Setup your AWS Route53 DNS API credentials
To use the AWS Route53 DNS API, you need to setup your API key and authentication secret:
Sign in to your AWS IAM console: https://console.aws.amazon.com/iam/home
Add a new user (e.g. 'certifydnsadmin')
- Enable Programmatic access,
- Create a user Group if you don't already has a group.
- You can either allow all permissions:
- Allow AmazonRoute53FullAccess for the group.
- Or restrict permission to the following actions:
- route53:ListHostedZones, route53:GetHostedZone, route53:ListResourceRecordSets, route53:ChangeResourceRecordSets, route53:GetChange
Here is an example JSON policy:
- Under your new user details:
- Select Security Credentials > Create Access Key
Copy down your Access Key and Secret Access Key. You cannot recover the same secret after it has been displayed once.
Add New Stored Credential
Now add a new Stored Credential in Certify, choosing AWS Route53 DNS as the provider type, enter: - Your Access Key - Your Secret Key - Select Save.
When you use this credential for a Managed Certificate you will also require your ZoneId for the specific hosted zone you are modifying.