services/homelab
1
1
Fork 0
Code Issues 5 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
556149c5839f08ba792c406ac1977d54dadd11f9
homelab/active/aws_iam/aws_iam.md
ducoterra ef9104c796
All checks were successful
Reese's Arch Toolbox / build-and-push-arch-toolbox (push) Successful in 14s
Details
moving everything to active or retired vs incubating and graduated
2025-04-19 18:52:33 -04:00

80 lines
2.2 KiB
Markdown
Raw Blame History

# AWS Credentials
Note: this requires the AWS CLI. See [AWS CLI](/active/aws_cli/aws_cli.md)
- [AWS Credentials](#aws-credentials)
- [Route53 Credential Generation](#route53-credential-generation)
- [AWS Certbot Route53 Policies](#aws-certbot-route53-policies)
- [Email Credentials](#email-credentials)
## Route53 Credential Generation
```bash
export AWS_USERNAME=
aws iam create-user --user-name $AWS_USERNAME
# Allow updating reeseapps
aws iam attach-user-policy --user-name $AWS_USERNAME --policy-arn $(cat active/aws_iam/secrets/update-reeseapps-iam-policy-arn)
# Allow updating reeselink
aws iam attach-user-policy --user-name $AWS_USERNAME --policy-arn $(cat active/aws_iam/secrets/update-reeselink-iam-policy-arn)
# Create credentials (run aws configure on the machine that needs these to input them manually)
aws iam create-access-key --user-name $AWS_USERNAME
```
## AWS Certbot Route53 Policies
Example Policy:
active/aws_iam/secrets/route53_reeselink.json
```json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"route53:ListHostedZones",
"route53:GetChange"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"route53:ChangeResourceRecordSets",
"route53:ListResourceRecordSets"
],
"Resource": [
"arn:aws:route53:::hostedzone/<zone_id>"
]
}
]
}
```
```bash
# Allow updating route53 records for reeselink.com
aws iam create-policy --policy-name update-reeselink --policy-document file://active/aws_iam/secrets/route53_reeselink_policy.json
# Allow updating route53 records for reeseapps.com
aws iam create-policy --policy-name update-reeseapps --policy-document file://active/aws_iam/secrets/route53_reeseapps_policy.json
```
## Email Credentials
<https://docs.aws.amazon.com/ses/latest/dg/smtp-credentials.html>
You can technically do this through the CLI, see above link.
1. Log into the AWS console
2. Navigate to SES
3. Click "SMTP Settings"
4. Click "Create SMTP Credentials"
5. Name it "ses-smtp-user.something"
6. Copy the username and password
Reference in New Issue View Git Blame Copy Permalink