107 lines
3.1 KiB
TypeScript
107 lines
3.1 KiB
TypeScript
import type { Construct } from 'constructs';
|
|
import type { IHostedZone } from './hosted-zone-ref';
|
|
import type * as kms from '../../aws-kms';
|
|
import type { IResource } from '../../core';
|
|
import { Resource } from '../../core';
|
|
import type { IKeySigningKeyRef, KeySigningKeyReference } from '../../interfaces/generated/aws-route53-interfaces.generated';
|
|
/**
|
|
* Properties for constructing a Key Signing Key.
|
|
*/
|
|
export interface KeySigningKeyProps {
|
|
/**
|
|
* The hosted zone that this key will be used to sign.
|
|
*/
|
|
readonly hostedZone: IHostedZone;
|
|
/**
|
|
* The customer-managed KMS key that that will be used to sign the records.
|
|
*
|
|
* The KMS Key must be unique for each KSK within a hosted zone. Additionally, the
|
|
* KMS key must be an asymetric customer-managed key using the ECC_NIST_P256 algorithm.
|
|
*
|
|
* @see https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-configuring-dnssec-cmk-requirements.html
|
|
*/
|
|
readonly kmsKey: kms.IKey;
|
|
/**
|
|
* The name for the key signing key.
|
|
*
|
|
* This name must be unique within a hosted zone.
|
|
*
|
|
* @default an autogenerated name
|
|
*/
|
|
readonly keySigningKeyName?: string;
|
|
/**
|
|
* The status of the key signing key.
|
|
*
|
|
* @default ACTIVE
|
|
*/
|
|
readonly status?: KeySigningKeyStatus;
|
|
}
|
|
/**
|
|
* The status for a Key Signing Key.
|
|
*/
|
|
export declare enum KeySigningKeyStatus {
|
|
/** The KSK is being used for signing. */
|
|
ACTIVE = "ACTIVE",
|
|
/** The KSK is not being used for signing. */
|
|
INACTIVE = "INACTIVE"
|
|
}
|
|
/**
|
|
* A Key Signing Key for a Route 53 Hosted Zone.
|
|
*/
|
|
export interface IKeySigningKey extends IResource, IKeySigningKeyRef {
|
|
/**
|
|
* The hosted zone that the key signing key signs.
|
|
*
|
|
* @attribute
|
|
*/
|
|
readonly hostedZone: IHostedZone;
|
|
/**
|
|
* The name of the key signing key.
|
|
*
|
|
* @attribute
|
|
*/
|
|
readonly keySigningKeyName: string;
|
|
/**
|
|
* The ID of the key signing key, derived from the hosted zone ID and its name.
|
|
*
|
|
* @attribute
|
|
*/
|
|
readonly keySigningKeyId: string;
|
|
}
|
|
/**
|
|
* The attributes of a key signing key.
|
|
*/
|
|
export interface KeySigningKeyAttributes {
|
|
/**
|
|
* The hosted zone that the key signing key signs.
|
|
*
|
|
* @attribute
|
|
*/
|
|
readonly hostedZone: IHostedZone;
|
|
/**
|
|
* The name of the key signing key.
|
|
*
|
|
* @attribute
|
|
*/
|
|
readonly keySigningKeyName: string;
|
|
}
|
|
/**
|
|
* A Key Signing Key for a Route 53 Hosted Zone.
|
|
*
|
|
* @resource AWS::Route53::KeySigningKey
|
|
*/
|
|
export declare class KeySigningKey extends Resource implements IKeySigningKey {
|
|
/** Uniquely identifies this class. */
|
|
static readonly PROPERTY_INJECTION_ID: string;
|
|
/**
|
|
* Imports a key signing key from its attributes.
|
|
*/
|
|
static fromKeySigningKeyAttributes(scope: Construct, id: string, attrs: KeySigningKeyAttributes): IKeySigningKey;
|
|
readonly hostedZone: IHostedZone;
|
|
readonly keySigningKeyName: string;
|
|
readonly keySigningKeyId: string;
|
|
get keySigningKeyRef(): KeySigningKeyReference;
|
|
constructor(scope: Construct, id: string, props: KeySigningKeyProps);
|
|
private grantKeyPermissionsForZone;
|
|
}
|