Skip to content
Alchemy
GitHubXDiscordRSS

KeySigningKey

The KeySigningKey resource allows you to manage AWS Route53 KeySigningKeys for signing DNSSEC records.

Minimal Example

Section titled “Minimal Example”

Create a basic KeySigningKey with required properties and one optional property.

import AWS from "alchemy/aws/control";


const keySigningKey = await AWS.Route53.KeySigningKey("myKeySigningKey", {
  Status: "ACTIVE",
  KeyManagementServiceArn: "arn:aws:kms:us-west-2:123456789012:key/my-key-id",
  HostedZoneId: "Z3M3LMN4V2M4FJ",
  Name: "MyKeySigningKey",
  adopt: true // Adopt existing resource if it already exists
});

Advanced Configuration

Section titled “Advanced Configuration”

Configure a KeySigningKey with detailed properties, including status and KMS ARN.

const advancedKeySigningKey = await AWS.Route53.KeySigningKey("advancedKeySigningKey", {
  Status: "ACTIVE",
  KeyManagementServiceArn: "arn:aws:kms:us-west-2:123456789012:key/my-advanced-key-id",
  HostedZoneId: "Z3M3LMN4V2M4FJ",
  Name: "AdvancedKeySigningKey"
});

Updating Key Signing Keys

Section titled “Updating Key Signing Keys”

Update an existing KeySigningKey’s status to inactive while retaining its properties.

const updatedKeySigningKey = await AWS.Route53.KeySigningKey("myKeySigningKey", {
  Status: "INACTIVE",
  KeyManagementServiceArn: "arn:aws:kms:us-west-2:123456789012:key/my-key-id",
  HostedZoneId: "Z3M3LMN4V2M4FJ",
  Name: "MyKeySigningKey"
});

Deleting Key Signing Keys

Section titled “Deleting Key Signing Keys”

Delete a KeySigningKey when it is no longer needed.

await AWS.Route53.KeySigningKey("myKeySigningKey", {
  Status: "DELETED",
  KeyManagementServiceArn: "arn:aws:kms:us-west-2:123456789012:key/my-key-id",
  HostedZoneId: "Z3M3LMN4V2M4FJ",
  Name: "MyKeySigningKey"
});