route53: Update IAM policy example to remove route53:ListHostedZonesByName

go-acme / lego

Let's Encrypt/ACME client and library written in Go

https://go-acme.github.io/lego/

MIT License

7.46k stars 986 forks source link

route53: Update IAM policy example to remove route53:ListHostedZonesByName #2055

Closed os11k closed 7 months ago

os11k commented 7 months ago

Seems route53:ListHostedZonesByName is not needed if we specify zoneID for ListResourceRecordSets. I got this idea from here:

https://cert-manager.io/docs/configuration/acme/dns01/route53/#set-up-an-iam-role

And I tested today, and it does provides certificate without route53:ListHostedZonesByName.

os11k commented 7 months ago

Actually I tried now on my other AWS account and it doesn't work without route53:ListHostedZonesByName. In that case I had separate hosted zone for domain... I will close this now.