#! /bin/bash
#
# Creates an AWS user that can create DNS entries for lets encrypt wildcard certificates

aws iam create-policy --policy-name letsencrypt-wildcard --policy-document file://json/letsencrypt-wildcard.json
LE_POLICY_ARN=$(aws iam list-policies --output json --query 'Policies[*].[PolicyName,Arn]' --output text | grep letsencrypt-wildcard | awk '{print $2}')
aws iam create-group --group-name letsencrypt-wildcard
aws iam attach-group-policy --policy-arn ${LE_POLICY_ARN} --group-name letsencrypt-wildcard
aws iam create-user --user-name letsencrypt-wildcard
aws iam add-user-to-group --user-name letsencrypt-wildcard --group-name letsencrypt-wildcard
aws iam create-access-key --user-name letsencrypt-wildcard

#Now on the k8s server, run:
#AWS_ACCESS_KEY_ID=your-access-id
#AWS_SECRET_ACCESS_KEY=your-access-secret
#echo ${AWS_SECRET_ACCESS_KEY} > password.txt
#kubectl create secret generic aws-route53-creds --from-file=password.txt -n cert-manager
#rm -f password.txt