AWSCLI command to delete/remove DNSSEC keys (DS record) from a domain :: The command `route53domains disassociate-delegation-signer-from-domain` does not seem to work.

I can add a private key to get DNSSEC enabled on a domain by using this aws cli command :

aws route53domains associate-delegation-signer-to-domain --domain-name <MY_DOMAIN_NAME> --region us-east-1 --signing-attributes Algorithm=13,Flags=257,PublicKey="<THE_PUBLIC_KEY>"

I want a way to now delete this using the AWS cli.

I have tried this command but it does not work :

aws route53domains disassociate-delegation-signer-from-domain --domain-name <MY_DOMAIN_NAME> --id <ID-KEY> --region us-east-1

I have tried it multiple times and always get back an email stating :

Dear AWS customer, We recently received an online request from your AWS account to do the following: Removing DNSSEC associated with the domain <MY_DOMAIN_NAME>. We're sorry to report that the operation failed after we forwarded your request to our registrar associate. This is because: The DNSSEC you specified is not found on domain.

I know that I am using the correct ID and domain address.

Can someone try to reproduce this and if they get the command to work please let me know how they did it?

Or if there is a different way to delete the key added with the first command please inform me how.

FYI - I am able to delete it if I go through the AWS dashboard - I need a way to do it with the cli.

Here is an image of where you would manually add it and delete it via the dashboard :

This image is what I am trying to delete. I pointed to where the key # lives that I use as the -id in the command that I try to remove it with: