Menu
Can I restrict my AWS IAM Users to list only selected hosted zones that I would like them to see using AWS IAM Policies?
Suppose I have three hosted zones A, B & C and I would like to hide A from my AWS IAM Users. What changes I need to do in this policy -
{
"Statement":[{
"Effect":"Allow",
"Action":["route53:GetHostedZone",
"route53:ListResourceRecordSets"],
"Resource":"arn:aws:route53::123456789012:change/*"
},
{
"Effect":"Allow",
"Action":,
"Resource":"*"
}
]
}
594
A private hosted zone is a container for records for a domain that you host in one or more Amazon virtual private clouds (VPCs). You create a hosted zone for a domain (such as example.com), and then you create records to tell Amazon Route 53 how you want traffic to be routed for that domain within and among your VPCs.
There are two types of hosted zones: Public hosted zones contain records that specify how you want to route traffic on the internet. For more information, see Working with public hosted zones. Private hosted zones contain records that specify how you want to route traffic in an Amazon VPC.
Public hosted zones with the same name in two accountsYou can create more than one hosted zone with the same name and add different records to each hosted zone. Route 53 assigns four name servers to every hosted zone, and the name servers are different for each hosted zone.
You can use AWS Identity and Access Management (IAM) identity-based policies and Amazon Simple Storage Service (Amazon S3) bucket policies to deny or control access to AWS resources.
Give this a try:
arn:aws:route53:::hostedzone/YOURHOSTEDZONEID
where YOURHOSTEDZONEID is replaced with your hosted zone id.
Add each hosted zone as a separate resource to which your IAM users should be allowed access.
See also: https://serverfault.com/questions/364264/how-do-i-determine-the-arn-of-my-amazon-route53-hosted-zone
135
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
