weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Remove non-recommended hostedZoneID from Route53 example

Browse Source
This commit is contained in:
Will Medlar 2018-03-01 09:21:13 -05:00
parent b65cdde8a9
commit ffeedf7d5d
1 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
docs/api-types/issuer/spec.md
View File

@ -126,7 +126,6 @@ clouddns:
```yaml
route53:
accessKeyID: AKIAIOSFODNN7EXAMPLE
hostedZoneID: DIKER8JPL21PSA
region: eu-west-1
secretAccessKeySecretRef:
name: prod-route53-credentials-secret
@ -158,7 +157,7 @@ Cert-manager requires the following IAM policy.
}
```
The `route53:ListHostedZonesByName` statement can be removed if you specify the hosted zone ID (`spec.acme.dns01.providers[].hostedZoneID`) on the Issuer resource. You can further tighten this policy by limiting the hosted zone that cert-manager has access to (replace `arn:aws:route53:::hostedzone/*` with `arn:aws:route53:::hostedzone/DIKER8JPL21PSA`, for instance).
The `route53:ListHostedZonesByName` statement can be removed if you specify the optional hosted zone ID (`spec.acme.dns01.providers[].hostedZoneID`) on the Issuer resource. You can further tighten this policy by limiting the hosted zone that cert-manager has access to (replace `arn:aws:route53:::hostedzone/*` with `arn:aws:route53:::hostedzone/DIKER8JPL21PSA`, for instance).
##### Cloudflare