Route53 - AWS IAM Account Setup is confusing

[AlverezYari]

Cross Account Access
https://cert-manager.io/docs/configuration/acme/dns01/route53/#cross-account-access

ok... so what about normal same account access? This is overly confusing by jumping to the more advanced used case of cross account access before documenting a working simple one account setup & then moving to the newer:

https://cert-manager.io/docs/configuration/acme/dns01/route53/#eks-iam-role-for-service-accounts-irsa

...without explain how it slots in.. sounds like the cross account access is required setup before these instructions make sense so I assume that's a requirement? Yes, I know it is "best practices" to do it this way but its a jump for new users who are just trying to get the thing work and the whole page flow is confusing.

docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials

You have two options for the set up - either create a user or a role and attach that policy from above. Using a role is considered best practice because you do not have to store permanent credentials in a secret.

cert-manager supports two ways of specifying credentials:
explicit by providing a accessKeyID and secretAccessKey
or implicit (using metadata service or environment variables or credentials file.
cert-manager also supports specifying a role to enable cross-account access and/or limit the access of cert-manager. > Integration with kiam and kube2iam should work out of the box.

Ok so really there are three ways right? How does the 3d way interact with the first two? Does it? Maybe who knows? Let's just trial and error for 4 hrs today and see if we can figure it out!

[SgtCoDFish]

Thanks for raising this! I totally understand that our tutorials could use a bit of love. If you'd be willing to raise a PR with some improvements I'd happily take a look. Otherwise, I'll keep this in mind 😁