coredns updates with AWS user stuff

FedoraServer.md

@@ -18,12 +18,95 @@ sudo systemctl restart sshd
 
 ## Certbot for Cockpit
 
+### AWS User
+
+Create an AWS user which will have route53 access. This is required for certbot's route53
+validation.
+
+```bash
+aws iam create-user --user-name replicator
+```
+
+You'll also need a policy which allows the user to modify the selected hosted zone:
+
+(list with `aws route53 list-hosted-zones`)
+
+```json
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "route53:ListHostedZones",
+                "route53:GetChange"
+            ],
+            "Resource": [
+                "*"
+            ]
+        },
+        {
+            "Effect" : "Allow",
+            "Action" : [
+                "route53:ChangeResourceRecordSets"
+            ],
+            "Resource" : [
+                "arn:aws:route53:::hostedzone/Z012820733346FJ0U4FUF"
+            ]
+        }
+    ]
+}
+```
+
+Attach the policy to the user:
+
+```bash
+aws iam attach-user-policy \
+    --user-name replicator \
+    --policy-arn arn:aws:iam::892236928704:policy/certbot-route53-reeseapps
+```
+
+Generate credentials:
+
+```bash
+aws iam create-access-key --user-name replicator
+```
+
+On the host machine:
+
+```bash
+mkdir ~/.aws
+vim ~/.aws/config
+```
+
+```conf
+[profile default]
+region=us-east-2
+```
+
+```bash
+vim ~/.aws/credentials
+```
+
+```conf
+[default]
+aws_access_key_id=
+aws_secret_access_key=
+```
+
 ### Initial Setup
 
 1. Create a "containers" user in AWS. Copy the permissions from Freenas
 2. Create credentials
 3. Add your credentials to root
 4. Install the aws cli v2
+
+    ```bash
+    curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
+    unzip awscliv2.zip
+    sudo ./aws/install
+    ```
+
 5. Test your credentials with `aws route53 list-hosted-zones`
 
 ```bash