Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum
Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Support
  3. Rotation of AWS IAM credentials

Rotation of AWS IAM credentials

Scheduled Pinned Locked Moved Solved Support
awsroute53domainsapi
12 Posts 2 Posters 1.7k Views 2 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • girishG girish

    @prusaman the config is an object with accessKeyId and secretAccessKey.

    It might be easier to just create long(ish) keys which are scoped to just route53 only and that too only for the specific domain. See the IAM policy example here - https://docs.cloudron.io/domains/#route53-dns

    P Offline
    P Offline
    prusaman
    wrote on last edited by
    #3

    @girish unfortunately long lived keys wont work in my situation. Additionally, it is recommended by AWS to rotate them on a 90 day basis at a minimum.

    Any specific example so I can see how this object is to be constructed?

    thanks

    1 Reply Last reply
    0
    • P Offline
      P Offline
      prusaman
      wrote on last edited by
      #4

      My assumption is something along the lines of

      {
"provider": "route53",
"config": {"accessKeyId":"AKIAXXXXXXX", "secretAccessKey":"XXXXXXXXXXXXXX"},
"wildcard": true,
"zoneName": "my.zone.name",
}
      girishG 1 Reply Last reply
      0
      • P prusaman

        My assumption is something along the lines of

        {
"provider": "route53",
"config": {"accessKeyId":"AKIAXXXXXXX", "secretAccessKey":"XXXXXXXXXXXXXX"},
"wildcard": true,
"zoneName": "my.zone.name",
}
        girishG Offline
        girishG Offline
        girish
        Staff
        wrote on last edited by girish
        #5

        @prusaman something like this:

        {
    "domain":"domain.com",
    "zone": "domain.com",
    "provider":"route53",
    "config": {
        "accessKeyId":"AKIAxx",
        "secretAccessKey":"yy"
    },
    "tlsConfig":{ "provider":"letsencrypt-prod","wildcard":true }
}
        P 1 Reply Last reply
        0
        • girishG girish

          @prusaman something like this:

          {
    "domain":"domain.com",
    "zone": "domain.com",
    "provider":"route53",
    "config": {
        "accessKeyId":"AKIAxx",
        "secretAccessKey":"yy"
    },
    "tlsConfig":{ "provider":"letsencrypt-prod","wildcard":true }
}
          P Offline
          P Offline
          prusaman
          wrote on last edited by
          #6

          @girish awesome @girish - will give it a go. Thanks

          P 1 Reply Last reply
          0
          • P prusaman

            @girish awesome @girish - will give it a go. Thanks

            P Offline
            P Offline
            prusaman
            wrote on last edited by
            #7

            @girish Im getting the following:

            curl -k -X PUT -H 'Content-Type: application/json' -H 'Authorization: Bearer APIKEYHERE' --data '{"domain":"sub.domain.tld","zone": "sub.domain.tld","provider":"route53","config": {"accessKeyId":"AKIA","secretAccessKey":"XXXXX"},"tlsConfig":{ "provider":"letsencrypt-prod","wildcard":true }}' https://my.sub.domain.tld/api/v1/domains/sub.domain.tld

            <!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Error</title>
</head>
<body>
<pre>Cannot PUT /api/v1/domains/sub.domain.tld</pre>
</body>
</html>

            But I get the following with:

            curl -k -X GET -H 'Content-Type: application/json' -H 'Authorization: Bearer APIKEYHERE' https://my.sub.domain.tld/api/v1/domains

            {
  "domains": [
    {
      "domain": "sub.domain.tld",
      "zoneName": "sub.domain.tld",
      "provider": "route53",
      "config": {}
    }
  ]
}

            Any ideas? Im sure Im just not constructing the call correctly.

            girishG 2 Replies Last reply
            0
            • P prusaman

              @girish Im getting the following:

              curl -k -X PUT -H 'Content-Type: application/json' -H 'Authorization: Bearer APIKEYHERE' --data '{"domain":"sub.domain.tld","zone": "sub.domain.tld","provider":"route53","config": {"accessKeyId":"AKIA","secretAccessKey":"XXXXX"},"tlsConfig":{ "provider":"letsencrypt-prod","wildcard":true }}' https://my.sub.domain.tld/api/v1/domains/sub.domain.tld

              <!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Error</title>
</head>
<body>
<pre>Cannot PUT /api/v1/domains/sub.domain.tld</pre>
</body>
</html>

              But I get the following with:

              curl -k -X GET -H 'Content-Type: application/json' -H 'Authorization: Bearer APIKEYHERE' https://my.sub.domain.tld/api/v1/domains

              {
  "domains": [
    {
      "domain": "sub.domain.tld",
      "zoneName": "sub.domain.tld",
      "provider": "route53",
      "config": {}
    }
  ]
}

              Any ideas? Im sure Im just not constructing the call correctly.

              girishG Offline
              girishG Offline
              girish
              Staff
              wrote on last edited by
              #8

              @prusaman Looks correct to me, but have you tried curl -X POST instead?

              P 1 Reply Last reply
              0
              • girishG girish

                @prusaman Looks correct to me, but have you tried curl -X POST instead?

                P Offline
                P Offline
                prusaman
                wrote on last edited by
                #9

                @girish Documentation specifies PUT but yeah, tried POST as well.

                <!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Error</title>
</head>
<body>
<pre>Cannot POST /api/v1/domains/sub.domain.tld</pre>
</body>
</html>
                1 Reply Last reply
                0
                • P prusaman

                  @girish Im getting the following:

                  curl -k -X PUT -H 'Content-Type: application/json' -H 'Authorization: Bearer APIKEYHERE' --data '{"domain":"sub.domain.tld","zone": "sub.domain.tld","provider":"route53","config": {"accessKeyId":"AKIA","secretAccessKey":"XXXXX"},"tlsConfig":{ "provider":"letsencrypt-prod","wildcard":true }}' https://my.sub.domain.tld/api/v1/domains/sub.domain.tld

                  <!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Error</title>
</head>
<body>
<pre>Cannot PUT /api/v1/domains/sub.domain.tld</pre>
</body>
</html>

                  But I get the following with:

                  curl -k -X GET -H 'Content-Type: application/json' -H 'Authorization: Bearer APIKEYHERE' https://my.sub.domain.tld/api/v1/domains

                  {
  "domains": [
    {
      "domain": "sub.domain.tld",
      "zoneName": "sub.domain.tld",
      "provider": "route53",
      "config": {}
    }
  ]
}

                  Any ideas? Im sure Im just not constructing the call correctly.

                  girishG Offline
                  girishG Offline
                  girish
                  Staff
                  wrote on last edited by
                  #10

                  @prusaman said in Rotation of AWS IAM credentials:

                  curl -k -X PUT -H 'Content-Type: application/json' -H 'Authorization: Bearer APIKEYHERE' --data '{"domain":"sub.domain.tld","zone": "sub.domain.tld","provider":"route53","config": {"accessKeyId":"AKIA","secretAccessKey":"XXXXX"},"tlsConfig":{ "provider":"letsencrypt-prod","wildcard":true }}' https://my.sub.domain.tld/api/v1/domains/sub.domain.tld

                  I got the path wrong. Send POST request to https://my.sub.domain.tld/api/v1/domains/sub.domain.tld/config. I double checked that it works.

                  1 Reply Last reply
                  0
                  • girishG girish marked this topic as a question on
                  • girishG girish has marked this topic as solved on
                  • P Offline
                    P Offline
                    prusaman
                    wrote on last edited by
                    #11

                    Getting:

                    {
  "status": "Bad Request",
  "message": "Failed to parse body"
}

                    Same command as above, changed from PUT to POST and sending request to https://my.sub.domain.tld/api/v1/domains/sub.domain.tld/config

                    Any ideas?

                    1 Reply Last reply
                    0
                    • P Offline
                      P Offline
                      prusaman
                      wrote on last edited by
                      #12

                      Ignore me. This was an issue with PowerShell apparently. If run from linux it works fine.

                      Thanks again

                      1 Reply Last reply
                      1
                      Reply
                      • Reply as topic
                      Log in to reply
                      • Oldest to Newest
                      • Newest to Oldest
                      • Most Votes

                      • Login
                      • Don't have an account? Register
                      • Login or register to search.
                      • First post
                        Last post
                      0
                      • Categories
                      • Recent
                      • Tags
                      • Popular
                      • Bookmarks
                      • Search