AWS uses IAM roles and policies to grant permissions to launch EC2 instances and
update records in Route53. The IAM roles for the cluster manager and transfer nodes
require you to first configure policies, which are later attached to the role to manage
permissions for the role. The following describes how to create the Route53 IAM policy.
-
Go to IAM. Select Policies from
the Details sidebar.
-
Click Create Policy. Click Select
for the Create Your Own Policy option.
-
Name the new policy "atc-route53-policy".
-
Enter the following policy into the Policy Document
field.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"route53:ChangeResourceRecordSets",
"route53:ListResourceRecordSets"
],
"Resource": [
"arn:aws:route53:::hostedzone/TARGET_HOST_ZONE_ID"
]
},
{
"Effect": "Allow",
"Action": [
"route53:ListHostedZones"
],
"Resource": "*"
}
]
}
Note: Make sure to substitute TARGET_HOST_ZONE_ID with the
Route53 ID of your DNS Zone. This ID can be found in the details view of
your DNS Zone in the Route53 dashboard.
-
Click Create Policy.