mirror of
https://github.com/acmesh-official/acme.sh.git
synced 2025-04-14 00:01:04 +08:00
Page:
How to use Amazon Route53 API
Pages
Blogs and tutorials
BuyPass.com CA
CA
Change default CA to ZeroSSL
Code of conduct
DNS API Dev Guide
DNS API Structural Info description
DNS API Test
DNS alias mode
DNS manual mode
Deploy ssl certs to apache server
Deploy ssl certs to nginx
Deploy ssl to SolusVM
Donate list
Enable acme.sh log
Exit Codes
Explicitly use DOH
Google Public CA
Google Trust Services CA
Home
How to debug acme.sh
How to debug acme.sh: No such file or directory
How to install
How to issue a cert
How to run on DD WRT with lighttpd
How to run on OpenWrt
How to use Amazon Route53 API
How to use Azure DNS
How to use OVH domain api
How to use Oracle Cloud Infrastructure DNS
How to use lexicon DNS API
How to use on Solaris based operating sytsems
How to use on embedded FreeBSD
Install in China
Install preparations
Issue a cert from existing CSR
OVH Success
Options and Params
Preferred Chain
Run acme.sh in docker
SSL.com CA
Server
Simple guide to add TLS cert to cpanel
Stateless Mode
Synology NAS Guide
Synology RT1900ac and RT2600ac install guide
TLS ALPN without downtime
Usage on Tomato routers
Use DNS Exit DNS API
Using pre hook post hook renew hook reloadcmd
Using systemd units instead of cron
Utilize multiple DNS API keys
Validity
ZeroSSL.com CA
deploy to docker containers
deployhooks
dnsapi
dnsapi2
dnscheck
dnssleep
how about the private key access modes, chmod, or chown or umask
ipcert
notify
openvpn2.4.7服务端和客户端使用注意
revokecert
sudo
tlsa next key
如何安装
说明
9
How to use Amazon Route53 API
Anton Attano edited this page 2025-03-01 11:34:13 +01:00
Table of Contents
-
Follow http://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.html to create a new user and obtain API keys
-
Save the downloaded API keys to later use with acme.sh
-
In the user profile, click in Permissions, followed by Add Permissions
-
Then click the 3rd icon "Attach existing policies directly"
-
Click "Create Policy" and in the new window choose "Create Your Own Policy"
-
Enter a name to your policy and paste the following
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"route53:GetHostedZone",
"route53:ListHostedZones",
"route53:ListHostedZonesByName",
"route53:GetHostedZoneCount",
"route53:ChangeResourceRecordSets",
"route53:ListResourceRecordSets"
],
"Resource": "*"
}
]
}
Validate the policy and Click Create. Apply the new policy to your new user.
You can now use the new API keys with acme.sh
https://github.com/Neilpang/acme.sh/tree/master/dnsapi#10-use-amazon-route53-domain-api
appendix
If you want to use a much more restrictive AWS policy, use the following:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"route53:ListHostedZones"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"route53:GetHostedZone",
"route53:ListResourceRecordSets"
],
"Resource": "arn:aws:route53:::hostedzone/<ZONE-ID>"
},
{
"Effect": "Allow",
"Action": "route53:ChangeResourceRecordSets",
"Resource": "arn:aws:route53:::hostedzone/<ZONE-ID>",
"Condition": {
"ForAllValues:StringEquals": {
"route53:ChangeResourceRecordSetsNormalizedRecordNames": "_acme-challenge.<SUB>.<DOMAIN>.<TLD>"
}
}
}
]
}