This is a wrapper docker image because acme.sh requires both $AWS_ACCESS_KEY_ID
and $AWS_SECRET_ACCESS_KEY
to be set. It does not use the AWS API and therefore it cannot make use of IAM roles itself. So we use aws sts assume-role
to retrieve the credentials and then set them as environment variables prior to executing acme.sh
.
This wrapper docker image will be rendered obsolete one day soon. Keep an eye on either/both of these feature requests:
- acmesh-official/acme.sh#1238 (preferred)
- aws/aws-cli#1390
sudo docker run -it \
-e AWS_ROLE_ARN="arn:aws:iam::123456789:role/myrole" \
-e AWS_ROLE_NAME="myrole" \
seanscottking\acme.sh-with-aws-iam-role \
--issue --dns dns_aws -d mywebsite.mydomain.com