forked from TrueCloudLab/lego
62fea05e21
* generate a detailed CLI help * generate a documentation site * new readme
2.5 KiB
2.5 KiB
title | date | draft | slug |
---|---|---|---|
Amazon Route 53 | 2019-03-03T16:39:46+01:00 | false | route53 |
Configuration for Amazon Route 53.
- Code:
route53
{{% notice note %}} Please contribute by adding a CLI example. {{% /notice %}}
Credentials
Environment Variable Name | Description |
---|---|
AWS_ACCESS_KEY_ID |
|
AWS_HOSTED_ZONE_ID |
|
AWS_REGION |
|
AWS_SECRET_ACCESS_KEY |
Additional Configuration
Environment Variable Name | Description |
---|---|
AWS_POLLING_INTERVAL |
Time between DNS propagation check |
AWS_PROPAGATION_TIMEOUT |
Maximum waiting time for DNS propagation |
AWS_TTL |
The TTL of the TXT record used for the DNS challenge |
Description
AWS Credentials are automatically detected in the following locations and prioritized in the following order:
- Environment variables:
AWS_ACCESS_KEY_ID
,AWS_SECRET_ACCESS_KEY
,AWS_REGION
, [AWS_SESSION_TOKEN
] - Shared credentials file (defaults to
~/.aws/credentials
) - Amazon EC2 IAM role
If AWS_HOSTED_ZONE_ID
is not set, Lego tries to determine the correct public hosted zone via the FQDN.
See also: configuring-sdk
Policy
The following AWS IAM policy document describes the permissions required for lego to complete the DNS challenge.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Action": [
"route53:GetChange",
"route53:ChangeResourceRecordSets",
"route53:ListResourceRecordSets"
],
"Resource": [
"arn:aws:route53:::hostedzone/*",
"arn:aws:route53:::change/*"
]
},
{
"Sid": "",
"Effect": "Allow",
"Action": "route53:ListHostedZonesByName",
"Resource": "*"
}
]
}