lego/providers/dns/route53/route53.toml

69 lines
2.1 KiB
TOML
Raw Normal View History

Name = "Amazon Route 53"
Description = ''''''
URL = "https://aws.amazon.com/route53/"
Code = "route53"
Example = ''''''
Additional = '''
## Description
AWS Credentials are automatically detected in the following locations and prioritized in the following order:
1. Environment variables: `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `AWS_REGION`, [`AWS_SESSION_TOKEN`]
2. Shared credentials file (defaults to `~/.aws/credentials`)
3. Amazon EC2 IAM role
If `AWS_HOSTED_ZONE_ID` is not set, Lego tries to determine the correct public hosted zone via the FQDN.
See also: [sessions](https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/sessions.html)
## Policy
The following AWS IAM policy document describes the permissions required for lego to complete the DNS challenge.
```json
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Action": [
"route53:GetChange",
"route53:ChangeResourceRecordSets",
"route53:ListResourceRecordSets"
],
"Resource": [
"arn:aws:route53:::hostedzone/*",
"arn:aws:route53:::change/*"
]
},
{
"Sid": "",
"Effect": "Allow",
"Action": "route53:ListHostedZonesByName",
"Resource": "*"
}
]
}
```
'''
[Configuration]
[Configuration.Credentials]
AWS_ACCESS_KEY_ID = "Managed by the AWS client"
AWS_SECRET_ACCESS_KEY = "Managed by the AWS client"
AWS_REGION = "Managed by the AWS client"
AWS_HOSTED_ZONE_ID = "Override the hosted zone ID"
[Configuration.Additional]
AWS_MAX_RETRIES = "The number of maximum returns the service will use to make an individual API request"
AWS_POLLING_INTERVAL = "Time between DNS propagation check"
AWS_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation"
AWS_TTL = "The TTL of the TXT record used for the DNS challenge"
[Links]
API = "https://docs.aws.amazon.com/Route53/latest/APIReference/API_Operations_Amazon_Route_53.html"
GoClient = "https://github.com/aws/aws-sdk-go/aws"