Document all AWS credential environment variables (#1171)
This commit is contained in:
parent
7c3689d08a
commit
47ed092fca
3 changed files with 24 additions and 6 deletions
|
@ -1450,7 +1450,9 @@ func displayDNSHelp(name string) error {
|
||||||
ew.writeln(`Credentials:`)
|
ew.writeln(`Credentials:`)
|
||||||
ew.writeln(` - "AWS_ACCESS_KEY_ID": Managed by the AWS client ('AWS_ACCESS_KEY_ID_FILE' is not supported)`)
|
ew.writeln(` - "AWS_ACCESS_KEY_ID": Managed by the AWS client ('AWS_ACCESS_KEY_ID_FILE' is not supported)`)
|
||||||
ew.writeln(` - "AWS_HOSTED_ZONE_ID": Override the hosted zone ID`)
|
ew.writeln(` - "AWS_HOSTED_ZONE_ID": Override the hosted zone ID`)
|
||||||
|
ew.writeln(` - "AWS_PROFILE": Managed by the AWS client ('AWS_PROFILE_FILE' is not supported)`)
|
||||||
ew.writeln(` - "AWS_REGION": Managed by the AWS client ('AWS_REGION_FILE' is not supported)`)
|
ew.writeln(` - "AWS_REGION": Managed by the AWS client ('AWS_REGION_FILE' is not supported)`)
|
||||||
|
ew.writeln(` - "AWS_SDK_LOAD_CONFIG": Retrieve the region from the CLI config file ('AWS_SDK_LOAD_CONFIG_FILE' is not supported)`)
|
||||||
ew.writeln(` - "AWS_SECRET_ACCESS_KEY": Managed by the AWS client ('AWS_SECRET_ACCESS_KEY_FILE' is not supported)`)
|
ew.writeln(` - "AWS_SECRET_ACCESS_KEY": Managed by the AWS client ('AWS_SECRET_ACCESS_KEY_FILE' is not supported)`)
|
||||||
ew.writeln()
|
ew.writeln()
|
||||||
|
|
||||||
|
|
|
@ -31,7 +31,9 @@ _Please contribute by adding a CLI example._
|
||||||
|-----------------------|-------------|
|
|-----------------------|-------------|
|
||||||
| `AWS_ACCESS_KEY_ID` | Managed by the AWS client (`AWS_ACCESS_KEY_ID_FILE` is not supported) |
|
| `AWS_ACCESS_KEY_ID` | Managed by the AWS client (`AWS_ACCESS_KEY_ID_FILE` is not supported) |
|
||||||
| `AWS_HOSTED_ZONE_ID` | Override the hosted zone ID |
|
| `AWS_HOSTED_ZONE_ID` | Override the hosted zone ID |
|
||||||
|
| `AWS_PROFILE` | Managed by the AWS client (`AWS_PROFILE_FILE` is not supported) |
|
||||||
| `AWS_REGION` | Managed by the AWS client (`AWS_REGION_FILE` is not supported) |
|
| `AWS_REGION` | Managed by the AWS client (`AWS_REGION_FILE` is not supported) |
|
||||||
|
| `AWS_SDK_LOAD_CONFIG` | Retrieve the region from the CLI config file (`AWS_SDK_LOAD_CONFIG_FILE` is not supported) |
|
||||||
| `AWS_SECRET_ACCESS_KEY` | Managed by the AWS client (`AWS_SECRET_ACCESS_KEY_FILE` is not supported) |
|
| `AWS_SECRET_ACCESS_KEY` | Managed by the AWS client (`AWS_SECRET_ACCESS_KEY_FILE` is not supported) |
|
||||||
|
|
||||||
The environment variable names can be suffixed by `_FILE` to reference a file instead of a value.
|
The environment variable names can be suffixed by `_FILE` to reference a file instead of a value.
|
||||||
|
@ -54,16 +56,22 @@ More information [here](/lego/dns/#configuration-and-credentials).
|
||||||
|
|
||||||
AWS Credentials are automatically detected in the following locations and prioritized in the following order:
|
AWS Credentials are automatically detected in the following locations and prioritized in the following order:
|
||||||
|
|
||||||
1. Environment variables: `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `AWS_REGION`, [`AWS_SESSION_TOKEN`]
|
1. Environment variables: `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, [`AWS_SESSION_TOKEN`]
|
||||||
2. Shared credentials file (defaults to `~/.aws/credentials`)
|
2. Shared credentials file (defaults to `~/.aws/credentials`, profiles can be specified using `AWS_PROFILE`)
|
||||||
3. Amazon EC2 IAM role
|
3. Amazon EC2 IAM role
|
||||||
|
|
||||||
|
The AWS Region is automatically detected in the following locations and prioritized in the following order:
|
||||||
|
|
||||||
|
1. Environment variables: `AWS_REGION`
|
||||||
|
2. Shared configuration file if `AWS_SDK_LOAD_CONFIG` is set (defaults to `~/.aws/config`, profiles can be specified using `AWS_PROFILE`)
|
||||||
|
|
||||||
If `AWS_HOSTED_ZONE_ID` is not set, Lego tries to determine the correct public hosted zone via the FQDN.
|
If `AWS_HOSTED_ZONE_ID` is not set, Lego tries to determine the correct public hosted zone via the FQDN.
|
||||||
|
|
||||||
See also:
|
See also:
|
||||||
|
|
||||||
- [sessions](https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/sessions.html)
|
- [sessions](https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/sessions.html)
|
||||||
- [Setting AWS Credentials](https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/setup-credentials.html#setup-credentials-setting)
|
- [Setting AWS Credentials](https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials)
|
||||||
|
- [Setting AWS Region](https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-the-region)
|
||||||
|
|
||||||
## Policy
|
## Policy
|
||||||
|
|
||||||
|
|
|
@ -11,16 +11,22 @@ Additional = '''
|
||||||
|
|
||||||
AWS Credentials are automatically detected in the following locations and prioritized in the following order:
|
AWS Credentials are automatically detected in the following locations and prioritized in the following order:
|
||||||
|
|
||||||
1. Environment variables: `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `AWS_REGION`, [`AWS_SESSION_TOKEN`]
|
1. Environment variables: `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, [`AWS_SESSION_TOKEN`]
|
||||||
2. Shared credentials file (defaults to `~/.aws/credentials`)
|
2. Shared credentials file (defaults to `~/.aws/credentials`, profiles can be specified using `AWS_PROFILE`)
|
||||||
3. Amazon EC2 IAM role
|
3. Amazon EC2 IAM role
|
||||||
|
|
||||||
|
The AWS Region is automatically detected in the following locations and prioritized in the following order:
|
||||||
|
|
||||||
|
1. Environment variables: `AWS_REGION`
|
||||||
|
2. Shared configuration file if `AWS_SDK_LOAD_CONFIG` is set (defaults to `~/.aws/config`, profiles can be specified using `AWS_PROFILE`)
|
||||||
|
|
||||||
If `AWS_HOSTED_ZONE_ID` is not set, Lego tries to determine the correct public hosted zone via the FQDN.
|
If `AWS_HOSTED_ZONE_ID` is not set, Lego tries to determine the correct public hosted zone via the FQDN.
|
||||||
|
|
||||||
See also:
|
See also:
|
||||||
|
|
||||||
- [sessions](https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/sessions.html)
|
- [sessions](https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/sessions.html)
|
||||||
- [Setting AWS Credentials](https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/setup-credentials.html#setup-credentials-setting)
|
- [Setting AWS Credentials](https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials)
|
||||||
|
- [Setting AWS Region](https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-the-region)
|
||||||
|
|
||||||
## Policy
|
## Policy
|
||||||
|
|
||||||
|
@ -61,6 +67,8 @@ The following AWS IAM policy document describes the permissions required for leg
|
||||||
AWS_SECRET_ACCESS_KEY = "Managed by the AWS client (`AWS_SECRET_ACCESS_KEY_FILE` is not supported)"
|
AWS_SECRET_ACCESS_KEY = "Managed by the AWS client (`AWS_SECRET_ACCESS_KEY_FILE` is not supported)"
|
||||||
AWS_REGION = "Managed by the AWS client (`AWS_REGION_FILE` is not supported)"
|
AWS_REGION = "Managed by the AWS client (`AWS_REGION_FILE` is not supported)"
|
||||||
AWS_HOSTED_ZONE_ID = "Override the hosted zone ID"
|
AWS_HOSTED_ZONE_ID = "Override the hosted zone ID"
|
||||||
|
AWS_PROFILE = "Managed by the AWS client (`AWS_PROFILE_FILE` is not supported)"
|
||||||
|
AWS_SDK_LOAD_CONFIG = "Retrieve the region from the CLI config file (`AWS_SDK_LOAD_CONFIG_FILE` is not supported)"
|
||||||
[Configuration.Additional]
|
[Configuration.Additional]
|
||||||
AWS_MAX_RETRIES = "The number of maximum returns the service will use to make an individual API request"
|
AWS_MAX_RETRIES = "The number of maximum returns the service will use to make an individual API request"
|
||||||
AWS_POLLING_INTERVAL = "Time between DNS propagation check"
|
AWS_POLLING_INTERVAL = "Time between DNS propagation check"
|
||||||
|
|
Loading…
Reference in a new issue