From b07d1eabee27cb0d9e6d91ca4ab14bc3813587c4 Mon Sep 17 00:00:00 2001
From: simplesteph <stephane.maarek@gmail.com>
Date: Wed, 28 Sep 2016 11:19:18 +1000
Subject: [PATCH 1/2] added option to provide profile names or aws credentials
 to the script

---
 README.md          |  6 ++++++
 letsencrypt-aws.py | 32 ++++++++++++++++++++++++++++++--
 2 files changed, 36 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index af9eb35..aa15a70 100644
--- a/README.md
+++ b/README.md
@@ -81,6 +81,12 @@ useful for production environments.
 If your certificate is not expiring soon, but you need to issue a new one
 anyways, the `--force-issue` flag can be provided.
 
+If you would like to specify a profile to use (see http://boto3.readthedocs.io/en/latest/guide/configuration.html),
+provide the profile name with the `--profile-name` argument.
+
+If you would like to specify an aws keys (see http://boto3.readthedocs.io/en/latest/guide/configuration.html),
+provide them with the `--aws-access-key-id`, `--aws-secret-access-key`, and the optional `--aws-session-token` arguments.
+
 If you're into [Docker](https://www.docker.com/), there is an automatically
 built image of `letsencrypt-aws` available as
 [`alexgaynor/letsencrypt-aws`](https://hub.docker.com/r/alexgaynor/letsencrypt-aws/).
diff --git a/letsencrypt-aws.py b/letsencrypt-aws.py
index 0fb5a71..67881d3 100644
--- a/letsencrypt-aws.py
+++ b/letsencrypt-aws.py
@@ -481,14 +481,42 @@ def cli():
         "expiration."
     )
 )
-def update_certificates(persistent=False, force_issue=False):
+@click.option(
+    "--aws-access-key-id", type=str, help=(
+        "Specify an aws access key id (must use --aws-secret-access-key as well)"
+    )
+)
+@click.option(
+    "--aws-secret-access-key", type=str, help=(
+        "Specify an aws secret access key (must use --aws-secret-access-key as well)"
+    )
+)
+@click.option(
+    "--aws-session-token", type=str, help=(
+        "Optional AWS session token (must use both --aws-secret-access-key and --aws-secret-access-key as well)"
+    )
+)
+@click.option(
+    "--profile-name", type=str, help=(
+        "Specify a profile to use for Boto. See http://boto3.readthedocs.io/en/latest/guide/configuration.html for more information"
+    )
+)
+def update_certificates(persistent=False, force_issue=False, profile_name=None,
+                        aws_access_key_id=None, aws_secret_access_key=None, aws_session_token=None):
     logger = Logger()
     logger.emit("startup")
 
     if persistent and force_issue:
         raise ValueError("Can't specify both --persistent and --force-issue")
 
-    session = boto3.Session()
+    if aws_access_key_id or aws_secret_access_key or aws_session_token:
+        if aws_access_key_id is None or aws_secret_access_key is None:
+            raise ValueError("You need to provide both --aws-access-key-id and --aws-secret-access-key")
+
+    session = boto3.Session(profile_name=profile_name,
+                            aws_access_key_id=aws_access_key_id,
+                            aws_secret_access_key=aws_secret_access_key,
+                            aws_session_token=aws_session_token)
     s3_client = session.client("s3")
     elb_client = session.client("elb")
     route53_client = session.client("route53")

From fab3eba3c74c4928b3d76f0482e23890efe340b6 Mon Sep 17 00:00:00 2001
From: simplesteph <stephane.maarek@gmail.com>
Date: Wed, 28 Sep 2016 11:29:06 +1000
Subject: [PATCH 2/2] reduced line length to pass travis CI

---
 letsencrypt-aws.py | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/letsencrypt-aws.py b/letsencrypt-aws.py
index 67881d3..71ecbad 100644
--- a/letsencrypt-aws.py
+++ b/letsencrypt-aws.py
@@ -483,26 +483,30 @@ def cli():
 )
 @click.option(
     "--aws-access-key-id", type=str, help=(
-        "Specify an aws access key id (must use --aws-secret-access-key as well)"
+        "Specify an aws access key id (must also use --aws-secret-access-key)"
     )
 )
 @click.option(
     "--aws-secret-access-key", type=str, help=(
-        "Specify an aws secret access key (must use --aws-secret-access-key as well)"
+        "Specify an aws secret access key (must also use --aws-access-key-id)"
     )
 )
 @click.option(
     "--aws-session-token", type=str, help=(
-        "Optional AWS session token (must use both --aws-secret-access-key and --aws-secret-access-key as well)"
+        """Optional AWS session token
+           (must use both --aws-secret-access-key and --aws-access-key-id)"""
     )
 )
 @click.option(
     "--profile-name", type=str, help=(
-        "Specify a profile to use for Boto. See http://boto3.readthedocs.io/en/latest/guide/configuration.html for more information"
+        """Specify a profile to use for Boto.
+           See http://boto3.readthedocs.io/en/latest/guide/configuration.html
+           for more information"""
     )
 )
-def update_certificates(persistent=False, force_issue=False, profile_name=None,
-                        aws_access_key_id=None, aws_secret_access_key=None, aws_session_token=None):
+def update_certificates(persistent=False, force_issue=False,
+                        profile_name=None, aws_access_key_id=None,
+                        aws_secret_access_key=None, aws_session_token=None):
     logger = Logger()
     logger.emit("startup")
 
@@ -511,7 +515,8 @@ def update_certificates(persistent=False, force_issue=False, profile_name=None,
 
     if aws_access_key_id or aws_secret_access_key or aws_session_token:
         if aws_access_key_id is None or aws_secret_access_key is None:
-            raise ValueError("You need to provide both --aws-access-key-id and --aws-secret-access-key")
+            raise ValueError("""You need to provide both --aws-access-key-id
+                                and --aws-secret-access-key""")
 
     session = boto3.Session(profile_name=profile_name,
                             aws_access_key_id=aws_access_key_id,