github
/
acme.sh
mirror of https://github.com/acmesh-official/acme.sh
1
0
Fork 0
Code Issues Releases Wiki Activity

Making the "more restrictive policy" even more restrictive

master
Alexander Woellhaf 2023-07-18 19:31:54 -04:00
parent 82847f7469
commit 970fe28e21
1 changed files with 11 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
How-to-use-Amazon-Route53-API.md

@ -53,9 +53,18 @@ If you want to use a much more restrictive AWS policy, use the following:
"Action": [ "Action": [
"route53:GetHostedZone", "route53:GetHostedZone",
"route53:ListResourceRecordSets", "route53:ListResourceRecordSets",
"route53:ChangeResourceRecordSets"
], ],
"Resource": "arn:aws:route53:::hostedzone/hosted zone id" "Resource": "arn:aws:route53:::hostedzone/<ZONE-ID>"
},
{
"Effect": "Allow",
"Action": "route53:ChangeResourceRecordSets",
"Resource": "arn:aws:route53:::hostedzone/<ZONE-ID>",
"Condition": {
"ForAllValues:StringEquals": {
"route53:ChangeResourceRecordSetsNormalizedRecordNames": "_acme-challenge.<SUB>.<DOMAIN>.<TLD>"
}
}
} }
] ]
} }