# AWS Credentials Note: this requires the AWS CLI. See [AWS CLI](/active/aws_cli/aws_cli.md) - [AWS Credentials](#aws-credentials) - [Route53 Credential Generation](#route53-credential-generation) - [AWS Certbot Route53 Policies](#aws-certbot-route53-policies) - [Email Credentials](#email-credentials) ## Route53 Credential Generation ```bash export AWS_USERNAME= aws iam create-user --user-name $AWS_USERNAME # Allow updating reeseapps aws iam attach-user-policy --user-name $AWS_USERNAME --policy-arn $(cat active/aws_iam/secrets/update-reeseapps-iam-policy-arn) # Allow updating reeselink aws iam attach-user-policy --user-name $AWS_USERNAME --policy-arn $(cat active/aws_iam/secrets/update-reeselink-iam-policy-arn) # Create credentials (run aws configure on the machine that needs these to input them manually) aws iam create-access-key --user-name $AWS_USERNAME ``` ## AWS Certbot Route53 Policies Example Policy: active/aws_iam/secrets/route53_reeselink.json ```json { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "route53:ListHostedZones", "route53:GetChange" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "route53:ChangeResourceRecordSets", "route53:ListResourceRecordSets" ], "Resource": [ "arn:aws:route53:::hostedzone/" ] } ] } ``` ```bash # Allow updating route53 records for reeselink.com aws iam create-policy --policy-name update-reeselink --policy-document file://active/aws_iam/secrets/route53_reeselink_policy.json # Allow updating route53 records for reeseapps.com aws iam create-policy --policy-name update-reeseapps --policy-document file://active/aws_iam/secrets/route53_reeseapps_policy.json ``` ## Email Credentials You can technically do this through the CLI, see above link. 1. Log into the AWS console 2. Navigate to SES 3. Click "SMTP Settings" 4. Click "Create SMTP Credentials" 5. Name it "ses-smtp-user.something" 6. Copy the username and password