lightsail.toml raw

   1  Name = "Amazon Lightsail"
   2  Description = ''''''
   3  URL = "https://aws.amazon.com/lightsail/"
   4  Code = "lightsail"
   5  Since = "v0.5.0"
   6  
   7  Example = ''''''
   8  
   9  Additional = '''
  10  ## Description
  11  
  12  AWS Credentials are automatically detected in the following locations and prioritized in the following order:
  13  
  14  1. Environment variables: `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, [`AWS_SESSION_TOKEN`]
  15  2. Shared credentials file (defaults to `~/.aws/credentials`, profiles can be specified using `AWS_PROFILE`)
  16  3. Amazon EC2 IAM role
  17  
  18  AWS region is not required to set as the Lightsail DNS zone is in global (us-east-1) region.
  19  
  20  ## Policy
  21  
  22  The following AWS IAM policy document describes the minimum permissions required for lego to complete the DNS challenge.
  23  
  24  ```json
  25  {
  26    "Version": "2012-10-17",
  27    "Statement": [
  28      {
  29        "Effect": "Allow",
  30        "Action": [
  31          "lightsail:DeleteDomainEntry",
  32          "lightsail:CreateDomainEntry"
  33        ],
  34        "Resource": "<Lightsail DNS zone ARN>"
  35      }
  36    ]
  37  }
  38  ```
  39  
  40  Replace the `Resource` value with your Lightsail DNS zone ARN.
  41  You can retrieve the ARN using aws cli by running `aws lightsail get-domains --region us-east-1` (Lightsail web console does not show the ARN, unfortunately).
  42  It should be in the format of `arn:aws:lightsail:global:<ACCOUNT ID>:Domain/<DOMAIN ID>`.
  43  You also need to replace the region in the ARN to `us-east-1` (instead of `global`).
  44  
  45  Alternatively, you can also set the `Resource` to `*` (wildcard), which allow to access all domain, but this is not recommended.
  46  '''
  47  
  48  [Configuration]
  49    [Configuration.Credentials]
  50      AWS_ACCESS_KEY_ID = "Managed by the AWS client. Access key ID (`AWS_ACCESS_KEY_ID_FILE` is not supported, use `AWS_SHARED_CREDENTIALS_FILE` instead)"
  51      AWS_SECRET_ACCESS_KEY = "Managed by the AWS client. Secret access key (`AWS_SECRET_ACCESS_KEY_FILE` is not supported, use `AWS_SHARED_CREDENTIALS_FILE` instead)"
  52      DNS_ZONE = "Domain name of the DNS zone"
  53    [Configuration.Additional]
  54      AWS_SHARED_CREDENTIALS_FILE = "Managed by the AWS client. Shared credentials file."
  55      LIGHTSAIL_POLLING_INTERVAL = "Time between DNS propagation check in seconds (Default: 2)"
  56      LIGHTSAIL_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation in seconds (Default: 120)"
  57  
  58  [Links]
  59    GoClient = "https://github.com/aws/aws-sdk-go-v2"
  60