lego/providers/dns/lightsail/lightsail.toml

Name = "Amazon Lightsail"
Description = ''''''
URL = "https://aws.amazon.com/lightsail/"
Code = "lightsail"
Since = "v0.5.0"

Example = ''''''

Additional = '''
## Description

AWS Credentials are automatically detected in the following locations and prioritized in the following order:

1. Environment variables: `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, [`AWS_SESSION_TOKEN`]
2. Shared credentials file (defaults to `~/.aws/credentials`, profiles can be specified using `AWS_PROFILE`)
3. Amazon EC2 IAM role

AWS region is not required to set as the Lightsail DNS zone is in global (us-east-1) region.

## Policy

The following AWS IAM policy document describes the minimum permissions required for lego to complete the DNS challenge.

```json
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "lightsail:DeleteDomainEntry",
        "lightsail:CreateDomainEntry"
      ],
      "Resource": "<Lightsail DNS zone ARN>"
    }
  ]
}
```

Replace the `Resource` value with your Lightsail DNS zone ARN.
You can retrieve the ARN using aws cli by running `aws lightsail get-domains --region us-east-1` (Lightsail web console does not show the ARN, unfortunately).
It should be in the format of `arn:aws:lightsail:global:<ACCOUNT ID>:Domain/<DOMAIN ID>`.
You also need to replace the region in the ARN to `us-east-1` (instead of `global`).

Alternatively, you can also set the `Resource` to `*` (wildcard), which allow to access all domain, but this is not recommended.
'''

[Configuration]
  [Configuration.Credentials]
    AWS_ACCESS_KEY_ID = "Managed by the AWS client. Access key ID (`AWS_ACCESS_KEY_ID_FILE` is not supported, use `AWS_SHARED_CREDENTIALS_FILE` instead)"
    AWS_SECRET_ACCESS_KEY = "Managed by the AWS client. Secret access key (`AWS_SECRET_ACCESS_KEY_FILE` is not supported, use `AWS_SHARED_CREDENTIALS_FILE` instead)"
    DNS_ZONE = "Domain name of the DNS zone"
  [Configuration.Additional]
    AWS_SHARED_CREDENTIALS_FILE = "Managed by the AWS client. Shared credentials file."
    LIGHTSAIL_POLLING_INTERVAL = "Time between DNS propagation check"
    LIGHTSAIL_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation"

[Links]
  GoClient = "https://github.com/aws/aws-sdk-go/"
Automatic generation of documentation (#818) * generate a detailed CLI help * generate a documentation site * new readme 2019-03-08 18:47:06 +00:00			`Name = "Amazon Lightsail"`
			`Description = ''''''`
			`URL = "https://aws.amazon.com/lightsail/"`
			`Code = "lightsail"`
Adds 'Since' to DNS providers documentation (#854) 2019-04-17 19:32:38 +00:00			`Since = "v0.5.0"`
Automatic generation of documentation (#818) * generate a detailed CLI help * generate a documentation site * new readme 2019-03-08 18:47:06 +00:00
			`Example = ''''''`

lightsail: improve documentation (#1407) 2021-05-22 09:00:25 +00:00			`Additional = '''`
			`## Description`

			`AWS Credentials are automatically detected in the following locations and prioritized in the following order:`

			1. Environment variables: `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, [`AWS_SESSION_TOKEN`]
			2. Shared credentials file (defaults to `~/.aws/credentials`, profiles can be specified using `AWS_PROFILE`)
			`3. Amazon EC2 IAM role`

			`AWS region is not required to set as the Lightsail DNS zone is in global (us-east-1) region.`

			`## Policy`

			`The following AWS IAM policy document describes the minimum permissions required for lego to complete the DNS challenge.`

			```json
			`{`
			`"Version": "2012-10-17",`
			`"Statement": [`
			`{`
			`"Effect": "Allow",`
			`"Action": [`
			`"lightsail:DeleteDomainEntry",`
			`"lightsail:CreateDomainEntry"`
			`],`
			`"Resource": "<Lightsail DNS zone ARN>"`
			`}`
			`]`
			`}`
			```

			Replace the `Resource` value with your Lightsail DNS zone ARN.
			You can retrieve the ARN using aws cli by running `aws lightsail get-domains --region us-east-1` (Lightsail web console does not show the ARN, unfortunately).
			It should be in the format of `arn:aws:lightsail:global:<ACCOUNT ID>:Domain/<DOMAIN ID>`.
			You also need to replace the region in the ARN to `us-east-1` (instead of `global`).

			Alternatively, you can also set the `Resource` to `*` (wildcard), which allow to access all domain, but this is not recommended.
			`'''`

Automatic generation of documentation (#818) * generate a detailed CLI help * generate a documentation site * new readme 2019-03-08 18:47:06 +00:00			`[Configuration]`
			`[Configuration.Credentials]`
aws: detailed credentials (#1439) Co-authored-by: Fernandez Ludovic <ldez@users.noreply.github.com> 2021-06-28 01:31:18 +00:00			AWS_ACCESS_KEY_ID = "Managed by the AWS client. Access key ID (`AWS_ACCESS_KEY_ID_FILE` is not supported, use `AWS_SHARED_CREDENTIALS_FILE` instead)"
			AWS_SECRET_ACCESS_KEY = "Managed by the AWS client. Secret access key (`AWS_SECRET_ACCESS_KEY_FILE` is not supported, use `AWS_SHARED_CREDENTIALS_FILE` instead)"
lightsail: improve documentation (#1407) 2021-05-22 09:00:25 +00:00			`DNS_ZONE = "Domain name of the DNS zone"`
Automatic generation of documentation (#818) * generate a detailed CLI help * generate a documentation site * new readme 2019-03-08 18:47:06 +00:00			`[Configuration.Additional]`
aws: detailed credentials (#1439) Co-authored-by: Fernandez Ludovic <ldez@users.noreply.github.com> 2021-06-28 01:31:18 +00:00			`AWS_SHARED_CREDENTIALS_FILE = "Managed by the AWS client. Shared credentials file."`
Automatic generation of documentation (#818) * generate a detailed CLI help * generate a documentation site * new readme 2019-03-08 18:47:06 +00:00			`LIGHTSAIL_POLLING_INTERVAL = "Time between DNS propagation check"`
			`LIGHTSAIL_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation"`

			`[Links]`
lightsail: improve documentation (#1407) 2021-05-22 09:00:25 +00:00			`GoClient = "https://github.com/aws/aws-sdk-go/"`