Adds script and json to create an AWS user that can create DNS entries

For LE

aws/create_aws_user.sh

@@ -0,0 +1,19 @@
+#! /bin/bash
+#
+# Creates an AWS user that can create DNS entries for lets encrypt wildcard certificates
+
+aws iam create-policy --policy-name letsencrypt-wildcard --policy-document file://json/letsencrypt-wildcard.json
+LE_POLICY_ARN=$(aws iam list-policies --output json --query 'Policies[*].[PolicyName,Arn]' --output text | grep letsencrypt-wildcard | awk '{print $2}')
+aws iam create-group --group-name letsencrypt-wildcard
+aws iam attach-group-policy --policy-arn ${LE_POLICY_ARN} --group-name letsencrypt-wildcard
+aws iam create-user --user-name letsencrypt-wildcard
+aws iam add-user-to-group --user-name letsencrypt-wildcard --group-name letsencrypt-wildcard
+aws iam create-access-key --user-name letsencrypt-wildcard
+
+#Now on the k8s server, run:
+#AWS_ACCESS_KEY_ID=your-access-id
+#AWS_SECRET_ACCESS_KEY=your-access-secret
+#echo ${AWS_SECRET_ACCESS_KEY} > password.txt
+#kubectl create secret generic aws-route53-creds --from-file=password.txt -n cert-manager
+#rm -f password.txt
+

aws/json/letsencrypt-wildcard.json

@@ -0,0 +1,20 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": "route53:GetChange",
+            "Resource": "arn:aws:route53:::change/*"
+        },
+        {
+            "Effect": "Allow",
+            "Action": "route53:ChangeResourceRecordSets",
+            "Resource": "arn:aws:route53:::hostedzone/*"
+        },
+        {
+            "Effect": "Allow",
+            "Action": "route53:ListHostedZonesByName",
+            "Resource": "*"
+        }
+    ]
+}