certbot
Set up an IAM with "DNS Administrator" role.
If you want to use least privilege approach, use the following permissions:
- dns.changes.create
- dns.changes.get
- dns.managedZones.list
- dns.resourceRecordSets.create
- dns.resourceRecordSets.delete
- dns.resourceRecordSets.list
- dns.resourceRecordSets.update
Then export user's credentials.json
Install and run certbot.
pip3 install certbot-dns-google
Create certificates.
certbot certonly \
--config-dir ./config \
--work-dir ./work \
--logs-dir ./logs \
--agree-tos [email protected] \
--server https://acme-v02.api.letsencrypt.org/directory \
--dns-google \
--dns-google-propagation-seconds 120 \
--dns-google-credentials ./credentials.json \
-d 'PUT-YOUR-DOMAIN-HERE.com.'