ducoterra
ef9104c796
All checks were successful
Reese's Arch Toolbox / build-and-push-arch-toolbox (push) Successful in 14s
2.2 KiB
2.2 KiB
AWS Credentials
Note: this requires the AWS CLI. See AWS CLI
Route53 Credential Generation
export AWS_USERNAME=
aws iam create-user --user-name $AWS_USERNAME
# Allow updating reeseapps
aws iam attach-user-policy --user-name $AWS_USERNAME --policy-arn $(cat active/aws_iam/secrets/update-reeseapps-iam-policy-arn)
# Allow updating reeselink
aws iam attach-user-policy --user-name $AWS_USERNAME --policy-arn $(cat active/aws_iam/secrets/update-reeselink-iam-policy-arn)
# Create credentials (run aws configure on the machine that needs these to input them manually)
aws iam create-access-key --user-name $AWS_USERNAME
AWS Certbot Route53 Policies
Example Policy:
active/aws_iam/secrets/route53_reeselink.json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"route53:ListHostedZones",
"route53:GetChange"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"route53:ChangeResourceRecordSets",
"route53:ListResourceRecordSets"
],
"Resource": [
"arn:aws:route53:::hostedzone/<zone_id>"
]
}
]
}
# Allow updating route53 records for reeselink.com
aws iam create-policy --policy-name update-reeselink --policy-document file://active/aws_iam/secrets/route53_reeselink_policy.json
# Allow updating route53 records for reeseapps.com
aws iam create-policy --policy-name update-reeseapps --policy-document file://active/aws_iam/secrets/route53_reeseapps_policy.json
Email Credentials
https://docs.aws.amazon.com/ses/latest/dg/smtp-credentials.html
You can technically do this through the CLI, see above link.
- Log into the AWS console
- Navigate to SES
- Click "SMTP Settings"
- Click "Create SMTP Credentials"
- Name it "ses-smtp-user.something"
- Copy the username and password