Docs Home
AWS v6.71.0 published on Friday, Mar 7, 2025 by Pulumi
aws.route53domains.DelegationSignerRecord
Explore with Pulumi AI
Provides a resource to manage a delegation signer record in the parent DNS zone for domains registered with Route53.
Example Usage
Basic Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const current = aws.getCallerIdentity({});
const example = new aws.kms.Key("example", {
customerMasterKeySpec: "ECC_NIST_P256",
deletionWindowInDays: 7,
keyUsage: "SIGN_VERIFY",
policy: JSON.stringify({
Statement: [
{
Action: [
"kms:DescribeKey",
"kms:GetPublicKey",
"kms:Sign",
],
Effect: "Allow",
Principal: {
Service: "dnssec-route53.amazonaws.com",
},
Sid: "Allow Route 53 DNSSEC Service",
Resource: "*",
Condition: {
StringEquals: {
"aws:SourceAccount": current.then(current => current.accountId),
},
ArnLike: {
"aws:SourceArn": "arn:aws:route53:::hostedzone/*",
},
},
},
{
Action: "kms:CreateGrant",
Effect: "Allow",
Principal: {
Service: "dnssec-route53.amazonaws.com",
},
Sid: "Allow Route 53 DNSSEC Service to CreateGrant",
Resource: "*",
Condition: {
Bool: {
"kms:GrantIsForAWSResource": "true",
},
},
},
{
Action: "kms:*",
Effect: "Allow",
Principal: {
AWS: current.then(current => `arn:aws:iam::${current.accountId}:root`),
},
Resource: "*",
Sid: "Enable IAM User Permissions",
},
],
Version: "2012-10-17",
}),
});
const exampleZone = new aws.route53.Zone("example", {name: "example.com"});
const exampleKeySigningKey = new aws.route53.KeySigningKey("example", {
hostedZoneId: test.id,
keyManagementServiceArn: testAwsKmsKey.arn,
name: "example",
});
const exampleHostedZoneDnsSec = new aws.route53.HostedZoneDnsSec("example", {hostedZoneId: exampleKeySigningKey.hostedZoneId}, {
dependsOn: [exampleKeySigningKey],
});
const exampleDelegationSignerRecord = new aws.route53domains.DelegationSignerRecord("example", {
domainName: "example.com",
signingAttributes: {
algorithm: exampleKeySigningKey.signingAlgorithmType,
flags: exampleKeySigningKey.flag,
publicKey: exampleKeySigningKey.publicKey,
},
});
import pulumi
import json
import pulumi_aws as aws
current = aws.get_caller_identity()
example = aws.kms.Key("example",
customer_master_key_spec="ECC_NIST_P256",
deletion_window_in_days=7,
key_usage="SIGN_VERIFY",
policy=json.dumps({
"Statement": [
{
"Action": [
"kms:DescribeKey",
"kms:GetPublicKey",
"kms:Sign",
],
"Effect": "Allow",
"Principal": {
"Service": "dnssec-route53.amazonaws.com",
},
"Sid": "Allow Route 53 DNSSEC Service",
"Resource": "*",
"Condition": {
"StringEquals": {
"aws:SourceAccount": current.account_id,
},
"ArnLike": {
"aws:SourceArn": "arn:aws:route53:::hostedzone/*",
},
},
},
{
"Action": "kms:CreateGrant",
"Effect": "Allow",
"Principal": {
"Service": "dnssec-route53.amazonaws.com",
},
"Sid": "Allow Route 53 DNSSEC Service to CreateGrant",
"Resource": "*",
"Condition": {
"Bool": {
"kms:GrantIsForAWSResource": "true",
},
},
},
{
"Action": "kms:*",
"Effect": "Allow",
"Principal": {
"AWS": f"arn:aws:iam::{current.account_id}:root",
},
"Resource": "*",
"Sid": "Enable IAM User Permissions",
},
],
"Version": "2012-10-17",
}))
example_zone = aws.route53.Zone("example", name="example.com")
example_key_signing_key = aws.route53.KeySigningKey("example",
hosted_zone_id=test["id"],
key_management_service_arn=test_aws_kms_key["arn"],
name="example")
example_hosted_zone_dns_sec = aws.route53.HostedZoneDnsSec("example", hosted_zone_id=example_key_signing_key.hosted_zone_id,
opts = pulumi.ResourceOptions(depends_on=[example_key_signing_key]))
example_delegation_signer_record = aws.route53domains.DelegationSignerRecord("example",
domain_name="example.com",
signing_attributes={
"algorithm": example_key_signing_key.signing_algorithm_type,
"flags": example_key_signing_key.flag,
"public_key": example_key_signing_key.public_key,
})
package main
import (
"encoding/json"
"fmt"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kms"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/route53"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/route53domains"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
current, err := aws.GetCallerIdentity(ctx, &aws.GetCallerIdentityArgs{}, nil)
if err != nil {
return err
}
tmpJSON0, err := json.Marshal(map[string]interface{}{
"Statement": []interface{}{
map[string]interface{}{
"Action": []string{
"kms:DescribeKey",
"kms:GetPublicKey",
"kms:Sign",
},
"Effect": "Allow",
"Principal": map[string]interface{}{
"Service": "dnssec-route53.amazonaws.com",
},
"Sid": "Allow Route 53 DNSSEC Service",
"Resource": "*",
"Condition": map[string]interface{}{
"StringEquals": map[string]interface{}{
"aws:SourceAccount": current.AccountId,
},
"ArnLike": map[string]interface{}{
"aws:SourceArn": "arn:aws:route53:::hostedzone/*",
},
},
},
map[string]interface{}{
"Action": "kms:CreateGrant",
"Effect": "Allow",
"Principal": map[string]interface{}{
"Service": "dnssec-route53.amazonaws.com",
},
"Sid": "Allow Route 53 DNSSEC Service to CreateGrant",
"Resource": "*",
"Condition": map[string]interface{}{
"Bool": map[string]interface{}{
"kms:GrantIsForAWSResource": "true",
},
},
},
map[string]interface{}{
"Action": "kms:*",
"Effect": "Allow",
"Principal": map[string]interface{}{
"AWS": fmt.Sprintf("arn:aws:iam::%v:root", current.AccountId),
},
"Resource": "*",
"Sid": "Enable IAM User Permissions",
},
},
"Version": "2012-10-17",
})
if err != nil {
return err
}
json0 := string(tmpJSON0)
_, err = kms.NewKey(ctx, "example", &kms.KeyArgs{
CustomerMasterKeySpec: pulumi.String("ECC_NIST_P256"),
DeletionWindowInDays: pulumi.Int(7),
KeyUsage: pulumi.String("SIGN_VERIFY"),
Policy: pulumi.String(json0),
})
if err != nil {
return err
}
_, err = route53.NewZone(ctx, "example", &route53.ZoneArgs{
Name: pulumi.String("example.com"),
})
if err != nil {
return err
}
exampleKeySigningKey, err := route53.NewKeySigningKey(ctx, "example", &route53.KeySigningKeyArgs{
HostedZoneId: pulumi.Any(test.Id),
KeyManagementServiceArn: pulumi.Any(testAwsKmsKey.Arn),
Name: pulumi.String("example"),
})
if err != nil {
return err
}
_, err = route53.NewHostedZoneDnsSec(ctx, "example", &route53.HostedZoneDnsSecArgs{
HostedZoneId: exampleKeySigningKey.HostedZoneId,
}, pulumi.DependsOn([]pulumi.Resource{
exampleKeySigningKey,
}))
if err != nil {
return err
}
_, err = route53domains.NewDelegationSignerRecord(ctx, "example", &route53domains.DelegationSignerRecordArgs{
DomainName: pulumi.String("example.com"),
SigningAttributes: &route53domains.DelegationSignerRecordSigningAttributesArgs{
Algorithm: exampleKeySigningKey.SigningAlgorithmType,
Flags: exampleKeySigningKey.Flag,
PublicKey: exampleKeySigningKey.PublicKey,
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var current = Aws.GetCallerIdentity.Invoke();
var example = new Aws.Kms.Key("example", new()
{
CustomerMasterKeySpec = "ECC_NIST_P256",
DeletionWindowInDays = 7,
KeyUsage = "SIGN_VERIFY",
Policy = JsonSerializer.Serialize(new Dictionary<string, object?>
{
["Statement"] = new[]
{
new Dictionary<string, object?>
{
["Action"] = new[]
{
"kms:DescribeKey",
"kms:GetPublicKey",
"kms:Sign",
},
["Effect"] = "Allow",
["Principal"] = new Dictionary<string, object?>
{
["Service"] = "dnssec-route53.amazonaws.com",
},
["Sid"] = "Allow Route 53 DNSSEC Service",
["Resource"] = "*",
["Condition"] = new Dictionary<string, object?>
{
["StringEquals"] = new Dictionary<string, object?>
{
["aws:SourceAccount"] = current.Apply(getCallerIdentityResult => getCallerIdentityResult.AccountId),
},
["ArnLike"] = new Dictionary<string, object?>
{
["aws:SourceArn"] = "arn:aws:route53:::hostedzone/*",
},
},
},
new Dictionary<string, object?>
{
["Action"] = "kms:CreateGrant",
["Effect"] = "Allow",
["Principal"] = new Dictionary<string, object?>
{
["Service"] = "dnssec-route53.amazonaws.com",
},
["Sid"] = "Allow Route 53 DNSSEC Service to CreateGrant",
["Resource"] = "*",
["Condition"] = new Dictionary<string, object?>
{
["Bool"] = new Dictionary<string, object?>
{
["kms:GrantIsForAWSResource"] = "true",
},
},
},
new Dictionary<string, object?>
{
["Action"] = "kms:*",
["Effect"] = "Allow",
["Principal"] = new Dictionary<string, object?>
{
["AWS"] = $"arn:aws:iam::{current.Apply(getCallerIdentityResult => getCallerIdentityResult.AccountId)}:root",
},
["Resource"] = "*",
["Sid"] = "Enable IAM User Permissions",
},
},
["Version"] = "2012-10-17",
}),
});
var exampleZone = new Aws.Route53.Zone("example", new()
{
Name = "example.com",
});
var exampleKeySigningKey = new Aws.Route53.KeySigningKey("example", new()
{
HostedZoneId = test.Id,
KeyManagementServiceArn = testAwsKmsKey.Arn,
Name = "example",
});
var exampleHostedZoneDnsSec = new Aws.Route53.HostedZoneDnsSec("example", new()
{
HostedZoneId = exampleKeySigningKey.HostedZoneId,
}, new CustomResourceOptions
{
DependsOn =
{
exampleKeySigningKey,
},
});
var exampleDelegationSignerRecord = new Aws.Route53Domains.DelegationSignerRecord("example", new()
{
DomainName = "example.com",
SigningAttributes = new Aws.Route53Domains.Inputs.DelegationSignerRecordSigningAttributesArgs
{
Algorithm = exampleKeySigningKey.SigningAlgorithmType,
Flags = exampleKeySigningKey.Flag,
PublicKey = exampleKeySigningKey.PublicKey,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.AwsFunctions;
import com.pulumi.aws.inputs.GetCallerIdentityArgs;
import com.pulumi.aws.kms.Key;
import com.pulumi.aws.kms.KeyArgs;
import com.pulumi.aws.route53.Zone;
import com.pulumi.aws.route53.ZoneArgs;
import com.pulumi.aws.route53.KeySigningKey;
import com.pulumi.aws.route53.KeySigningKeyArgs;
import com.pulumi.aws.route53.HostedZoneDnsSec;
import com.pulumi.aws.route53.HostedZoneDnsSecArgs;
import com.pulumi.aws.route53domains.DelegationSignerRecord;
import com.pulumi.aws.route53domains.DelegationSignerRecordArgs;
import com.pulumi.aws.route53domains.inputs.DelegationSignerRecordSigningAttributesArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var current = AwsFunctions.getCallerIdentity();
var example = new Key("example", KeyArgs.builder()
.customerMasterKeySpec("ECC_NIST_P256")
.deletionWindowInDays(7)
.keyUsage("SIGN_VERIFY")
.policy(serializeJson(
jsonObject(
jsonProperty("Statement", jsonArray(
jsonObject(
jsonProperty("Action", jsonArray(
"kms:DescribeKey",
"kms:GetPublicKey",
"kms:Sign"
)),
jsonProperty("Effect", "Allow"),
jsonProperty("Principal", jsonObject(
jsonProperty("Service", "dnssec-route53.amazonaws.com")
)),
jsonProperty("Sid", "Allow Route 53 DNSSEC Service"),
jsonProperty("Resource", "*"),
jsonProperty("Condition", jsonObject(
jsonProperty("StringEquals", jsonObject(
jsonProperty("aws:SourceAccount", current.applyValue(getCallerIdentityResult -> getCallerIdentityResult.accountId()))
)),
jsonProperty("ArnLike", jsonObject(
jsonProperty("aws:SourceArn", "arn:aws:route53:::hostedzone/*")
))
))
),
jsonObject(
jsonProperty("Action", "kms:CreateGrant"),
jsonProperty("Effect", "Allow"),
jsonProperty("Principal", jsonObject(
jsonProperty("Service", "dnssec-route53.amazonaws.com")
)),
jsonProperty("Sid", "Allow Route 53 DNSSEC Service to CreateGrant"),
jsonProperty("Resource", "*"),
jsonProperty("Condition", jsonObject(
jsonProperty("Bool", jsonObject(
jsonProperty("kms:GrantIsForAWSResource", "true")
))
))
),
jsonObject(
jsonProperty("Action", "kms:*"),
jsonProperty("Effect", "Allow"),
jsonProperty("Principal", jsonObject(
jsonProperty("AWS", String.format("arn:aws:iam::%s:root", current.applyValue(getCallerIdentityResult -> getCallerIdentityResult.accountId())))
)),
jsonProperty("Resource", "*"),
jsonProperty("Sid", "Enable IAM User Permissions")
)
)),
jsonProperty("Version", "2012-10-17")
)))
.build());
var exampleZone = new Zone("exampleZone", ZoneArgs.builder()
.name("example.com")
.build());
var exampleKeySigningKey = new KeySigningKey("exampleKeySigningKey", KeySigningKeyArgs.builder()
.hostedZoneId(test.id())
.keyManagementServiceArn(testAwsKmsKey.arn())
.name("example")
.build());
var exampleHostedZoneDnsSec = new HostedZoneDnsSec("exampleHostedZoneDnsSec", HostedZoneDnsSecArgs.builder()
.hostedZoneId(exampleKeySigningKey.hostedZoneId())
.build(), CustomResourceOptions.builder()
.dependsOn(exampleKeySigningKey)
.build());
var exampleDelegationSignerRecord = new DelegationSignerRecord("exampleDelegationSignerRecord", DelegationSignerRecordArgs.builder()
.domainName("example.com")
.signingAttributes(DelegationSignerRecordSigningAttributesArgs.builder()
.algorithm(exampleKeySigningKey.signingAlgorithmType())
.flags(exampleKeySigningKey.flag())
.publicKey(exampleKeySigningKey.publicKey())
.build())
.build());
}
}
resources:
example:
type: aws:kms:Key
properties:
customerMasterKeySpec: ECC_NIST_P256
deletionWindowInDays: 7
keyUsage: SIGN_VERIFY
policy:
fn::toJSON:
Statement:
- Action:
- kms:DescribeKey
- kms:GetPublicKey
- kms:Sign
Effect: Allow
Principal:
Service: dnssec-route53.amazonaws.com
Sid: Allow Route 53 DNSSEC Service
Resource: '*'
Condition:
StringEquals:
aws:SourceAccount: ${current.accountId}
ArnLike:
aws:SourceArn: arn:aws:route53:::hostedzone/*
- Action: kms:CreateGrant
Effect: Allow
Principal:
Service: dnssec-route53.amazonaws.com
Sid: Allow Route 53 DNSSEC Service to CreateGrant
Resource: '*'
Condition:
Bool:
kms:GrantIsForAWSResource: 'true'
- Action: kms:*
Effect: Allow
Principal:
AWS: arn:aws:iam::${current.accountId}:root
Resource: '*'
Sid: Enable IAM User Permissions
Version: 2012-10-17
exampleZone:
type: aws:route53:Zone
name: example
properties:
name: example.com
exampleKeySigningKey:
type: aws:route53:KeySigningKey
name: example
properties:
hostedZoneId: ${test.id}
keyManagementServiceArn: ${testAwsKmsKey.arn}
name: example
exampleHostedZoneDnsSec:
type: aws:route53:HostedZoneDnsSec
name: example
properties:
hostedZoneId: ${exampleKeySigningKey.hostedZoneId}
options:
dependsOn:
- ${exampleKeySigningKey}
exampleDelegationSignerRecord:
type: aws:route53domains:DelegationSignerRecord
name: example
properties:
domainName: example.com
signingAttributes:
algorithm: ${exampleKeySigningKey.signingAlgorithmType}
flags: ${exampleKeySigningKey.flag}
publicKey: ${exampleKeySigningKey.publicKey}
variables:
current:
fn::invoke:
function: aws:getCallerIdentity
arguments: {}
Create DelegationSignerRecord Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new DelegationSignerRecord(name: string, args: DelegationSignerRecordArgs, opts?: CustomResourceOptions);@overload
def DelegationSignerRecord(resource_name: str,
args: DelegationSignerRecordArgs,
opts: Optional[ResourceOptions] = None)
@overload
def DelegationSignerRecord(resource_name: str,
opts: Optional[ResourceOptions] = None,
domain_name: Optional[str] = None,
signing_attributes: Optional[DelegationSignerRecordSigningAttributesArgs] = None,
timeouts: Optional[DelegationSignerRecordTimeoutsArgs] = None)func NewDelegationSignerRecord(ctx *Context, name string, args DelegationSignerRecordArgs, opts ...ResourceOption) (*DelegationSignerRecord, error)public DelegationSignerRecord(string name, DelegationSignerRecordArgs args, CustomResourceOptions? opts = null)
public DelegationSignerRecord(String name, DelegationSignerRecordArgs args)
public DelegationSignerRecord(String name, DelegationSignerRecordArgs args, CustomResourceOptions options)
type: aws:route53domains:DelegationSignerRecord
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args DelegationSignerRecordArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args DelegationSignerRecordArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args DelegationSignerRecordArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args DelegationSignerRecordArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args DelegationSignerRecordArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var delegationSignerRecordResource = new Aws.Route53Domains.DelegationSignerRecord("delegationSignerRecordResource", new()
{
DomainName = "string",
SigningAttributes = new Aws.Route53Domains.Inputs.DelegationSignerRecordSigningAttributesArgs
{
Algorithm = 0,
Flags = 0,
PublicKey = "string",
},
Timeouts = new Aws.Route53Domains.Inputs.DelegationSignerRecordTimeoutsArgs
{
Create = "string",
Delete = "string",
},
});
example, err := route53domains.NewDelegationSignerRecord(ctx, "delegationSignerRecordResource", &route53domains.DelegationSignerRecordArgs{
DomainName: pulumi.String("string"),
SigningAttributes: &route53domains.DelegationSignerRecordSigningAttributesArgs{
Algorithm: pulumi.Int(0),
Flags: pulumi.Int(0),
PublicKey: pulumi.String("string"),
},
Timeouts: &route53domains.DelegationSignerRecordTimeoutsArgs{
Create: pulumi.String("string"),
Delete: pulumi.String("string"),
},
})
var delegationSignerRecordResource = new DelegationSignerRecord("delegationSignerRecordResource", DelegationSignerRecordArgs.builder()
.domainName("string")
.signingAttributes(DelegationSignerRecordSigningAttributesArgs.builder()
.algorithm(0)
.flags(0)
.publicKey("string")
.build())
.timeouts(DelegationSignerRecordTimeoutsArgs.builder()
.create("string")
.delete("string")
.build())
.build());
delegation_signer_record_resource = aws.route53domains.DelegationSignerRecord("delegationSignerRecordResource",
domain_name="string",
signing_attributes={
"algorithm": 0,
"flags": 0,
"public_key": "string",
},
timeouts={
"create": "string",
"delete": "string",
})
const delegationSignerRecordResource = new aws.route53domains.DelegationSignerRecord("delegationSignerRecordResource", {
domainName: "string",
signingAttributes: {
algorithm: 0,
flags: 0,
publicKey: "string",
},
timeouts: {
create: "string",
"delete": "string",
},
});
type: aws:route53domains:DelegationSignerRecord
properties:
domainName: string
signingAttributes:
algorithm: 0
flags: 0
publicKey: string
timeouts:
create: string
delete: string
DelegationSignerRecord Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The DelegationSignerRecord resource accepts the following input properties:
- Domain
Name string - The name of the domain that will have its parent DNS zone updated with the Delegation Signer record.
- Signing
Attributes DelegationSigner Record Signing Attributes - The information about a key, including the algorithm, public key-value, and flags.
- Timeouts
Delegation
Signer Record Timeouts
- Domain
Name string - The name of the domain that will have its parent DNS zone updated with the Delegation Signer record.
- Signing
Attributes DelegationSigner Record Signing Attributes Args - The information about a key, including the algorithm, public key-value, and flags.
- Timeouts
Delegation
Signer Record Timeouts Args
- domain
Name String - The name of the domain that will have its parent DNS zone updated with the Delegation Signer record.
- signing
Attributes DelegationSigner Record Signing Attributes - The information about a key, including the algorithm, public key-value, and flags.
- timeouts
Delegation
Signer Record Timeouts
- domain
Name string - The name of the domain that will have its parent DNS zone updated with the Delegation Signer record.
- signing
Attributes DelegationSigner Record Signing Attributes - The information about a key, including the algorithm, public key-value, and flags.
- timeouts
Delegation
Signer Record Timeouts
- domain_
name str - The name of the domain that will have its parent DNS zone updated with the Delegation Signer record.
- signing_
attributes DelegationSigner Record Signing Attributes Args - The information about a key, including the algorithm, public key-value, and flags.
- timeouts
Delegation
Signer Record Timeouts Args
- domain
Name String - The name of the domain that will have its parent DNS zone updated with the Delegation Signer record.
- signing
Attributes Property Map - The information about a key, including the algorithm, public key-value, and flags.
- timeouts Property Map
Outputs
All input properties are implicitly available as output properties. Additionally, the DelegationSignerRecord resource produces the following output properties:
- Dnssec
Key stringId - An ID assigned to the created DS record.
- Id string
- The provider-assigned unique ID for this managed resource.
- Dnssec
Key stringId - An ID assigned to the created DS record.
- Id string
- The provider-assigned unique ID for this managed resource.
- dnssec
Key StringId - An ID assigned to the created DS record.
- id String
- The provider-assigned unique ID for this managed resource.
- dnssec
Key stringId - An ID assigned to the created DS record.
- id string
- The provider-assigned unique ID for this managed resource.
- dnssec_
key_ strid - An ID assigned to the created DS record.
- id str
- The provider-assigned unique ID for this managed resource.
- dnssec
Key StringId - An ID assigned to the created DS record.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing DelegationSignerRecord Resource
Get an existing DelegationSignerRecord resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: DelegationSignerRecordState, opts?: CustomResourceOptions): DelegationSignerRecord@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
dnssec_key_id: Optional[str] = None,
domain_name: Optional[str] = None,
signing_attributes: Optional[DelegationSignerRecordSigningAttributesArgs] = None,
timeouts: Optional[DelegationSignerRecordTimeoutsArgs] = None) -> DelegationSignerRecordfunc GetDelegationSignerRecord(ctx *Context, name string, id IDInput, state *DelegationSignerRecordState, opts ...ResourceOption) (*DelegationSignerRecord, error)public static DelegationSignerRecord Get(string name, Input<string> id, DelegationSignerRecordState? state, CustomResourceOptions? opts = null)public static DelegationSignerRecord get(String name, Output<String> id, DelegationSignerRecordState state, CustomResourceOptions options)resources: _: type: aws:route53domains:DelegationSignerRecord get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Dnssec
Key stringId - An ID assigned to the created DS record.
- Domain
Name string - The name of the domain that will have its parent DNS zone updated with the Delegation Signer record.
- Signing
Attributes DelegationSigner Record Signing Attributes - The information about a key, including the algorithm, public key-value, and flags.
- Timeouts
Delegation
Signer Record Timeouts
- Dnssec
Key stringId - An ID assigned to the created DS record.
- Domain
Name string - The name of the domain that will have its parent DNS zone updated with the Delegation Signer record.
- Signing
Attributes DelegationSigner Record Signing Attributes Args - The information about a key, including the algorithm, public key-value, and flags.
- Timeouts
Delegation
Signer Record Timeouts Args
- dnssec
Key StringId - An ID assigned to the created DS record.
- domain
Name String - The name of the domain that will have its parent DNS zone updated with the Delegation Signer record.
- signing
Attributes DelegationSigner Record Signing Attributes - The information about a key, including the algorithm, public key-value, and flags.
- timeouts
Delegation
Signer Record Timeouts
- dnssec
Key stringId - An ID assigned to the created DS record.
- domain
Name string - The name of the domain that will have its parent DNS zone updated with the Delegation Signer record.
- signing
Attributes DelegationSigner Record Signing Attributes - The information about a key, including the algorithm, public key-value, and flags.
- timeouts
Delegation
Signer Record Timeouts
- dnssec_
key_ strid - An ID assigned to the created DS record.
- domain_
name str - The name of the domain that will have its parent DNS zone updated with the Delegation Signer record.
- signing_
attributes DelegationSigner Record Signing Attributes Args - The information about a key, including the algorithm, public key-value, and flags.
- timeouts
Delegation
Signer Record Timeouts Args
- dnssec
Key StringId - An ID assigned to the created DS record.
- domain
Name String - The name of the domain that will have its parent DNS zone updated with the Delegation Signer record.
- signing
Attributes Property Map - The information about a key, including the algorithm, public key-value, and flags.
- timeouts Property Map
Supporting Types
DelegationSignerRecordSigningAttributes, DelegationSignerRecordSigningAttributesArgs
- Algorithm int
- Algorithm which was used to generate the digest from the public key.
- Flags int
- Defines the type of key. It can be either a KSK (key-signing-key, value
257) or ZSK (zone-signing-key, value256). - Public
Key string - The base64-encoded public key part of the key pair that is passed to the registry.
- Algorithm int
- Algorithm which was used to generate the digest from the public key.
- Flags int
- Defines the type of key. It can be either a KSK (key-signing-key, value
257) or ZSK (zone-signing-key, value256). - Public
Key string - The base64-encoded public key part of the key pair that is passed to the registry.
- algorithm Integer
- Algorithm which was used to generate the digest from the public key.
- flags Integer
- Defines the type of key. It can be either a KSK (key-signing-key, value
257) or ZSK (zone-signing-key, value256). - public
Key String - The base64-encoded public key part of the key pair that is passed to the registry.
- algorithm number
- Algorithm which was used to generate the digest from the public key.
- flags number
- Defines the type of key. It can be either a KSK (key-signing-key, value
257) or ZSK (zone-signing-key, value256). - public
Key string - The base64-encoded public key part of the key pair that is passed to the registry.
- algorithm int
- Algorithm which was used to generate the digest from the public key.
- flags int
- Defines the type of key. It can be either a KSK (key-signing-key, value
257) or ZSK (zone-signing-key, value256). - public_
key str - The base64-encoded public key part of the key pair that is passed to the registry.
- algorithm Number
- Algorithm which was used to generate the digest from the public key.
- flags Number
- Defines the type of key. It can be either a KSK (key-signing-key, value
257) or ZSK (zone-signing-key, value256). - public
Key String - The base64-encoded public key part of the key pair that is passed to the registry.
DelegationSignerRecordTimeouts, DelegationSignerRecordTimeoutsArgs
- Create string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- Delete string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
- Create string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- Delete string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
- create String
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- delete String
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
- create string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- delete string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
- create str
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- delete str
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
- create String
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- delete String
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
Import
Using pulumi import, import delegation signer records using the domain name and DNSSEC key ID, separated by a comma (,). For example:
$ pulumi import aws:route53domains/delegationSignerRecord:DelegationSignerRecord example example.com,40DE3534F5324DBDAC598ACEDB5B1E26A5368732D9C791D1347E4FBDDF6FC343
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
awsTerraform Provider.