissions",
                    },
                },
                ["Version"] = "2012-10-17",
            }),
        });
    
        var exampleZone = new Aws.Route53.Zone("example", new()
        {
            Name = "example.com",
        });
    
        var exampleKeySigningKey = new Aws.Route53.KeySigningKey("example", new()
        {
            HostedZoneId = test.Id,
            KeyManagementServiceArn = testAwsKmsKey.Arn,
            Name = "example",
        });
    
        var exampleHostedZoneDnsSec = new Aws.Route53.HostedZoneDnsSec("example", new()
        {
            HostedZoneId = exampleKeySigningKey.HostedZoneId,
        }, new CustomResourceOptions
        {
            DependsOn =
            {
                exampleKeySigningKey,
            },
        });
    
        var exampleDelegationSignerRecord = new Aws.Route53Domains.DelegationSignerRecord("example", new()
        {
            DomainName = "example.com",
            SigningAttributes = new Aws.Route53Domains.Inputs.DelegationSignerRecordSigningAttributesArgs
            {
                Algorithm = exampleKeySigningKey.SigningAlgorithmType,
                Flags = exampleKeySigningKey.Flag,
                PublicKey = exampleKeySigningKey.PublicKey,
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.AwsFunctions;
    import com.pulumi.aws.inputs.GetCallerIdentityArgs;
    import com.pulumi.aws.kms.Key;
    import com.pulumi.aws.kms.KeyArgs;
    import com.pulumi.aws.route53.Zone;
    import com.pulumi.aws.route53.ZoneArgs;
    import com.pulumi.aws.route53.KeySigningKey;
    import com.pulumi.aws.route53.KeySigningKeyArgs;
    import com.pulumi.aws.route53.HostedZoneDnsSec;
    import com.pulumi.aws.route53.HostedZoneDnsSecArgs;
    import com.pulumi.aws.route53domains.DelegationSignerRecord;
    import com.pulumi.aws.route53domains.DelegationSignerRecordArgs;
    import com.pulumi.aws.route53domains.inputs.DelegationSignerRecordSigningAttributesArgs;
    import static com.pulumi.codegen.internal.Serialization.*;
    import com.pulumi.resources.CustomResourceOptions;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            final var current = AwsFunctions.getCallerIdentity();
    
            var example = new Key("example", KeyArgs.builder()
                .customerMasterKeySpec("ECC_NIST_P256")
                .deletionWindowInDays(7)
                .keyUsage("SIGN_VERIFY")
                .policy(serializeJson(
                    jsonObject(
                        jsonProperty("Statement", jsonArray(
                            jsonObject(
                                jsonProperty("Action", jsonArray(
                                    "kms:DescribeKey", 
                                    "kms:GetPublicKey", 
                                    "kms:Sign"
                                )),
                                jsonProperty("Effect", "Allow"),
                                jsonProperty("Principal", jsonObject(
                                    jsonProperty("Service", "dnssec-route53.amazonaws.com")
                                )),
                                jsonProperty("Sid", "Allow Route 53 DNSSEC Service"),
                                jsonProperty("Resource", "*"),
                                jsonProperty("Condition", jsonObject(
                                    jsonProperty("StringEquals", jsonObject(
                                        jsonProperty("aws:SourceAccount", current.applyValue(getCallerIdentityResult -> getCallerIdentityResult.accountId()))
                                    )),
                                    jsonProperty("ArnLike", jsonObject(
                                        jsonProperty("aws:SourceArn", "arn:aws:route53:::hostedzone/*")
                                    ))
                                ))
                            ), 
                            jsonObject(
                                jsonProperty("Action", "kms:CreateGrant"),
                                jsonProperty("Effect", "Allow"),
                                jsonProperty("Principal", jsonObject(
                                    jsonProperty("Service", "dnssec-route53.amazonaws.com")
                                )),
                                jsonProperty("Sid", "Allow Route 53 DNSSEC Service to CreateGrant"),
                                jsonProperty("Resource", "*"),
                                jsonProperty("Condition", jsonObject(
                                    jsonProperty("Bool", jsonObject(
                                        jsonProperty("kms:GrantIsForAWSResource", "true")
                                    ))
                                ))
                            ), 
                            jsonObject(
                                jsonProperty("Action", "kms:*"),
                                jsonProperty("Effect", "Allow"),
                                jsonProperty("Principal", jsonObject(
                                    jsonProperty("AWS", String.format("arn:aws:iam::%s:root", current.applyValue(getCallerIdentityResult -> getCallerIdentityResult.accountId())))
                                )),
                                jsonProperty("Resource", "*"),
                                jsonProperty("Sid", "Enable IAM User Permissions")
                            )
                        )),
                        jsonProperty("Version", "2012-10-17")
                    )))
                .build());
    
            var exampleZone = new Zone("exampleZone", ZoneArgs.builder()
                .name("example.com")
                .build());
    
            var exampleKeySigningKey = new KeySigningKey("exampleKeySigningKey", KeySigningKeyArgs.builder()
                .hostedZoneId(test.id())
                .keyManagementServiceArn(testAwsKmsKey.arn())
                .name("example")
                .build());
    
            var exampleHostedZoneDnsSec = new HostedZoneDnsSec("exampleHostedZoneDnsSec", HostedZoneDnsSecArgs.builder()
                .hostedZoneId(exampleKeySigningKey.hostedZoneId())
                .build(), CustomResourceOptions.builder()
                    .dependsOn(exampleKeySigningKey)
                    .build());
    
            var exampleDelegationSignerRecord = new DelegationSignerRecord("exampleDelegationSignerRecord", DelegationSignerRecordArgs.builder()
                .domainName("example.com")
                .signingAttributes(DelegationSignerRecordSigningAttributesArgs.builder()
                    .algorithm(exampleKeySigningKey.signingAlgorithmType())
                    .flags(exampleKeySigningKey.flag())
                    .publicKey(exampleKeySigningKey.publicKey())
                    .build())
                .build());
    
        }
    }
    
    resources:
      example:
        type: aws:kms:Key
        properties:
          customerMasterKeySpec: ECC_NIST_P256
          deletionWindowInDays: 7
          keyUsage: SIGN_VERIFY
          policy:
            fn::toJSON:
              Statement:
                - Action:
                    - kms:DescribeKey
                    - kms:GetPublicKey
                    - kms:Sign
                  Effect: Allow
                  Principal:
                    Service: dnssec-route53.amazonaws.com
                  Sid: Allow Route 53 DNSSEC Service
                  Resource: '*'
                  Condition:
                    StringEquals:
                      aws:SourceAccount: ${current.accountId}
                    ArnLike:
                      aws:SourceArn: arn:aws:route53:::hostedzone/*
                - Action: kms:CreateGrant
                  Effect: Allow
                  Principal:
                    Service: dnssec-route53.amazonaws.com
                  Sid: Allow Route 53 DNSSEC Service to CreateGrant
                  Resource: '*'
                  Condition:
                    Bool:
                      kms:GrantIsForAWSResource: 'true'
                - Action: kms:*
                  Effect: Allow
                  Principal:
                    AWS: arn:aws:iam::${current.accountId}:root
                  Resource: '*'
                  Sid: Enable IAM User Permissions
              Version: 2012-10-17
      exampleZone:
        type: aws:route53:Zone
        name: example
        properties:
          name: example.com
      exampleKeySigningKey:
        type: aws:route53:KeySigningKey
        name: example
        properties:
          hostedZoneId: ${test.id}
          keyManagementServiceArn: ${testAwsKmsKey.arn}
          name: example
      exampleHostedZoneDnsSec:
        type: aws:route53:HostedZoneDnsSec
        name: example
        properties:
          hostedZoneId: ${exampleKeySigningKey.hostedZoneId}
        options:
          dependson:
            - ${exampleKeySigningKey}
      exampleDelegationSignerRecord:
        type: aws:route53domains:DelegationSignerRecord
        name: example
        properties:
          domainName: example.com
          signingAttributes:
            algorithm: ${exampleKeySigningKey.signingAlgorithmType}
            flags: ${exampleKeySigningKey.flag}
            publicKey: ${exampleKeySigningKey.publicKey}
    variables:
      current:
        fn::invoke:
          Function: aws:getCallerIdentity
          Arguments: {}
    

    Create DelegationSignerRecord Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new DelegationSignerRecord(name: string, args: DelegationSignerRecordArgs, opts?: CustomResourceOptions);
    @overload
    def DelegationSignerRecord(resource_name: str,
                               args: DelegationSignerRecordArgs,
                               opts: Optional[ResourceOptions] = None)
    
    @overload
    def DelegationSignerRecord(resource_name: str,
                               opts: Optional[ResourceOptions] = None,
                               domain_name: Optional[str] = None,
                               signing_attributes: Optional[DelegationSignerRecordSigningAttributesArgs] = None,
                               timeouts: Optional[DelegationSignerRecordTimeoutsArgs] = None)
    func NewDelegationSignerRecord(ctx *Context, name string, args DelegationSignerRecordArgs, opts ...ResourceOption) (*DelegationSignerRecord, error)
    public DelegationSignerRecord(string name, DelegationSignerRecordArgs args, CustomResourceOptions? opts = null)
    public DelegationSignerRecord(String name, DelegationSignerRecordArgs args)
    public DelegationSignerRecord(String name, DelegationSignerRecordArgs args, CustomResourceOptions options)
    
    type: aws:route53domains:DelegationSignerRecord
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args DelegationSignerRecordArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args DelegationSignerRecordArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args DelegationSignerRecordArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args DelegationSignerRecordArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args DelegationSignerRecordArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var delegationSignerRecordResource = new Aws.Route53Domains.DelegationSignerRecord("delegationSignerRecordResource", new()
    {
        DomainName = "string",
        SigningAttributes = new Aws.Route53Domains.Inputs.DelegationSignerRecordSigningAttributesArgs
        {
            Algorithm = 0,
            Flags = 0,
            PublicKey = "string",
        },
        Timeouts = new Aws.Route53Domains.Inputs.DelegationSignerRecordTimeoutsArgs
        {
            Create = "string",
            Delete = "string",
        },
    });
    
    example, err := route53domains.NewDelegationSignerRecord(ctx, "delegationSignerRecordResource", &route53domains.DelegationSignerRecordArgs{
    	DomainName: pulumi.String("string"),
    	SigningAttributes: &route53domains.DelegationSignerRecordSigningAttributesArgs{
    		Algorithm: pulumi.Int(0),
    		Flags:     pulumi.Int(0),
    		PublicKey: pulumi.String("string"),
    	},
    	Timeouts: &route53domains.DelegationSignerRecordTimeoutsArgs{
    		Create: pulumi.String("string"),
    		Delete: pulumi.String("string"),
    	},
    })
    
    var delegationSignerRecordResource = new DelegationSignerRecord("delegationSignerRecordResource", DelegationSignerRecordArgs.builder()
        .domainName("string")
        .signingAttributes(DelegationSignerRecordSigningAttributesArgs.builder()
            .algorithm(0)
            .flags(0)
            .publicKey("string")
            .build())
        .timeouts(DelegationSignerRecordTimeoutsArgs.builder()
            .create("string")
            .delete("string")
            .build())
        .build());
    
    delegation_signer_record_resource = aws.route53domains.DelegationSignerRecord("delegationSignerRecordResource",
        domain_name="string",
        signing_attributes={
            "algorithm": 0,
            "flags": 0,
            "public_key": "string",
        },
        timeouts={
            "create": "string",
            "delete": "string",
        })
    
    const delegationSignerRecordResource = new aws.route53domains.DelegationSignerRecord("delegationSignerRecordResource", {
        domainName: "string",
        signingAttributes: {
            algorithm: 0,
            flags: 0,
            publicKey: "string",
        },
        timeouts: {
            create: "string",
            "delete": "string",
        },
    });
    
    type: aws:route53domains:DelegationSignerRecord
    properties:
        domainName: string
        signingAttributes:
            algorithm: 0
            flags: 0
            publicKey: string
        timeouts:
            create: string
            delete: string
    

    DelegationSignerRecord Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The DelegationSignerRecord resource accepts the following input properties:

    DomainName string
    The name of the domain that will have its parent DNS zone updated with the Delegation Signer record.
    SigningAttributes DelegationSignerRecordSigningAttributes
    The information about a key, including the algorithm, public key-value, and flags.
    Timeouts DelegationSignerRecordTimeouts
    DomainName string
    The name of the domain that will have its parent DNS zone updated with the Delegation Signer record.
    SigningAttributes DelegationSignerRecordSigningAttributesArgs
    The information about a key, including the algorithm, public key-value, and flags.
    Timeouts DelegationSignerRecordTimeoutsArgs
    domainName String
    The name of the domain that will have its parent DNS zone updated with the Delegation Signer record.
    signingAttributes DelegationSignerRecordSigningAttributes
    The information about a key, including the algorithm, public key-value, and flags.
    timeouts DelegationSignerRecordTimeouts
    domainName string
    The name of the domain that will have its parent DNS zone updated with the Delegation Signer record.
    signingAttributes DelegationSignerRecordSigningAttributes
    The information about a key, including the algorithm, public key-value, and flags.
    timeouts DelegationSignerRecordTimeouts
    domain_name str
    The name of the domain that will have its parent DNS zone updated with the Delegation Signer record.
    signing_attributes DelegationSignerRecordSigningAttributesArgs
    The information about a key, including the algorithm, public key-value, and flags.
    timeouts DelegationSignerRecordTimeoutsArgs
    domainName String
    The name of the domain that will have its parent DNS zone updated with the Delegation Signer record.
    signingAttributes Property Map
    The information about a key, including the algorithm, public key-value, and flags.
    timeouts Property Map

    Outputs

    All input properties are implicitly available as output properties. Additionally, the DelegationSignerRecord resource produces the following output properties:

    DnssecKeyId string
    An ID assigned to the created DS record.
    Id string
    The provider-assigned unique ID for this managed resource.
    DnssecKeyId string
    An ID assigned to the created DS record.
    Id string
    The provider-assigned unique ID for this managed resource.
    dnssecKeyId String
    An ID assigned to the created DS record.
    id String
    The provider-assigned unique ID for this managed resource.
    dnssecKeyId string
    An ID assigned to the created DS record.
    id string
    The provider-assigned unique ID for this managed resource.
    dnssec_key_id str
    An ID assigned to the created DS record.
    id str
    The provider-assigned unique ID for this managed resource.
    dnssecKeyId String
    An ID assigned to the created DS record.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing DelegationSignerRecord Resource

    Get an existing DelegationSignerRecord resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: DelegationSignerRecordState, opts?: CustomResourceOptions): DelegationSignerRecord
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            dnssec_key_id: Optional[str] = None,
            domain_name: Optional[str] = None,
            signing_attributes: Optional[DelegationSignerRecordSigningAttributesArgs] = None,
            timeouts: Optional[DelegationSignerRecordTimeoutsArgs] = None) -> DelegationSignerRecord
    func GetDelegationSignerRecord(ctx *Context, name string, id IDInput, state *DelegationSignerRecordState, opts ...ResourceOption) (*DelegationSignerRecord, error)
    public static DelegationSignerRecord Get(string name, Input<string> id, DelegationSignerRecordState? state, CustomResourceOptions? opts = null)
    public static DelegationSignerRecord get(String name, Output<String> id, DelegationSignerRecordState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    DnssecKeyId string
    An ID assigned to the created DS record.
    DomainName string
    The name of the domain that will have its parent DNS zone updated with the Delegation Signer record.
    SigningAttributes DelegationSignerRecordSigningAttributes
    The information about a key, including the algorithm, public key-value, and flags.
    Timeouts DelegationSignerRecordTimeouts
    DnssecKeyId string
    An ID assigned to the created DS record.
    DomainName string
    The name of the domain that will have its parent DNS zone updated with the Delegation Signer record.
    SigningAttributes DelegationSignerRecordSigningAttributesArgs
    The information about a key, including the algorithm, public key-value, and flags.
    Timeouts DelegationSignerRecordTimeoutsArgs
    dnssecKeyId String
    An ID assigned to the created DS record.
    domainName String
    The name of the domain that will have its parent DNS zone updated with the Delegation Signer record.
    signingAttributes DelegationSignerRecordSigningAttributes
    The information about a key, including the algorithm, public key-value, and flags.
    timeouts DelegationSignerRecordTimeouts
    dnssecKeyId string
    An ID assigned to the created DS record.
    domainName string
    The name of the domain that will have its parent DNS zone updated with the Delegation Signer record.
    signingAttributes DelegationSignerRecordSigningAttributes
    The information about a key, including the algorithm, public key-value, and flags.
    timeouts DelegationSignerRecordTimeouts
    dnssec_key_id str
    An ID assigned to the created DS record.
    domain_name str
    The name of the domain that will have its parent DNS zone updated with the Delegation Signer record.
    signing_attributes DelegationSignerRecordSigningAttributesArgs
    The information about a key, including the algorithm, public key-value, and flags.
    timeouts DelegationSignerRecordTimeoutsArgs
    dnssecKeyId String
    An ID assigned to the created DS record.
    domainName String
    The name of the domain that will have its parent DNS zone updated with the Delegation Signer record.
    signingAttributes Property Map
    The information about a key, including the algorithm, public key-value, and flags.
    timeouts Property Map

    Supporting Types

    DelegationSignerRecordSigningAttributes, DelegationSignerRecordSigningAttributesArgs

    Algorithm int
    Algorithm which was used to generate the digest from the public key.
    Flags int
    Defines the type of key. It can be either a KSK (key-signing-key, value 257) or ZSK (zone-signing-key, value 256).
    PublicKey string
    The base64-encoded public key part of the key pair that is passed to the registry.
    Algorithm int
    Algorithm which was used to generate the digest from the public key.
    Flags int
    Defines the type of key. It can be either a KSK (key-signing-key, value 257) or ZSK (zone-signing-key, value 256).
    PublicKey string
    The base64-encoded public key part of the key pair that is passed to the registry.
    algorithm Integer
    Algorithm which was used to generate the digest from the public key.
    flags Integer
    Defines the type of key. It can be either a KSK (key-signing-key, value 257) or ZSK (zone-signing-key, value 256).
    publicKey String
    The base64-encoded public key part of the key pair that is passed to the registry.
    algorithm number
    Algorithm which was used to generate the digest from the public key.
    flags number
    Defines the type of key. It can be either a KSK (key-signing-key, value 257) or ZSK (zone-signing-key, value 256).
    publicKey string
    The base64-encoded public key part of the key pair that is passed to the registry.
    algorithm int
    Algorithm which was used to generate the digest from the public key.
    flags int
    Defines the type of key. It can be either a KSK (key-signing-key, value 257) or ZSK (zone-signing-key, value 256).
    public_key str
    The base64-encoded public key part of the key pair that is passed to the registry.
    algorithm Number
    Algorithm which was used to generate the digest from the public key.
    flags Number
    Defines the type of key. It can be either a KSK (key-signing-key, value 257) or ZSK (zone-signing-key, value 256).
    publicKey String
    The base64-encoded public key part of the key pair that is passed to the registry.

    DelegationSignerRecordTimeouts, DelegationSignerRecordTimeoutsArgs

    Create string
    A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
    Delete string
    A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
    Create string
    A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
    Delete string
    A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
    create String
    A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
    delete String
    A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
    create string
    A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
    delete string
    A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
    create str
    A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
    delete str
    A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
    create String
    A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
    delete String
    A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.

    Import

    Using pulumi import, import delegation signer records using the domain name and DNSSEC key ID, separated by a comma (,). For example:

    $ pulumi import aws:route53domains/delegationSignerRecord:DelegationSignerRecord example example.com,40DE3534F5324DBDAC598ACEDB5B1E26A5368732D9C791D1347E4FBDDF6FC343
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    AWS Classic pulumi/pulumi-aws
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the aws Terraform Provider.
    aws logo
    AWS v6.60.0 published on Tuesday, Nov 19, 2024 by Pulumi