Name = "Amazon Route 53"
Description = ''''''
URL = "https://aws.amazon.com/route53/"
Code = "route53"
Since = "v0.3.0"

Example = ''''''

Additional = '''
## Description

AWS Credentials are automatically detected in the following locations and prioritized in the following order:

1. Environment variables: `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `AWS_REGION`, [`AWS_SESSION_TOKEN`]
2. Shared credentials file (defaults to `~/.aws/credentials`)
3. Amazon EC2 IAM role

If `AWS_HOSTED_ZONE_ID` is not set, Lego tries to determine the correct public hosted zone via the FQDN.

See also:

- [sessions](https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/sessions.html)
- [Setting AWS Credentials](https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/setup-credentials.html#setup-credentials-setting)

## Policy

The following AWS IAM policy document describes the permissions required for lego to complete the DNS challenge.

```json
{
   "Version": "2012-10-17",
   "Statement": [
       {
           "Sid": "",
           "Effect": "Allow",
           "Action": [
               "route53:GetChange",
               "route53:ChangeResourceRecordSets",
               "route53:ListResourceRecordSets"
           ],
           "Resource": [
               "arn:aws:route53:::hostedzone/*",
               "arn:aws:route53:::change/*"
           ]
       },
       {
           "Sid": "",
           "Effect": "Allow",
           "Action": "route53:ListHostedZonesByName",
           "Resource": "*"
       }
   ]
}
```

'''

[Configuration]
  [Configuration.Credentials]
    AWS_ACCESS_KEY_ID = "Managed by the AWS client (`AWS_ACCESS_KEY_ID_FILE` is not supported)"
    AWS_SECRET_ACCESS_KEY = "Managed by the AWS client (`AWS_SECRET_ACCESS_KEY_FILE` is not supported)"
    AWS_REGION = "Managed by the AWS client (`AWS_REGION_FILE` is not supported)"
    AWS_HOSTED_ZONE_ID = "Override the hosted zone ID"
  [Configuration.Additional]
    AWS_MAX_RETRIES = "The number of maximum returns the service will use to make an individual API request"
    AWS_POLLING_INTERVAL = "Time between DNS propagation check"
    AWS_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation"
    AWS_TTL = "The TTL of the TXT record used for the DNS challenge"

[Links]
  API = "https://docs.aws.amazon.com/Route53/latest/APIReference/API_Operations_Amazon_Route_53.html"
  GoClient = "https://github.com/aws/aws-sdk-go/aws"