search

caddy-dns / route53

Caddy module: dns.providers.route53
MIT License
38 stars 31 forks source link

AWS Credentials Multi-Profile Support #4

Closed PhoenixPeca closed 3 years ago

PhoenixPeca commented 3 years ago

Hi all, I'm currently running Caddy from a docker image (latest), and alpine builder (latest)..

I was able to get Automatic HTTPS working (thru DNS Validation) by building caddy with route53 dns module and adding the default "Profile" in the AWS Credentials configuration in the ~/.aws/credentials path as in:

[default]
aws_access_key_id = <YOUR_DEFAULT_ACCESS_KEY_ID>
aws_secret_access_key = <YOUR_DEFAULT_SECRET_ACCESS_KEY>

Everything was working fine until the time I needed to add another "Profile" from another AWS account as in:

[development]
aws_access_key_id = <YOUR_DEFAULT_ACCESS_KEY_ID>
aws_secret_access_key = <YOUR_DEFAULT_SECRET_ACCESS_KEY>

[production]
aws_access_key_id = <YOUR_DEFAULT_ACCESS_KEY_ID>
aws_secret_access_key = <YOUR_DEFAULT_SECRET_ACCESS_KEY>

And now I don't know how to specify in the virtual-host section of the caddyfile about which aws profile/account it should use to connect for route53 dns validation...

Here's my current caddyfile:

dev.example.com:443 {
  bind {$ADDRESS}
  header X-Robots-Tag noindex
  reverse_proxy /* dev:80 {
      header_up Host "dev.example.com"
  }
  tls {
      dns route53 # from the development aws account
  }
}
prod.example.com:443 {
  bind {$ADDRESS}
  header X-Robots-Tag noindex
  reverse_proxy /* dev:80 {
      header_up Host "prod.example.com"
  }
  tls {
      dns route53 # from the production aws account
  }
}

In contrast to the cloudflare DNS module, I can specify the API key in the caddyfile itself so no worries on how many cloudflare accounts I use it with as in:

dev.example.com:443 {
  bind {$ADDRESS}
  header X-Robots-Tag noindex
  reverse_proxy /* dev:80 {
      header_up Host "dev.example.com"
  }
  tls {
      dns cloudflare "redacted-key"
  }
}

Is there somehow a way to specify the AWS credentials profile that I want to use for DNS validation?

PhoenixPeca commented 3 years ago

This was originally posted in caddy forum: https://caddy.community/t/automatic-https-for-route53-multi-profile-support/

danlsgiga commented 3 years ago

@PhoenixPeca can you please try setting the AWS_PROFILE environment variable to the profile name you want to use in your container? That should do it!

PhoenixPeca commented 3 years ago

Hi @danlsgiga i sent a reply in the forum. Is it ok if we move our discussion over there so that people with the same experience can easily see and benefit from it? Hehhehehehhehe!