pogpp/lego
1
0
Fork 0
forked from TrueCloudLab/lego
Code Pull requests Activity

lightsail: improve documentation (#1407)

Browse source
This commit is contained in:
dicksonleong 2021-05-22 17:00:25 +08:00 committed by GitHub
parent a73d87e4c5
commit 1227bb9f10
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 80 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
cmd/zz_gen_cmd_dnshelp.go
View file

@ -1089,7 +1089,7 @@ func displayDNSHelp(name string) error {
ew.writeln(`Credentials:`) ew.writeln(`Credentials:`)
ew.writeln(` - "AWS_ACCESS_KEY_ID": Access key ID`) ew.writeln(` - "AWS_ACCESS_KEY_ID": Access key ID`)
ew.writeln(` - "AWS_SECRET_ACCESS_KEY": Secret access key`) ew.writeln(` - "AWS_SECRET_ACCESS_KEY": Secret access key`)
ew.writeln(` - "DNS_ZONE": DNS zone`) ew.writeln(` - "DNS_ZONE": Domain name of the DNS zone`)
ew.writeln() ew.writeln()
ew.writeln(`Additional Configuration:`) ew.writeln(`Additional Configuration:`)

40
docs/content/dns/zz_gen_lightsail.md
View file

@ -31,7 +31,7 @@ _Please contribute by adding a CLI example._
|-----------------------|-------------| |-----------------------|-------------|
| `AWS_ACCESS_KEY_ID` | Access key ID | | `AWS_ACCESS_KEY_ID` | Access key ID |
| `AWS_SECRET_ACCESS_KEY` | Secret access key | | `AWS_SECRET_ACCESS_KEY` | Secret access key |
| `DNS_ZONE` | DNS zone | | `DNS_ZONE` | Domain name of the DNS zone |
The environment variable names can be suffixed by `_FILE` to reference a file instead of a value. The environment variable names can be suffixed by `_FILE` to reference a file instead of a value.
More information [here](/lego/dns/#configuration-and-credentials). More information [here](/lego/dns/#configuration-and-credentials).
@ -47,13 +47,49 @@ More information [here](/lego/dns/#configuration-and-credentials).
The environment variable names can be suffixed by `_FILE` to reference a file instead of a value. The environment variable names can be suffixed by `_FILE` to reference a file instead of a value.
More information [here](/lego/dns/#configuration-and-credentials). More information [here](/lego/dns/#configuration-and-credentials).
## Description
AWS Credentials are automatically detected in the following locations and prioritized in the following order:
1. Environment variables: `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, [`AWS_SESSION_TOKEN`]
2. Shared credentials file (defaults to `~/.aws/credentials`, profiles can be specified using `AWS_PROFILE`)
3. Amazon EC2 IAM role
AWS region is not required to set as the Lightsail DNS zone is in global (us-east-1) region.
## Policy
The following AWS IAM policy document describes the minimum permissions required for lego to complete the DNS challenge.
```json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"lightsail:DeleteDomainEntry",
"lightsail:CreateDomainEntry"
],
"Resource": "<Lightsail DNS zone ARN>"
}
]
}
```
Replace the `Resource` value with your Lightsail DNS zone ARN.
You can retrieve the ARN using aws cli by running `aws lightsail get-domains --region us-east-1` (Lightsail web console does not show the ARN, unfortunately).
It should be in the format of `arn:aws:lightsail:global:<ACCOUNT ID>:Domain/<DOMAIN ID>`.
You also need to replace the region in the ARN to `us-east-1` (instead of `global`).
Alternatively, you can also set the `Resource` to `*` (wildcard), which allow to access all domain, but this is not recommended.
## More information ## More information
- [Go client](https://github.com/aws/aws-sdk-go/aws) - [Go client](https://github.com/aws/aws-sdk-go/)
<!-- THIS DOCUMENTATION IS AUTO-GENERATED. PLEASE DO NOT EDIT. --> <!-- THIS DOCUMENTATION IS AUTO-GENERATED. PLEASE DO NOT EDIT. -->
<!-- providers/dns/lightsail/lightsail.toml --> <!-- providers/dns/lightsail/lightsail.toml -->

43
providers/dns/lightsail/lightsail.toml
View file

@ -6,14 +6,53 @@ Since = "v0.5.0"
Example = '''''' Example = ''''''
Additional = '''
## Description
AWS Credentials are automatically detected in the following locations and prioritized in the following order:
1. Environment variables: `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, [`AWS_SESSION_TOKEN`]
2. Shared credentials file (defaults to `~/.aws/credentials`, profiles can be specified using `AWS_PROFILE`)
3. Amazon EC2 IAM role
AWS region is not required to set as the Lightsail DNS zone is in global (us-east-1) region.
## Policy
The following AWS IAM policy document describes the minimum permissions required for lego to complete the DNS challenge.
```json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"lightsail:DeleteDomainEntry",
"lightsail:CreateDomainEntry"
],
"Resource": "<Lightsail DNS zone ARN>"
}
]
}
```
Replace the `Resource` value with your Lightsail DNS zone ARN.
You can retrieve the ARN using aws cli by running `aws lightsail get-domains --region us-east-1` (Lightsail web console does not show the ARN, unfortunately).
It should be in the format of `arn:aws:lightsail:global:<ACCOUNT ID>:Domain/<DOMAIN ID>`.
You also need to replace the region in the ARN to `us-east-1` (instead of `global`).
Alternatively, you can also set the `Resource` to `*` (wildcard), which allow to access all domain, but this is not recommended.
'''
[Configuration] [Configuration]
[Configuration.Credentials] [Configuration.Credentials]
AWS_ACCESS_KEY_ID = "Access key ID" AWS_ACCESS_KEY_ID = "Access key ID"
AWS_SECRET_ACCESS_KEY = "Secret access key" AWS_SECRET_ACCESS_KEY = "Secret access key"
DNS_ZONE = "DNS zone" DNS_ZONE = "Domain name of the DNS zone"
[Configuration.Additional] [Configuration.Additional]
LIGHTSAIL_POLLING_INTERVAL = "Time between DNS propagation check" LIGHTSAIL_POLLING_INTERVAL = "Time between DNS propagation check"
LIGHTSAIL_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation" LIGHTSAIL_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation"
[Links] [Links]
GoClient = "https://github.com/aws/aws-sdk-go/aws" GoClient = "https://github.com/aws/aws-sdk-go/"