certbot-dns-aliyun icon indicating copy to clipboard operation
certbot-dns-aliyun copied to clipboard

Published 20 hours ago verified publisher icon tengattack

AliyunDNSFullAccess too wide

Open panhaoyu opened this issue 2 years ago • 5 comments

Hello, nice work.

A suggestion. AliyunDNSFullAccess is too wide, for I will provide the website access permission to others. Could you please check the minimum permission required?

I'm trying, and after finish, I will provide my experience here.

panhaoyu avatar May 07 '22 15:05 panhaoyu

You may need custom RAM policy like:

{
    "Version": "1",
    "Statement": [
        {
            "Action": "*",
            "Resource": "acs:alidns:*:*:domain/example.com",
            "Effect": "Allow"
        }
    ]
}

to limit access only for one domain.

tengattack avatar Feb 05 '23 05:02 tengattack

@tengattack need to add another statement:

{
    "Action": [
        "alidns:DescribeSiteMonitorIspInfos",
        "alidns:DescribeSiteMonitorIspCityInfos",
        "alidns:DescribeSupportLines",
        "alidns:DescribeDomains",
        "alidns:DescribeDomainNs",
        "alidns:DescribeDomainGroups"
    ],
    "Resource": "acs:alidns:*:*:*",
    "Effect": "Allow"
}

ref: https://help.aliyun.com/document_detail/61723.html

Igotit avatar May 11 '23 07:05 Igotit