-
Notifications
You must be signed in to change notification settings - Fork 56
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AliyunDNSFullAccess too wide #16
Comments
You may need custom RAM policy like:
to limit access only for one domain. |
@tengattack need to add another statement: {
"Action": [
"alidns:DescribeSiteMonitorIspInfos",
"alidns:DescribeSiteMonitorIspCityInfos",
"alidns:DescribeSupportLines",
"alidns:DescribeDomains",
"alidns:DescribeDomainNs",
"alidns:DescribeDomainGroups"
],
"Resource": "acs:alidns:*:*:*",
"Effect": "Allow"
} |
It doesn't work for me. RAM policy
log
|
I have found another way to make it work, using
import os
....
def _find_domain_id(self, domain):
domain_name_guesses = dns_common.base_domain_name_guesses(domain)
for domain_name in domain_name_guesses:
r = self._request('DescribeDomains', {
'KeyWord': domain_name,
'ResourceGroupId': os.environ.get('ALIDNS_RESOURCE_GROUP_ID'),
})
for d in r['Domains']['Domain']:
if d['DomainName'] == domain_name:
return domain_name
raise errors.PluginError('Unable to determine zone identifier for {0} using zone names: {1}'
.format(domain, domain_name_guesses))
docker run -it --rm \
-e "ALIYUN_AK=xxxxxx" \
-e "ALIYUN_SK=xxxxxx" \
-e "EMAIL=xxxxxx" \
-e "ALIDNS_RESOURCE_GROUP_ID=xxxxx" \
-v /data/cert/xxxxx:/etc/letsencrypt/ \
-v /data/certbot-dns-aliyun-docker/alidns.py:/opt/certbot/lib/python3.8/site-packages/certbot_dns_aliyun/alidns.py \
certbot obtain_cert \
-d "xxxxx.com" \
-d "*.xxxx.com"
docker run -it --rm \
-e "ALIDNS_RESOURCE_GROUP_ID=xxxxxx" \
-v /data/cert:/etc/letsencrypt/ \
-v /data/services/certbot-dns-aliyun-docker/alidns.py:/opt/certbot/lib/python3.8/site-packages/certbot_dns_aliyun/alidns.py \
certbot renew_certs |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello, nice work.
A suggestion. AliyunDNSFullAccess is too wide, for I will provide the website access permission to others.
Could you please check the minimum permission required?
I'm trying, and after finish, I will provide my experience here.
The text was updated successfully, but these errors were encountered: