-
Notifications
You must be signed in to change notification settings - Fork 9.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for Route 53 DNSSEC #16836
Comments
Might also be good to create a separate issue for managing Route 53 Resolver DNSSEC: https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-dnssec-validation.html (backed by APIs like Available here: #16837 |
Will merge in the required AWS Go SDK version 1.36.11 update after we cut today's release. I should be able to get the |
When should we expect this to be available? |
* New Resource: aws_route53_key_signing_key Reference: #16834 Reference: #16836 Output from acceptance testing in AWS Commercial: ``` --- PASS: TestAccAwsRoute53KeySigningKey_disappears (134.60s) --- PASS: TestAccAwsRoute53KeySigningKey_basic (135.34s) --- PASS: TestAccAwsRoute53KeySigningKey_Status (180.85s) ``` Output from acceptance testing in AWS GovCloud (US): ``` === CONT TestAccAwsRoute53KeySigningKey_basic route53_key_signing_key_test.go:40: Route 53 Key Signing Key not available in this AWS Partition --- SKIP: TestAccAwsRoute53KeySigningKey_basic (2.52s) === CONT TestAccAwsRoute53KeySigningKey_Status route53_key_signing_key_test.go:40: Route 53 Key Signing Key not available in this AWS Partition === CONT TestAccAwsRoute53KeySigningKey_disappears route53_key_signing_key_test.go:40: Route 53 Key Signing Key not available in this AWS Partition --- SKIP: TestAccAwsRoute53KeySigningKey_Status (2.52s) --- SKIP: TestAccAwsRoute53KeySigningKey_disappears (2.52s) ```
The first part of this, an |
Reference: #16836 Output from acceptance testing in AWS Commercial: ``` --- PASS: TestAccAwsRoute53HostedZoneDnssec_basic (205.85s) --- PASS: TestAccAwsRoute53HostedZoneDnssec_disappears (232.79s) --- PASS: TestAccAwsRoute53HostedZoneDnssec_SigningStatus (284.80s) ``` Output from acceptance testing in AWS GovCloud (US): ``` --- SKIP: TestAccAwsRoute53HostedZoneDnssec_basic (2.37s) --- SKIP: TestAccAwsRoute53HostedZoneDnssec_SigningStatus (2.37s) --- SKIP: TestAccAwsRoute53HostedZoneDnssec_disappears (2.37s) ```
Reference: #16836 Output from acceptance testing in AWS Commercial: ``` --- PASS: TestAccAwsRoute53HostedZoneDnssec_basic (205.85s) --- PASS: TestAccAwsRoute53HostedZoneDnssec_disappears (232.79s) --- PASS: TestAccAwsRoute53HostedZoneDnssec_SigningStatus (284.80s) ``` Output from acceptance testing in AWS GovCloud (US): ``` --- SKIP: TestAccAwsRoute53HostedZoneDnssec_basic (2.37s) --- SKIP: TestAccAwsRoute53HostedZoneDnssec_SigningStatus (2.37s) --- SKIP: TestAccAwsRoute53HostedZoneDnssec_disappears (2.37s) ```
Support for a new |
This has been released in version 3.31.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks! |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks! |
Community Note
Description
Today, Amazon Web Services announced the launch of Domain Name System Security Extensions (DNSSEC) for Amazon Route 53. You can now enable DNSSEC signing for all existing and new public hosted zones, and enable DNSSEC validation for Amazon Route 53 Resolver. Amazon Route 53 DNSSEC provides data origin authentication and data integrity verification for DNS and can help customers meet compliance mandates, such as FedRAMP.
When you enable DNSSEC signing on a hosted zone, Route 53 cryptographically signs each record in that hosted zone. Route 53 manages the zone-signing key, and you can manage the key-signing key in AWS Key Management Service (AWS KMS). Amazon’s domain name registrar, Route 53 Domains, already supports DNSSEC, and customers can now register domains and host their DNS on Route 53 with DNSSEC signing enabled.
New or Affected Resource(s)
aws_route53_zone
aws_route53_key_signing_key
Potential Terraform Configuration
References
The text was updated successfully, but these errors were encountered: