From 00985c32e6dcb7e3baf43c9bc4662c54d6f04d24 Mon Sep 17 00:00:00 2001
From: Iain Learmonth <irl@sr2.uk>
Date: Wed, 3 May 2023 14:49:07 +0100
Subject: [PATCH] docs(config): adds aws setup instructions to docs

---
 docs/admin/external.rst | 54 +++++++++++++++++++++++++++++++++++------
 1 file changed, 47 insertions(+), 7 deletions(-)

diff --git a/docs/admin/external.rst b/docs/admin/external.rst
index 0447da6..fbb9cc0 100644
--- a/docs/admin/external.rst
+++ b/docs/admin/external.rst
@@ -6,19 +6,59 @@ Overview
 
 In order to deploy the circumvention resources, the following providers can be used:
 
-+------------+-----+-------+---------+----------------+-----+
-| Resource   | AWS | Azure | Hetzner | GandiCloud VPS | OVH |
-+============+=====+=======+=========+================+=====+
-| Web Proxy  | ✅  | ✅    | ❌      | ❌             | ❌  |
-+------------+-----+-------+---------+----------------+-----+
-| Tor Bridge | ✅  | ❌    | ✅      | ✅             | ✅  |
-+------------+-----+-------+---------+----------------+-----+
++------------+-----+-------+---------+---------+----------------+-----+
+| Resource   | AWS | Azure | Fastly  | Hetzner | GandiCloud VPS | OVH |
++============+=====+=======+=========+=========+================+=====+
+| Web Proxy  | ✅  | ✅    | ✅      | ❌      | ❌             | ❌  |
++------------+-----+-------+---------+---------+----------------+-----+
+| Tor Bridge | ✅  | ❌    | ❌      | ✅      | ✅             | ✅  |
++------------+-----+-------+---------+---------+----------------+-----+
 
 Circumvention resource lists can be distributed via:
 
 * AWS S3
 * GitHub
 * GitLab
+* HTTP POST
+
+AWS
+---
+
+Configuring AWS will require an
+`IAM account <https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.html>`_
+with programmatic access.
+As the portal may deploy resources using many AWS services it is currently
+It is recommended that a dedicated account is used for the deployement of portal managed resources.
+The dedicated account may be part of an existing AWS organisation.
+
+.. code-block:: yaml
+
+   # Amazon Web Services
+   AWS_ACTIVATED: true
+   AWS_ACCESS_KEY: AKIAIOSFODNN7EXAMPLE
+   AWS_SECRET_KEY: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
+
+Route 53
+^^^^^^^^
+
+Some resources that can be deployed via the portal, e.g. mirrors, rely on DNS names to map internal connections.
+These DNS names are only used within AWS and are never accessed directly by end users.
+A registered domain must be used for this purpose.
+
+Once a domain name has been registered,
+`create a hosted zone <https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/CreatingHostedZone.html>`_
+within Route 53.
+Ensure that the domain registrar is updated to point to the Route 53 nameservers.
+Optionally, enable DNSSEC to improve the security of the hosted zone.
+Add the domain name, including the terminating period, to the configuration for the portal:
+
+.. code-block:: yaml
+
+   SMART_ZONE: example.com.
+
+.. warning::
+
+   Do not create any other records on this domain manually as these may conflict with names created by the portal.
 
 GitHub
 ------