22

I've got some machines which automatically update DNS in Route53. So far there are only two zones in Route53, and both of them are updated this way, so I have an IAM policy which says "blah blah blah, Resource: "*"" and everything is good. Now I want to add a third zone, and not let those machines mess it up - so I need to change the Resource: to something specific.

Amazon tells me this value that the resource specification

should follow the following format: arn:aws:route53:::<resource>/<id>. Multiple values are comma limited.

What I don't know is how to determine the values of <resource> and <id>. Where do I find those? I can see a "hosted zone ID" in the Route53 web GUI and assume it's related, but don't know exactly how.

2 Answers2

28

This is addressed in Controlling User Access with IAM, specifically in Route 53 ARNs:

Resource is either hostedzone or change, and ID is the ID of the hosted zone or the change.

The following are examples of a hosted zone ARN and a change ARN, respectively.

arn:aws:route53:::hostedzone/Z148QEXAMPLE8V
arn:aws:route53:::change/C2RDJ5EXAMPLE2

You can use wildcards (*) in place of the ID. [...]

The requested ID is listed in column Hosted Zone ID in the top level Hosted Zones summary of the Route 53 section within the AWS Management Console. Alternatively, you can list your hosted zones via an API call as usual (specifically GET ListHostedZones), and the response contains a respective Id element for each HostedZone element in turn.

Steffen Opel
  • 5,638
  • 37
  • 55
0

The <resource> is hostedzone. The reference documents call this a "Resource type".

The <id> is the "Hosted Zone ID" from the hosted zone details. The visual policy editor also calls this a "Resource id".

These are not to be confused with "Actions" or "Condition keys" which are not part of the ARN.

There is an excellent set of policy examples published in the Route 53 Developer Guide:

Using IAM policy conditions for fine-grained access control to manage resource record sets

Robert Chapin
  • 101
  • 2