Creating the Route 53 IAM Role

AWS uses IAM roles and policies to grant permissions to launch EC2 instances and update records in Route 53. The IAM roles for the cluster manager and transfer nodes require you to first configure policies, which are later attached to the role to manage permissions for the role. The following describes how to create an IAM role to grant the Cluster Manager the permissions to access EC2 and Route 53.

This IAM role requires that the following policy has already been configured: atc-route53-policy

Go to IAM. Select Roles from the Details sidebar.
Click Create New Role.
Name the role "atc-route53".
Click Select for Amazon EC2.
Select the following policy and attach it to the role: atc-route53-policy.
Click Next Step, then Create Role.

Specify that the atc-route53 role can launch other instances with the atc-route53 role.

Click the newly created role and click Edit Trust Relationship. Add the following line to the policy:

"AWS": "arn:aws:iam::YOUR_AWS_ACCOUNT_ID:role/atc-route53"

Here is an example of the final policy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "",
            "Effect": "Allow",
            "Principal": {
                "Service": "ec2.amazonaws.com",
                "AWS": "arn:aws:iam::YOUR_AWS_ACCOUNT_ID:role/atc-route53"
            },
            "Action": "sts:AssumeRole"
        }
    ]
}