AWS Route 53 Hosted Zone DNSSEC

This page shows how to write Terraform and CloudFormation for Route 53 Hosted Zone DNSSEC and write them securely.

aws_route53_hosted_zone_dnssec (Terraform)

The Hosted Zone DNSSEC in Route 53 can be configured in Terraform with the resource name aws_route53_hosted_zone_dnssec. The following sections describe 4 examples of how to use the resource and its parameters.

Example Usage from GitHub

resource "aws_route53_hosted_zone_dnssec" "zone" {
  hosted_zone_id =

output "hosted-zone" {
  value =
resource "aws_route53_hosted_zone_dnssec" "this" {
  depends_on = [
  hosted_zone_id = aws_route53_key_signing_key.this.hosted_zone_id
resource "aws_route53_hosted_zone_dnssec" "hosted_zone_dnssec" {
  hosted_zone_id = aws_route53_key_signing_key.zone_signing_key.hosted_zone_id

resource "aws_route53_record" "ds_in_parent_zone" {
  count   = var.route53_create_ds_record ? 1 : 0
resource "aws_route53_hosted_zone_dnssec" "sandbox_dnssec" {
  depends_on = [
  hosted_zone_id = aws_route53_key_signing_key.sandbox_key.hosted_zone_id


Explanation in Terraform Registry

Manages Route 53 Hosted Zone Domain Name System Security Extensions (DNSSEC). For more information about managing DNSSEC in Route 53, see the Route 53 Developer Guide.

AWS::Route53::DNSSEC (CloudFormation)

The DNSSEC in Route53 can be configured in CloudFormation with the resource name AWS::Route53::DNSSEC. The following sections describe how to use the resource and its parameters.


HostedZoneId A unique string (ID) that is used to identify a hosted zone. For example: Z00001111A1ABCaaABC11.
Required: Yes
Type: String
Update requires: Replacement

Explanation in CloudFormation Registry

The AWS::Route53::DNSSEC resource is used to enable DNSSEC signing in a hosted zone.

Frequently asked questions

What is AWS Route 53 Hosted Zone DNSSEC?

AWS Route 53 Hosted Zone DNSSEC is a resource for Route 53 of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.

Where can I find the example code for the AWS Route 53 Hosted Zone DNSSEC?

For Terraform, the kwiniaskaridge/terraform-dns, ManagedKube/kubernetes-ops and aleksandarknezevic/terraform-aws-route53-dnssec source code examples are useful. See the Terraform Example section for further details.