From 47ed092fca14daf2d2691bf112edade8936a7ff0 Mon Sep 17 00:00:00 2001 From: Julian Calaby <52724016+JulianCBC@users.noreply.github.com> Date: Sat, 30 May 2020 22:00:57 +1000 Subject: [PATCH] Document all AWS credential environment variables (#1171) --- cmd/zz_gen_cmd_dnshelp.go | 2 ++ docs/content/dns/zz_gen_route53.md | 14 +++++++++++--- providers/dns/route53/route53.toml | 14 +++++++++++--- 3 files changed, 24 insertions(+), 6 deletions(-) diff --git a/cmd/zz_gen_cmd_dnshelp.go b/cmd/zz_gen_cmd_dnshelp.go index 6a9d7d75..1ca1e203 100644 --- a/cmd/zz_gen_cmd_dnshelp.go +++ b/cmd/zz_gen_cmd_dnshelp.go @@ -1450,7 +1450,9 @@ func displayDNSHelp(name string) error { ew.writeln(`Credentials:`) ew.writeln(` - "AWS_ACCESS_KEY_ID": Managed by the AWS client ('AWS_ACCESS_KEY_ID_FILE' is not supported)`) ew.writeln(` - "AWS_HOSTED_ZONE_ID": Override the hosted zone ID`) + ew.writeln(` - "AWS_PROFILE": Managed by the AWS client ('AWS_PROFILE_FILE' is not supported)`) ew.writeln(` - "AWS_REGION": Managed by the AWS client ('AWS_REGION_FILE' is not supported)`) + ew.writeln(` - "AWS_SDK_LOAD_CONFIG": Retrieve the region from the CLI config file ('AWS_SDK_LOAD_CONFIG_FILE' is not supported)`) ew.writeln(` - "AWS_SECRET_ACCESS_KEY": Managed by the AWS client ('AWS_SECRET_ACCESS_KEY_FILE' is not supported)`) ew.writeln() diff --git a/docs/content/dns/zz_gen_route53.md b/docs/content/dns/zz_gen_route53.md index 91c538f0..f28d4cbf 100644 --- a/docs/content/dns/zz_gen_route53.md +++ b/docs/content/dns/zz_gen_route53.md @@ -31,7 +31,9 @@ _Please contribute by adding a CLI example._ |-----------------------|-------------| | `AWS_ACCESS_KEY_ID` | Managed by the AWS client (`AWS_ACCESS_KEY_ID_FILE` is not supported) | | `AWS_HOSTED_ZONE_ID` | Override the hosted zone ID | +| `AWS_PROFILE` | Managed by the AWS client (`AWS_PROFILE_FILE` is not supported) | | `AWS_REGION` | Managed by the AWS client (`AWS_REGION_FILE` is not supported) | +| `AWS_SDK_LOAD_CONFIG` | Retrieve the region from the CLI config file (`AWS_SDK_LOAD_CONFIG_FILE` is not supported) | | `AWS_SECRET_ACCESS_KEY` | Managed by the AWS client (`AWS_SECRET_ACCESS_KEY_FILE` is not supported) | The environment variable names can be suffixed by `_FILE` to reference a file instead of a value. @@ -54,16 +56,22 @@ More information [here](/lego/dns/#configuration-and-credentials). AWS Credentials are automatically detected in the following locations and prioritized in the following order: -1. Environment variables: `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `AWS_REGION`, [`AWS_SESSION_TOKEN`] -2. Shared credentials file (defaults to `~/.aws/credentials`) +1. Environment variables: `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, [`AWS_SESSION_TOKEN`] +2. Shared credentials file (defaults to `~/.aws/credentials`, profiles can be specified using `AWS_PROFILE`) 3. Amazon EC2 IAM role +The AWS Region is automatically detected in the following locations and prioritized in the following order: + +1. Environment variables: `AWS_REGION` +2. Shared configuration file if `AWS_SDK_LOAD_CONFIG` is set (defaults to `~/.aws/config`, profiles can be specified using `AWS_PROFILE`) + If `AWS_HOSTED_ZONE_ID` is not set, Lego tries to determine the correct public hosted zone via the FQDN. See also: - [sessions](https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/sessions.html) -- [Setting AWS Credentials](https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/setup-credentials.html#setup-credentials-setting) +- [Setting AWS Credentials](https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials) +- [Setting AWS Region](https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-the-region) ## Policy diff --git a/providers/dns/route53/route53.toml b/providers/dns/route53/route53.toml index 7fd70937..797d21a4 100644 --- a/providers/dns/route53/route53.toml +++ b/providers/dns/route53/route53.toml @@ -11,16 +11,22 @@ Additional = ''' AWS Credentials are automatically detected in the following locations and prioritized in the following order: -1. Environment variables: `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `AWS_REGION`, [`AWS_SESSION_TOKEN`] -2. Shared credentials file (defaults to `~/.aws/credentials`) +1. Environment variables: `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, [`AWS_SESSION_TOKEN`] +2. Shared credentials file (defaults to `~/.aws/credentials`, profiles can be specified using `AWS_PROFILE`) 3. Amazon EC2 IAM role +The AWS Region is automatically detected in the following locations and prioritized in the following order: + +1. Environment variables: `AWS_REGION` +2. Shared configuration file if `AWS_SDK_LOAD_CONFIG` is set (defaults to `~/.aws/config`, profiles can be specified using `AWS_PROFILE`) + If `AWS_HOSTED_ZONE_ID` is not set, Lego tries to determine the correct public hosted zone via the FQDN. See also: - [sessions](https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/sessions.html) -- [Setting AWS Credentials](https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/setup-credentials.html#setup-credentials-setting) +- [Setting AWS Credentials](https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials) +- [Setting AWS Region](https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-the-region) ## Policy @@ -61,6 +67,8 @@ The following AWS IAM policy document describes the permissions required for leg AWS_SECRET_ACCESS_KEY = "Managed by the AWS client (`AWS_SECRET_ACCESS_KEY_FILE` is not supported)" AWS_REGION = "Managed by the AWS client (`AWS_REGION_FILE` is not supported)" AWS_HOSTED_ZONE_ID = "Override the hosted zone ID" + AWS_PROFILE = "Managed by the AWS client (`AWS_PROFILE_FILE` is not supported)" + AWS_SDK_LOAD_CONFIG = "Retrieve the region from the CLI config file (`AWS_SDK_LOAD_CONFIG_FILE` is not supported)" [Configuration.Additional] AWS_MAX_RETRIES = "The number of maximum returns the service will use to make an individual API request" AWS_POLLING_INTERVAL = "Time between DNS propagation check"