AWS Route 53 Hosted Zone DNSSEC
This page shows how to write Terraform and CloudFormation for Route 53 Hosted Zone DNSSEC and write them securely.
aws_route53_hosted_zone_dnssec (Terraform)
The Hosted Zone DNSSEC in Route 53 can be configured in Terraform with the resource name aws_route53_hosted_zone_dnssec. The following sections describe 4 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "aws_route53_hosted_zone_dnssec" "zone" {
hosted_zone_id = aws_route53_key_signing_key.zone.hosted_zone_id
}
output "hosted-zone" {
value = aws_route53_zone.zone
resource "aws_route53_hosted_zone_dnssec" "this" {
depends_on = [
aws_route53_key_signing_key.this
]
hosted_zone_id = aws_route53_key_signing_key.this.hosted_zone_id
}
resource "aws_route53_hosted_zone_dnssec" "hosted_zone_dnssec" {
hosted_zone_id = aws_route53_key_signing_key.zone_signing_key.hosted_zone_id
}
resource "aws_route53_record" "ds_in_parent_zone" {
count = var.route53_create_ds_record ? 1 : 0
resource "aws_route53_hosted_zone_dnssec" "sandbox_dnssec" {
depends_on = [
aws_route53_key_signing_key.sandbox_key
]
hosted_zone_id = aws_route53_key_signing_key.sandbox_key.hosted_zone_id
}
Parameters
-
hosted_zone_idrequired - string -
idoptional computed - string -
signing_statusoptional - string
Explanation in Terraform Registry
Manages Route 53 Hosted Zone Domain Name System Security Extensions (DNSSEC). For more information about managing DNSSEC in Route 53, see the Route 53 Developer Guide.
AWS::Route53::DNSSEC (CloudFormation)
The DNSSEC in Route53 can be configured in CloudFormation with the resource name AWS::Route53::DNSSEC. The following sections describe 5 examples of how to use the resource and its parameters.
Example Usage from GitHub
Type: 'AWS::Route53::DNSSEC'
Properties:
HostedZoneId: {'Fn::ImportValue': !Sub '${ParentZoneStack}-HostedZoneId'}
DNSSECInternalFailureAlarm:
Condition: HasAlertTopic
Type: 'AWS::CloudWatch::Alarm'
Type: AWS::Route53::DNSSEC
Properties:
HostedZoneId:
Ref: HostedZoneId
KeySigningKey:
Type: AWS::Route53::DNSSEC
DependsOn: KeySigningKey
Properties:
HostedZoneId: !Ref HostedZoneId
RecordSetGroup:
Type: AWS::Route53::RecordSetGroup
"Type": "AWS::Route53::DNSSEC",
"Properties": {
"HostedZoneId": {
"Ref": "HostedZoneId"
}
}
"AWS::Route53::DNSSEC": {
"Type": "AWS::Route53::DNSSEC",
"Properties": {}
},
"AWS::AmazonMQ::ConfigurationAssociation": {
"Type": "AWS::AmazonMQ::ConfigurationAssociation",
Parameters
HostedZoneId
A unique string (ID) that is used to identify a hosted zone. For example: Z00001111A1ABCaaABC11.
Required: Yes
Type: String
Update requires: Replacement
Explanation in CloudFormation Registry
The
AWS::Route53::DNSSECresource is used to enable DNSSEC signing in a hosted zone.
Frequently asked questions
What is AWS Route 53 Hosted Zone DNSSEC?
AWS Route 53 Hosted Zone DNSSEC is a resource for Route 53 of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.
Where can I find the example code for the AWS Route 53 Hosted Zone DNSSEC?
For Terraform, the kwiniaskaridge/terraform-dns, ManagedKube/kubernetes-ops and aleksandarknezevic/terraform-aws-route53-dnssec source code examples are useful. See the Terraform Example section for further details.
For CloudFormation, the widdix/aws-cf-templates, kalrish/area51 and DerploidEntertainment/Website source code examples are useful. See the CloudFormation Example section for further details.
