mirror of
https://github.com/go-acme/lego
synced 2024-05-20 11:56:39 +02:00
2.5 KiB
2.5 KiB
| title | date | draft | slug |
|---|---|---|---|
| Amazon Route 53 | 2019-03-03T16:39:46+01:00 | false | route53 |
Configuration for Amazon Route 53.
- Code:
route53
{{% notice note %}} Please contribute by adding a CLI example. {{% /notice %}}
Credentials
| Environment Variable Name | Description |
|---|---|
AWS_ACCESS_KEY_ID |
|
AWS_HOSTED_ZONE_ID |
|
AWS_REGION |
|
AWS_SECRET_ACCESS_KEY |
Additional Configuration
| Environment Variable Name | Description |
|---|---|
AWS_POLLING_INTERVAL |
Time between DNS propagation check |
AWS_PROPAGATION_TIMEOUT |
Maximum waiting time for DNS propagation |
AWS_TTL |
The TTL of the TXT record used for the DNS challenge |
Description
AWS Credentials are automatically detected in the following locations and prioritized in the following order:
- Environment variables:
AWS_ACCESS_KEY_ID,AWS_SECRET_ACCESS_KEY,AWS_REGION, [AWS_SESSION_TOKEN] - Shared credentials file (defaults to
~/.aws/credentials) - Amazon EC2 IAM role
If AWS_HOSTED_ZONE_ID is not set, Lego tries to determine the correct public hosted zone via the FQDN.
See also: configuring-sdk
Policy
The following AWS IAM policy document describes the permissions required for lego to complete the DNS challenge.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Action": [
"route53:GetChange",
"route53:ChangeResourceRecordSets",
"route53:ListResourceRecordSets"
],
"Resource": [
"arn:aws:route53:::hostedzone/*",
"arn:aws:route53:::change/*"
]
},
{
"Sid": "",
"Effect": "Allow",
"Action": "route53:ListHostedZonesByName",
"Resource": "*"
}
]
}