route53/aws.sdk.kotlin.services.route53.model/KeySigningKey/kmsArn

kmsArn

val kmsArn: String?

The Amazon resource name (ARN) used to identify the customer managed key in Key Management Service (KMS). The KmsArn must be unique for each key-signing key (KSK) in a single hosted zone.

You must configure the customer managed key as follows:

Status

Enabled

Key spec

ECC_NIST_P256

Key usage

Sign and verify

Key policy

The key policy must give permission for the following actions:

  • DescribeKey

  • GetPublicKey

  • Sign The key policy must also include the Amazon Route 53 service in the principal for your account. Specify the following:

  • "Service": "dnssec-route53.amazonaws.com"

For more information about working with the customer managed key in KMS, see Key Management Service concepts.

© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved. Generated by dokka