weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Fix AWS DNS policy example

Browse Source 
After testing the suggested policy both with the AWS policy simulator and by using it with cert-manager I have found that the ARN prefix in the resources included in the statement cause the provider to fail with an access denied error. This new policy is equivalent and valid according to the AWS policy simulator.
This commit is contained in:
John Wells 2018-04-23 17:43:57 -06:00 committed by GitHub
parent 731f7072a6
commit c4bb8d91b5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
docs/reference/issuers/acme/dns01.rst
View File

@ -76,17 +76,17 @@ Cert-manager requires the following IAM policy.
{ {
"Effect": "Allow", "Effect": "Allow",
"Action": "route53:GetChange", "Action": "route53:GetChange",
"Resource": "arn:aws:route53:::change/*" "Resource": "*"
}, },
{ {
"Effect": "Allow", "Effect": "Allow",
"Action": "route53:ChangeResourceRecordSets", "Action": "route53:ChangeResourceRecordSets",
"Resource": "arn:aws:route53:::hostedzone/*" "Resource": "*"
}, },
{ {
"Effect": "Allow", "Effect": "Allow",
"Action": "route53:ListHostedZonesByName", "Action": "route53:ListHostedZonesByName",
"Resource": "arn:aws:route53:::hostedzone/*" "Resource": "*"
} }
] ]
} }