Missing option to enable DNSSEC for registered domains

aws / aws-sdk

Landing page for the AWS SDKs on GitHub

https://aws.amazon.com/tools/

Other

68 stars 13 forks source link

Missing option to enable DNSSEC for registered domains #587

Closed TCY16 closed 10 months ago

TCY16 commented 10 months ago

Describe the feature

Currently enabling DNSSEC on a registered domain is not possible via the CLI, but is possible via the management console. I would love a command option that makes it possible to register a DS record public key generated by the create-key-signing-key command.

Use Case

This a missing feature in the chain of automating DNSSEC on anyones full domain currently

Proposed Solution

Please add this command option

Other Information

-removed incorrect reference-

Acknowledgements

[X] I may be able to implement this feature request

CLI version used

2.13.1

Environment details (OS name and version, etc.)

macOS Ventura 13.4

RyanFitzSimmonsAK commented 10 months ago

Hi @TCY16, thanks for reaching out. Since this is a request for new functionality for a service's API, it would have to be made available by the service itself. I've reached out to the Route53 service to inquire if this is something they'd consider, and I'm going to move this issue to our cross-SDK repository (https://github.com/aws/aws-sdk) for tracking and updates. Thanks!

Ticket # for internal use : P97256299

RyanFitzSimmonsAK commented 10 months ago

Hi @TCY16; I spoke with the service team and they pointed me towards this operation in the Route53 API. Does this fulfill your use case?

TCY16 commented 10 months ago

Hi @RyanFitzSimmonsAK, thanks for getting back to me, it seems like it does!

From the documentation you linked to I'm still a little unclear if this is specific for the route53, but I'm guessing it is. If so, this would allow me to publish my DS record with the Route53 registrar (like the steps from the first bullet point on step 3.5 in this guide), could you confirm that?

Thanks again!

RyanFitzSimmonsAK commented 10 months ago

Yes, that operation should fulfill that step in the guide you linked.

TCY16 commented 10 months ago

That's great to hear! I would still love an implementation in the aws-cli tool as this would remove the need to execute this functionality by hand or have every individual write their own interaction with the API themselves, do you think that's possible?

Thanks!

RyanFitzSimmonsAK commented 10 months ago

Could you clarify what you mean by an implementation in the CLI? The operation I linked earlier is available through the CLI (https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53domains/associate-delegation-signer-to-domain.html).

TCY16 commented 10 months ago

Ah great! I never found that in the documentation (while the name is correct of course, it's not exactly intuitive to me). Thanks, that's exactly what I was looking for 👍

github-actions[bot] commented 10 months ago

This issue is now closed.

Comments on closed issues are hard for our team to see. If you need more assistance, please either tag a team member or open a new issue that references this one. If you wish to keep having a conversation with other community members under this issue feel free to do so.