Hacker News new | past | comments | ask | show | jobs | submit login

Why can't you do this safely with AWS? You can restrict the API key to write only to the zone _acme-challenge.<your domain>.



Smart way to do it, but it will set you back $0.5/month. You can likely do it cheaper with Lambda and API Gateway, but you'll have to invent the secret sauce yourself.

I'm always a little surprised when there are short comings in IAM like that with route53 and records. It seems like a natural thing to be able to control, but for some reason you don't have resource level controls on hosted zones. It's all or nothing.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: