From a2e9918a577f1041380167a0bf31233ff57d6dde Mon Sep 17 00:00:00 2001 From: will Farrell Date: Tue, 17 Jan 2017 08:06:07 -0700 Subject: [PATCH] add in aws sdk and docs for aws policy --- Dockerfile | 3 ++- README.md | 24 ++++++++++++++++++++++++ 2 files changed, 26 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index b026dd5..f926e87 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,10 +1,11 @@ FROM library/alpine:3.5 # deps - python openssl curl sed grep mktemp +# boto 3 - AWS SDK for python RUN apk add --no-cache --virtual .build-deps git \ && apk add --no-cache --virtual .dehydrated-rundeps python py2-pip bash openssl curl \ && pip install --upgrade pip \ - && pip install dns-lexicon dns-lexicon[route53] dns-lexicon[transip] \ + && pip install dns-lexicon boto3 dns-lexicon[route53] dns-lexicon[transip] \ && cd /tmp \ && git clone https://github.com/lukas2511/dehydrated.git --depth 1 \ && chmod a+x dehydrated/dehydrated \ diff --git a/README.md b/README.md index ac0abb3..217f2cf 100644 --- a/README.md +++ b/README.md @@ -24,9 +24,15 @@ COPY config /etc/dehydrated/config # defaults to `staging`, use `production` when ready. LE_ENV=staging # Only required if you plan to use dns-01 challenges (use for private services) +# CloudFlare example PROVIDER=cloudflare LEXICON_CLOUDFLARE_USERNAME= LEXICON_CLOUDFLARE_TOKEN= + +# Route 53 example +PROVIDER=route53 +LEXICON_ROUTE53_ACCESS_KEY= +LEXICON_ROUTE53_ACCESS_SECRET= ``` ## Testing @@ -81,5 +87,23 @@ docker run -d \ --challenge http-01 ``` +## Route53 Access Policy +```json +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "route53:ListHostedZonesByName", + "route53:ChangeResourceRecordSets" + ], + "Resource": [ + "*" + ] + } + ] +} +``` Note: `certbot/make_letsencrypt_cert` is an alternate method that one could use with the certbot docker image. However dns-01 is not supported. \ No newline at end of file