Through AWS Internet Access Management (IAM) it’s possible to add people to manage all or parts of your AWS account. It takes just a few minutes to setup permissions, roles, and a new user but one item I battled to find was how to restrict the permissions of a certain user or group.
So, without further delay, here is the change that is needed to restrict permissions to a certain domain in IAM:
- Setup your new User and Permissions (and Roles if needed).
- From within Route 53 copy the Hosted Zone ID for the domain you want to allow access.
- From the IAM dashboard Create a new policy:
- Change the Hosted zone ID with your hosted zone ID which you want to restrict.
{
"Version": "2012-10-17",
"Statement":[
{
"Action":[
"route53:ChangeResourceRecordSets",
"route53:GetHostedZone",
"route53:ListResourceRecordSets"
],
"Effect":"Allow",
"Resource":[
"arn:aws:route53:::hostedzone/<Your zone ID>"
]
},
{
"Action":[
"route53:ListHostedZones"
],
"Effect":"Allow",
"Resource":[
"*"
]
}
]
}
No comments :
Post a Comment