Co-authored-by: Fernandez Ludovic <ldez@users.noreply.github.com>
4.3 KiB
title | date | draft | slug |
---|---|---|---|
Amazon Route 53 | 2019-03-03T16:39:46+01:00 | false | route53 |
Since: v0.3.0
Configuration for Amazon Route 53.
- Code:
route53
{{% notice note %}} Please contribute by adding a CLI example. {{% /notice %}}
Credentials
Environment Variable Name | Description |
---|---|
AWS_ACCESS_KEY_ID |
Managed by the AWS client. Access key ID (AWS_ACCESS_KEY_ID_FILE is not supported, use AWS_SHARED_CREDENTIALS_FILE instead) |
AWS_ASSUME_ROLE_ARN |
Managed by the AWS Role ARN (AWS_ASSUME_ROLE_ARN is not supported) |
AWS_HOSTED_ZONE_ID |
Override the hosted zone ID. |
AWS_PROFILE |
Managed by the AWS client (AWS_PROFILE_FILE is not supported) |
AWS_REGION |
Managed by the AWS client (AWS_REGION_FILE is not supported) |
AWS_SDK_LOAD_CONFIG |
Managed by the AWS client. Retrieve the region from the CLI config file (AWS_SDK_LOAD_CONFIG_FILE is not supported) |
AWS_SECRET_ACCESS_KEY |
Managed by the AWS client. Secret access key (AWS_SECRET_ACCESS_KEY_FILE is not supported, use AWS_SHARED_CREDENTIALS_FILE instead) |
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
More information here.
Additional Configuration
Environment Variable Name | Description |
---|---|
AWS_MAX_RETRIES |
The number of maximum returns the service will use to make an individual API request |
AWS_POLLING_INTERVAL |
Time between DNS propagation check |
AWS_PROPAGATION_TIMEOUT |
Maximum waiting time for DNS propagation |
AWS_SHARED_CREDENTIALS_FILE |
Managed by the AWS client. Shared credentials file. |
AWS_TTL |
The TTL of the TXT record used for the DNS challenge |
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
More information here.
Description
AWS Credentials are automatically detected in the following locations and prioritized in the following order:
- Environment variables:
AWS_ACCESS_KEY_ID
,AWS_SECRET_ACCESS_KEY
, [AWS_SESSION_TOKEN
] - Shared credentials file (defaults to
~/.aws/credentials
, profiles can be specified usingAWS_PROFILE
) - Amazon EC2 IAM role
The AWS Region is automatically detected in the following locations and prioritized in the following order:
- Environment variables:
AWS_REGION
- Shared configuration file if
AWS_SDK_LOAD_CONFIG
is set (defaults to~/.aws/config
, profiles can be specified usingAWS_PROFILE
)
If AWS_HOSTED_ZONE_ID
is not set, Lego tries to determine the correct public hosted zone via the FQDN.
See also:
Policy
The following AWS IAM policy document describes the permissions required for lego to complete the DNS challenge.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Action": [
"route53:GetChange",
"route53:ChangeResourceRecordSets",
"route53:ListResourceRecordSets"
],
"Resource": [
"arn:aws:route53:::hostedzone/*",
"arn:aws:route53:::change/*"
]
},
{
"Sid": "",
"Effect": "Allow",
"Action": "route53:ListHostedZonesByName",
"Resource": "*"
}
]
}